I thought everyone should take a look at this quick Micrsoft IIS 7.5 Best Practices article, it talks a little bit about security but mostly just what not to leave on was default. If you have any other sites or information you want to share, please comment!
http://adminspeak.wordpress.com/tag/iis-7-5-best-practices/