[liberationtech] Designing the best network infrastructure for a Human Rights NGO

[anonymous2013 at nym.hush.com]

Hi, 
We are a human rights NGO that is looking to invest in the best 
possible level of network security (protection from high-level 
cyber-security threats, changing circumvention/proxy to protect IP 
address etc, encryption on endpoints and server, IDS/Physical and 
Software Firewall/File Integrity Monitoring, Mobile Device 
Management, Honeypots) we can get for a our internal network. I was 
wondering if people would critique the following network, add 
comments, suggestions and alternative methods/pieces of software. 
(Perhaps if it goes well we could make a short paper out of it, for 
others to use.)

-Windows 2012 Server
-VMWare virtual machines running Win 8 for remote access
-Industry standard hardening and lock down of all OS systems.
-Constantly changing proxies
-PGP email with BES
-Cryptocard tokens
-Sophos Enterprise Protection, Encryption and Patch management
-Sophos mobile management
-Encrypted voice calls for mobile and a more secure alternative to 
Skype via Silent Circle.
-TrueCrypt on all drives - set to close without use after a 
specific time
-Easily controlled kill commands
-False and poison pill files
-Snort IDS
-Honeypots
-Tripwire
-Cisco Network Appliance
-No wifi
-Strong physical protection in a liberal country as regards human 
rights

I know there are many other factors, good training, constant 
monitoring, avoiding spearfishing, penetration testing, etc but if 
possible I would please like to keep the conversation on the 
network design and software.

Thanks guys.
-Anon