I got an email on one of my lists this morning with the following:

After a year-long effort to conduct a thorough forensic analysis of Internet Information Services versions 4 through 6, I've recently released a 400-page e-book detailing my conclusions, findings, and security recommendations for administrators and programmers who work with IIS.
Here is the link to the zip file containing the E-Book: IIS Security and Programming Countermeasures

The zip contains a ton of graphics and the chapters as separate text files. The pictures are referenced in the text files, but don't show natively. I am not sure why the zip is packaged that way. It would probably work much better as a DOC or PDF with the graphics embedded or even as an HTML.

At any rate, I haven't read the 400 page doc yet so I can't attest to its accuracy or intelligence, but I thought I'd pass this on for any who may be interested.