provides hundreds of articies on IT security, risk, and audit. http://www.ffiec.gov/ffiecinfobase/index.html
is an information warehouse for the US banking regulators. There are several booklets on IT audit, information security, etc., as well as links to over a hundred regulatory issuances (OCC bulletins, FDIC's Financial Institution Letters, etc.) http://www.sans.org/index.php
. This is SANS' web site. Excerpt from their web site - "SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center." http://csrc.nist.gov/publications/nistpubs/index.html
. This is NIST's (National Institute of Standards an Technology) web site. They have numerous detailed publications / standards on IT risk and security.
Feel free to email me at firstname.lastname@example.org
if you need further references.