Here’s a new piece I wrote where I talk about one of the root causes of SQL Server security issues:
The ultimate SQL Server security faux pas: Overlooked systems
…along with some additional oversights:
Common oversights with SQL Server audits
…and, to top things off, some things you can do to lock down your database environment (SQL Server or not)
Meet compliance requirements with improved database security practices