Scott Culp's 10 Immutable Laws of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore

Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more

Law #5: Weak passwords trump strong security

Law #6: A computer is only as secure as the administrator is trustworthy

Law #7: Encrypted data is only as secure as the decryption key

Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

Law #9: Absolute anonymity isn't practical, in real life or on the Web

Law #10: Technology is not a panacea

ref :

10 Immutable Laws of Security -

http://technet.microsoft.com/en-us/library/cc722487.aspx

Steve Lamb's Blog -

http://blogs.technet.com/steve_lamb/archive/2005/01/04/346400.aspx

5-Minute Security Advisor -

http://technet.microsoft.com/en-us/library/dd310373.aspx

Technet Security Articles -

http://technet.microsoft.com/en-us/library/dd310372.aspx