I've been thinking about doing this for a while. I admire Stephen Covey and his book The Seven Habits of Highly Effective People. I have seen the book being used to manage huge companies and I think that the principals in the book are broad enough to be applied to pretty much anything including Information Security.
I think that the 7 Habits are already built into "Best Practice" already in most cases but this should allow us insight into why we need to do what we already do.
Do I run a highly effective Information Security Plan? I like to think that I am working on it. I also think I won't ever finish but going back to first principals is always a good idea.
I don't aim to rewrite the entire book, that would be pointless and quite illegal. I aim to use it merely as a guide.