Australian DoD's top 35 mitigation strategies
I've written things like these in the past, in another professional context, and I could even replicate them here. But the weight would be different. The words could be similar, equivalent, they could even be the same, but the weight of an entity such as the Australian Department of Defence, would always be – it is – greater.
To keep it simple, I'm just going to leave this recommendation for professionals working in the area of information security, whether in the context of IT and security departments, whether in the context of audit and consulting services: Download the following documents, print them, read them, use the first one as a poster, and use the other ones as guides for implementing the recommended controls. The docs are:
Finally, two things: (i) These references didn't appear here by osmosis; I found them in an article by Roger Halbheer, Microsoft's Worldwide Chief Security Advisor; and (ii) The Australian DoD site contains more interesting stuff; you should go there every once in a while: dsd.gov.au/infosec.
Public service, once again, that I believe can be useful.