10 Steps to Creating Your Own IT Security Audit
While information security does tend to have more technical elements than most aspects of NGO security (which can be a little intimidating to some people), the basics are grounded in common sense.
Here's a good article that lists 10 steps for performing your own IT security audit. It's fairly easy to read and and provides the fundamental questions to ask if you ever need to perform an IT-related security assessment. From doing computer security work for a number of years before becoming involved with the humanitarian community, I give the authors two thumbs up for covering most of the basics in a concise and easy to understand way.