The nonprofit organization Center for Internet Security (CIS) regularly releases security recommendations for operating systems and software.
Their CIS Apple macOS 10.13 Benchmark is for High Sierra, but most of the recommendations are relevant to Mojave as well. They categorize their recommendations into three categories, recognizing that some will negatively impact usability and perhaps aren’t necessary in most organizations either.
The benchmark has a neat list of shell commands to test your settings and change them. The best way to understand the recommendations is by flipping through them, reading the reasoning behind them and trying the commands.
Jamf has, in cooperation with CIS, created scripts to test and configure the recommendations. These were updated by Eirin McDonald in January 2019 for the latest set of recommendations, and can be found on the Jamf GitHub.
A good way to use these is by selecting the particular settings that work well and are relevant in your organization. Then make your own custom scripts and profiles, using what Jamf has supplied as a reference, implementing them in a targeted manner. Some are very useful as part of an initial configuration script.