While the book does have useful information, I'd also encourage people to read NIST publication 800-30 "Risk Management Guide for Information Technology Systems". I'd like it if the authors of "Threat Modeling" had learned a few things from that document -- it would have helped them improve their book and be more precise about the definitions of certain concepts.
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf or google for it: http://www.google.com/search?q=Risk+Management+Guide+800-30 - Jared
