I am looking for some Security tips / cookbook

The easier of the two is around general security and user roles. I understand the concept(s), but I am looking for best practices people follow for Knack... specifically if I have three roles - Administrator CRUD, User for CRU, and a Reader for just U - does anyone know of any articles that really help define some tips and tricks to building out all of your pages and logins as applicable.

The more difficult one is up one level, and building a Menu by that users Organization. Lets use CRM as an easy example and say I have Companies, Opportunities and Cases. I want Organization AAA to have only Companies and Opportunities, and Organization BBB to only have Companies and Cases. Any ideas on how to drive only those menu options by an Organization? ... Then throw in that the Organization may have roles of Admins, Users and Readers.

So any ideas on really great tips or cookbooks for how Security really works beyond just some basic KB articles? Thanks in advance for any response!!!