The US Government General Accounting Office
maintains a large repository of best practices for government agancies.
Many of these are also applicable to commercial organizations trying
to identify the best solution to their information security problems.
The Information Systems Audit and Control Association
maintains Control OBjectives for Information and related Technology.
This has become one of the most accepted sources in the world for
information security best practices.
The International Standards Organization publishes
standard 17799 (formerly British Standard 7799) for the management
of information technology.