[ via Reza Alirezaei ]
Fellow MVP Reza Alirezaei has written a great article that provides a systematic approach to securing SharePoint applications. What I like about this article is that Reza includes a well-written section on how to apply Threat Model Analysis to determine the appropriate level of protection for a given application. Then he proceeds to lay out the different tools and coding techniques we have at our disposal to deal with the threat.
This is such an important topic, I highly recommend reading this article and then add it to your offline collection to refer back to again and again. You can read the full article here:
http://www.microsoft.com/technet/community/columns/secmvp/sv0408.mspx