The Calculus Crossroads of Policy Pyramid
April 3, 2023
Exploration of an unconventional approach to understanding and managing information security frameworks. By drawing parallels between the Policy Pyramid and the mathematical concepts of derivatives and integrals, a novel framework is proposed for analyzing the interrelationships between different layers of the security hierarchy. The blog introduces a modified Policy Pyramid incorporating claims, guidelines, and configurations, and demonstrates how applying calculus-inspired principles of derivation and integration can enhance the development and management of security policies, processes, and standards. The ultimate goal is to create a more comprehensive and effective approach to IT security management.
The Calculus Crossroads of Policy Pyramid
Factorial Separation of Duties for Modern AppSec Compliance
March 21, 2023
Explorating the concept of Factorial Separation of Duties (SoD) as a means to enhance security and efficiency in modern application development pipelines. By breaking down high-risk activities into smaller, manageable components, organizations can implement targeted security controls and reduce the likelihood of errors or breaches. Drawing on a compelling analogy to mountain climbing, highlighting the importance of careful planning, collaboration, and risk mitigation in achieving project success. The blog emphasizes the role of Factorial SoD in enabling effective collaboration between product managers, development, security, and operations teams, ultimately leading to faster and more secure software delivery.