A useful article:

http://msdn.microsoft.com/msdnmag/issues/05/06/SQLServerSecurity/default.aspx

And this webcast:

http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032263279&EventCategory=5&culture=en-us&CountryCode=US