I know I've probably asked this before, but we've got a bit of turmoil between our Network team and Information Security. Which Group should manage ISA? Our Network team is not security minded, have no interest in security and are not disciplined in any way. I know I may sound biased, but in Information Security we have had ISA Server 2000 running with Surf Control and no downtimes for about 2 years. It's constantly patched, updated (we currently have ISA Server 2004 in testing), logs reviewed, etc. Anyway, I got blindsided yesterday. The Network team feels it is more of a network device as opposed to a security device and want to take over administration. Our Director has asked that we prepare something that demonstrates where ISA should belong. So, I thought I would ask the experts. Side note - Unfortunately, we only use ISA as an authenticating proxy and limited firewall. The network team has yet to build ISA into their architecture.