A job I recently landed had me configuring an ASA (a task I had never done before) and those books saved my ass
As far as best practice goes for ACLs, I've always found it easier to specify the traffic that you want to lock down first (server-to-server communications, ftp/ss/tftpldap/mysql/snmp/et) and then create a deny rule to lock it down, and then create some deny rules for traffic that you never want to pass (bittorrent/usenet). There are other features of the ASA that you should take time to learn as well, I could see the URL/Active X/Content filtering features being very handy in a school district, especially one that may not have the best security practices in place.
As an Amazon Associate, HardForum may earn from qualifying purchases.