Security is one of those things that as the guy in charge of IT you know is important and yet there's just so many aspects of it you don't know where to start.
I think we've got patch scanning sorted out using a great product called HFNetChkPro. Just need some better reporting so we know when a new patch comes out and can push it to all machines.
My other concerns are general system vulnerabilities. Hopefully by keeping machines patched with MS patches we can reduce most of these but we use a lot of other apps that I'm pretty sure are well out of date.
I going to try an open source scanner called NESSUS later on as that scans right across the board.
Other areas I need to make sure are 100% covered are AntiVirus, Users and I'm sure there are more but can't think of them at the moment.