For question 1, we use Active Directory permissions groups to assign access to folders in SSRS (in Folder Settings -> Security). For instance, the Accounting AD group has access to the Accounting folder where their reports are deployed. Access needs to be assigned to all folders all the way up; it wasn't enough to assign the Accounting group access to the Acct folder; they also needed access to the overarching Home folder as well.

For question 2, you can assign security to a report, but I don't know of a way to restrict access to only parts of a report. The only way I can think of is to have multiple versions of the report tailored to each user, and then give that user alone access to their version (not an optimal solution). Perhaps others will know better.