I actually am the IT sysadmin in charge of network security for a county network. My feeling is that each department head should set policies on how employees may "browse" the web. My only concern is blocking malware from suspect sites from infecting computers. I do not want to be a "net-nanny" as it is a total waste of time and current filters are far too general in blocking. My approach is to secure workstations by rights permissions and leave the browsing open, if department heads want to set policies on browsing that is thier right, and I will give them records, but beyond that I try to stay out of it. Our libraries do have to be filtered per State law, but it is vague on what has to be filtered so I set it for the obvious porn and leave it at that.