Here is the problem with recommending other security plugins. I see some very good ideas that are implemented very poorly (even if it is only a small portion of the coding in a plugin and the rest of the code is fine). So for that reason I will not mention or recommend them. ;)
You should install a Login protection plugin.
You should install SI CAPTCHA Anti-Spam.
You should have a backup plugin installed for disaster recovery.
Like I said I see some really good ideas in other security plugins, but I am a coder so I always look at a plugin's code first. ;)