A useful article:
http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx
And this webcast:
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032263279&EventCategory=5&culture=en-us&CountryCode=US