IBM Center for the Business of Government, A Best Practices Guide to Information Security (Mar. 28, 2011) (full-text).
The authors first describe the most common problems related to front-line information security, and then provide solutions to each of these problems. This report can be used to evaluate an established program, or to set up a new one. These solutions alone will clearly not stop every threat facing organizations in the information security arena, but they go a long way in closing gaps over which organizations actually have some control. Significant results can be achieved at little or no cost, and can reduce security "noise" so that security professionals can focus on the larger and more dangerous threats that remain.