Before discussing the general philosophy governing the practice of security, it behooves the reader to understand just what word means. I know that when I set about to interview some practitioners, the reaction was pretty much the same from all; that is, first a double-take, then a perplexed expression. You could see a quick gathering of thought as to how a philosophy would be expressed, and even "what was I asking?".
Webster's Ninth New Collegiate Dictionary provides a variety of definitions, the most practical of which, for our purposes, would be 1)the analysis of the grounds of and concepts expressing fundamental beliefs, and 2)the most general beliefs, concepts, and attitudes of an individual or group. Philosophy is also defined as the pursuit of wisdom, as well as a discipline comprising as its core logic, aesthetics, ethics, metaphysics, and epistemology. Except for aesthetics and metaphysics, logic, ethics, and epistemology are generally accepted definitions within the industry, whether or not the acceptance is intentional.
Security practitioners are always discussing philosophy. Association committees on ethical standards, seminars and task forces on standards, the various ways organizations conduct, business - all of these indicate a search for a particular philosophy. Therefore it is important to try to determine if there is a given industry philosophy, and just as importantly, how does that philosophy segue with your company's own philosophy of security management.