The plethora of advice out there - some of it conflicting - makes it easy for you to get bogged down in the details and fail to see the proverbial forest for the trees.
Looking for a framework that boils it all down into a few key tenets? Check out this article over on Gideon Rasmussen's blog. It's a great overview to get you started, or to summarize for top management.
10 Golden Rules of Information Security
by Gideon T. Rasmussen, CISSP, CISA, CISM, CIPP