I read this book from cover-to-cover so as not to miss any 'pearls of wisdom' that David has to share with his readers. One could just as naturally use this as a reference book.
Most information security books have a couple of chapters on people and information security, e.g. awareness/training, etc. Do not be deceived into thinking this book is just about 'educating' people about security, although clearly this is covered.
David effectivley turns upsidedown the subject of information security and talks about it in the organisational context that is driven by people. He pulls in organisational dynamics, cultures, politics, everything that can influence your effectiveness in any information security management role/project that you are involved in or driving. He places information security in a full context, i.e. the macro environment.
This book is not written in a theoretical style. It is written as though David Lacey is speaking with you direct, he writes as he speaks. This makes it easy to read.
I recommend this book to all professionals that practice information security management and even managers that are interested in the subject. It will stretch your mind, and answer many questions that you may have never thought to question or ask.