The Crossroads of Calculus and Policy Pyramid
We (the collective “we”) should have an integrated view of the various components of the Policy Pyramid in order to create a comprehensive framework for IT management.
So what can we take from mathematics to develop a better understanding of the interrelationships between the layers represented via the Policy Pyramid?
Calculus’ derivatives and integrals provides a crossroads of mathematics and cybersecurity that allows for the development of new solutions and perspectives to the challenges of information security. Derivatives and integrals are the two main concepts of calculus. Let’s focus on these two concepts and how they relate to the Policy Pyramid and take the following quote into consideration:
“A framework is a construct to formulate theories.” Carroll, Sean M. The Biggest Ideas in the Universe: Space, Time, and Motion. Dutton. September 20, 2022.
How do derivatives and integrals help us?
Let’s assemble a framework with the Policy Pyramid and derivatives and integrals. There are 6 orders, or levels, of derivatives. Starting with the 0th order derivative, we have the function itself. Let’s use position as the 0th order. The 1st order derivative would then be velocity, the 2nd order derivative would be acceleration, the 3rd order derivative would be jerk, the 4th order derivative would be snap, the 5th order derivative would be crackle, and the 6th order derivative would be pop.
This gives us 7 levels, using physics as our analogy.
Calculus |
---|
Movement |
Pop |
Crackle |
Snap |
Jerk |
Acceleration |
Velocity |
Position |
It’s not important to understand the physics of the derivatives, or the calculus, but it is important to understand the concept of derivatives and integrals are giving us. We can use derivation between layers of the Policy Pyramid as we move from the bottom to the top. We can use integration between layers of the Policy Pyramid as we move from the top to the bottom.
Let’s revisit the Policy Pyramid to work on understanding how we can use derivatives and integrals to help us.
The Policy Pyramid
The Policy Pyramid is a common information security concept within medium to enterprise-sized organizations. What can we take from mathematics to develop a better understanding of the interrelationships between concepts, relationships, and dependencies represented via the Policy Pyramid.
Note to reader: There are many pyramids out there with a policy layer or without and simply called a policy pyramid. The pyramid we will be using here has many common components as other pyramids but has been customized to fit the needs of the author. The pyramid is absolutely a great way to frame up the information security program and ways to handle ongoing challenges. Feel free to use it and I have found it to be a great tool for communicating with the business leaders.
The pyramid works well, but let’s go with the following pyramid for our working model (or framework). This pyramid model has been expanded to bring in additional , so we have layers of policy, process, standard and procedure. We can formulate theories and test them against this model.
Putting it All Together
Using our framing of calculus for the pyramid, we can then apply derivatives or derivation. We derive information for higher layers from lower layers. This means we integrate higher layer content into lower layers.
Ask yourself what you can derive from lower layers, and what you can integrate from higher layers. Also have a bit of fun with the fantastic naming of physics derivatives inspired by eating Rice Krispies. :)
Claim Pyramid | Calculus Orders |
---|---|
Claim | Pop |
Guideline | Crackle |
Policy | Snap |
Process | Jerk |
Standard | Acceleration |
Procedure | Velocity |
Configuration | Position |
Let’s leave it here for today. Derive from below, integrate from above.
We’ll pick up here in the our next session.
The Phenom Security Group