"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." - Gene Spafford, Ph.D., Purdue CERIAS
Holistic InfoSec Philosophy
Holistic - relating to or concerned with wholes or with complete systems rather than with the analysis of, treatment of, or dissection into parts.[1]
Infosec - The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.[2]
Information security and assurance must be viewed holistically. No one service takes precedence or requires less scrutiny than any other. Servers, desktop PCs, network devices, web services, applications, code, policies and procedures...the list is endless. A lapse or weakness in any one can lead to a critical compromise of any other. From running Nessus against servers for vulnerability testing to running RAT against your routers to patching your Windows XP PCs to keeping policies current, they're all important and should all be viewed with heightened awareness.
Therefore, to define the philosophy of Holistic InfoSec.org would be to say this: A computing environment is the sum of many parts, a whole entity, and to secure it demands viewing it as a whole entity. A weakness in just one aspect of that environment has the propensity to compromise the environment as a whole. Assess it as a whole, analyze it as a whole, protect it as a whole.