I am constantly searching for best practices and security checklists on the internet for Microsoft SQL Server. One day I came across a gem, a godsend of sort; Department Of Defense Generic Database Security Checklist. It applies to SQL Server, Oracle, DB2 and any other RDMS. If this checklist is good enough for DOD, I would think it would apply to my databases as well, no? This security checklist along with other security checklists ranging from Active Directory, Network Security, Apache Server, Linux, VMWare and even Mainframe can be found at http://iase.disa.mil/stigs/stig/index.html. You may also subscribe to their mailing list and receive notifications when a new checklist is available http://iase.disa.mil/help/mailing-list.html.