Thanks Marco for pointing out HP's Security Handbook. It's a guide for securing an enterprise with a focus on identity management, proactive security management, and trusted infrastructures.
One section worth pointing out is in Chapter 1 on Governance where they define the differences between corporate governance, security governance and IT governance. I find that people often use these interchangeably or confuse the regulation-of or solution-for one with another.
I also like the section later in this chapter which suggests a move to continuous, real-time assurance or continuous compliance -- what I (and others) have previously referred to as creating a culture of compliance. Identity Management gets an entire chapter. And there's a glossary and appendices that cover topics such as IPsec-over-L2TP, placement of a reverse proxy server, and the difference between TACACS+ and DIAMETER. Good Stuff.