2 A New Look At Information Security
3 The Four Virtues of Security
4 The Eight Rules of Security
5 Developing a Higher Security Mind
6 Making Security Decisions
7 Know Thyself & Know Thy Enemy
8 Practical Security Assessments
9 The Security Staff
10 Modern Considerations
11 The Rules in Practice
12 Going Forward
A Tips on Keeping Up-to-date
B Ideas for Training
C Additional Recommended Audit Processes
The book itself is a bit dated (2003) and various parts show that (Modern Considerations, Going Forward chapters) but the majority of the book narrows down to ideas and concepts that are done on a daily basis. The book should be read for chapters 3 and 4 alone. The four virtues and eight rules should resonate loud and clear- for any practitioner these are not new ideas but there's a lot to be said on clarifying, simplying, and breaking apart concepts used daily. For the newcomer, these virtues and rules truely dictate what should be internalized.
While a bit of Practical Security Assessments are a blatant selling of his companies software it still is refreshing to see down and dirty in-the-trenches suggestions on a potentially intimidating subject. The templates and suggestions put forth are truly a huge win for this book, are actionable and can be shimmed between existing processes allowing for a very good insight into technology deployment.
I don't have a star scale to go by because I'm not a book reviewer but I do recommend plowing through this in an evening or two. If anything the refreshing content will give you a new perspective of how mature your organization is (or isn't).