1. SSL across the board – entire site SSL
2. Have ISA do SSL termination and HTTP from ISA to MOSS
3. Split up content into Secure and Non-Secure and have individual host headers for each.
Last one is MS recommended approach per:
We do not recommend reusing the same IIS Web site for your HTTP and SSL hosting. Instead, extend a dedicated HTTP and a dedicated SSL Web site, each assigned to its own alternate access mapping zone and URLs.