"Inside the Security Mind" is another enlightening book on information security. You will not find any technical details here, but instead a broad overview of security. This book is geared more to the management types then anyone else with its lack of technical jargon and lines of sample code.
After reading this book you will have a large breadth of information security ideas and best practices. However, if you are looking for ways to harden your boxes right now you would be better off with a more hands on book such as "Real World Linux Security". Not that this is a bad thing as this book gives much better coverage on topics such as policies.
A nice feature about this book is, like all of the other security books, it lists different rules that one should follow. Mr. Day does however go on to illustrate practical applications of the rules. He realizes that security is only part of IT and that security must not only be the practice (and art) of securing information assets, but it must also not be a burden on the users using the systems or the administrators running them.
The book is overall a great work, but the best part at least for me was the appendix on security training. The biggest security challenge professionals find is usually the end user, and this book provides an outline for giving 25-minute classes to the users. This may seem like a short class for such an important topic, but think about what your organization does now for security training.
The next appendix on audit practices is also very good. In small companies and home offices it is not practical to have outside security auditors, however knowing how to conduct an audit yourself can be just as effective as long as you don't need to worry about conflicts of interest. When doing an audit, even an informal one, it can be quite handy to have a checklist and check them off as you are reviewing a system.