The podcast idea mentioned in the previous post is a good one. I use my commuting time to learn all kinds of skills - business "soft" skills, certifications (Prep Logic audio series or my own creations), and IT podcasts.
Another way understand best practices is to join a group such as a local 2600 club, ISACA meetings, and other professional and ametuer gatherings. I also like reading magazines such as SC Magazine, Information Security, and other "trade rags" to keep me in the loop on developing trends. Perhaps the best way to understand information security "best practices" is to work in the industry. I learn the most about best practices by working with people who have more experience and are smarter than me. That way the pressure to learn more is constant - and I've been in IT for over 15 years. Although I am a senior level person working in a large Fortune 500 bank in the information security department, I learn something new about IS "best practices" every day.
Master's of Science in Information Security, CISSP, ITIL-Foundations
Working on: CEH