Here is a recent article on voice, VoIP, UC security. 50 recommendations. All good stuff and things that people should be thinking about, but again, the issues that continue to affect enterprises are toll fraud, TDoS, harassing calls, social engineering/fraud, voice SPAM, etc. The article mentions some of this at the end, but puts it under Session Border Control - the problem with this is that these issues affect enterprises whether they are using TDM or SIP on the perimeter, and SBCs, even if they do try to address application level attacks, can only do it for SIP.
PS, the term SPIT should be banned. SPIT or voice SPAM comes into an enterprise (or consumer) over whatever trunking they use. Its not unique to Internet Telephony/VoIP. VoIP is used to generate it, but it isn't usually delivered over VoIP at the target.