A cookbook for how to do incedent handling and policies and practices necessary.  Suggested that this is a good place to start.

Get a copy for eval...

From the website:

OCTAVE is self-directed. A small team of people from the operational (or business) units and the IT department work together to address the security needs of the organization. The team draws on the knowledge of many employees to define the current state of security, identify risks to critical assets, and set a security strategy. 

Consider attending this conference

Notes on how to secure Apache servers

Review of a survey to Campus IT leaders on trends facing Universities.  Interesting that security & identity mgmt is highest on the list.  Also reviews other surveys from other publications such as the Chronicle, Gartner, and CIO...

Lets you create a DBI connection with parameters stored in a .ini style file. The password is stored encrypted.

This module is similar to DBIx::Password. The differences are that DBI connection parameters aren't stored as part of the module source code (but in an external .ini style file), and that this module lets you only one virtual user (i.e. one connection) per .ini file.

Like , this is a subclass of DBI, so you may call DBI function objects using DBIx::PasswordIniFile objects.

Don't you hate keeping track of database passwords and such throughout your scripts? How about the problem of changing those passwords on a mass scale? This module is one possible solution. When you go to build this module it will ask you to create virtual users. For each user you need to specify the database module to use, the database connect string, the username and the password. You will be prompted to give a name to this virtual user. You can add as many as you like.

SANS has received permission to provide sanitized security policies from a large organization. These policies were developed by a group of experienced security professionals with more than 80 years of combined experience in government and commercial organizations, and each policy went through a vigorous approval process. They should form a good starting point if you need one of these policies.

Some tips about these policies. Anything that is in <angle brackets> should be replaced with the appropriate name from your organization. The term “InfoSec” is used through out these documents to refer the team of people responsible for network and information security. Replaced with the appropriate group name from your organization. Any policy name that is in italics is a reference to a policy that is also available on this site.

Review of common thinking in security.  takes the stand that security is planned.  prevention is only necessary on un-planned for security applications and hosts.  may be useful as we move thru security implementation.

Sans is a better site, but this points to some good password generators