1. Configure systems, from the first day, with the most secure configuration that your business functionality will allow, and use automation to keep users from installing/uninstalling software
2. Use automation to make sure systems maintain their secure configuration, remain fully patched with the latest version of the software (including keeping anti-virus software up to date)
3. Use proxies on your border network, configuring all client services (HTTP, HTTPS, FTP, DNS, etc.) so that they have to pass through the proxies to get to the Internet
4. Protect sensitive data through encryption, data classification mapped against access control, and through automated data leakage protection
5. Use automated inoculation for awareness and provide penalties for those who do not follow acceptable use policy.
6. Perform proper DMZ segmentation with firewalls
7. Remove the security flaws in web applications by testing programmers security knowledge and testing the software for flaws.
http://www.sans.org/top20/#n1