Improving Web Application Security: Threats and Countermeasures includes the following How Tos, each of which shows you the steps to complete a specific security task:
How To: Implement Patch Management
How To: Harden the TCP Stack
How To: Secure Your Developer Workstation
How To: Use IPSec for Filtering Ports and Authentication
How To: Use the Microsoft Baseline Security Analyzer
How To: Use IISLockdown.exe
How To: Use URLScan
How To: Create a Custom Encryption Permission
How To: Use Code Access Security Policy to Constrain an Assembly