When it comes to staying on top of security issues for SQL Server, there’s no resource that I’m aware of that compares to the website http://www.sqlsecurity.com. It’s really exceptional! "Chip's Blog” on the home page keeps you up to date with all the latest happenings as they relate to security and SQL Server. And the FAQs are extremely good.
My favorite feature of the site is the Lockdown script, among many other free tools and utilities. The Lockdown script is a sort of open-source Transact-SQL script that closes off all the known security holes in SQL Server. Of course, that can also shut down a lot of default functionality. So I never run the script “as-is.” However, it’s an excellent tutorial in setting security permissions within a SQL Server environment. The script is updated as new issues are found, so it’s worth checking back often.
I hope you find this useful. Remember, “There’s no patch for stupidity!” It’s up to you to make your SQL Server secure.