← Back to Blog
APRIL 3, 2023

The Calculus Crossroads of Policy Pyramid

An unconventional approach to understanding and managing information security frameworks by drawing parallels between mathematical concepts and policy structures.

We (the collective “we”) should have an integrated view of the various components of the Policy Pyramid in order to create a comprehensive framework for IT management.

So what can we take from mathematics to develop a better understanding of the interrelationships between the layers represented via the Policy Pyramid?

Calculus' derivatives and integrals provides a crossroads of mathematics and cybersecurity that allows for the development of new solutions and perspectives to the challenges of information security. Derivatives and integrals are the two main concepts of calculus.

“A framework is a construct to formulate theories.” - Carroll, Sean M. The Biggest Ideas in the Universe: Space, Time, and Motion. Dutton. September 20, 2022.

How do derivatives and integrals help us?

Let's assemble a framework with the Policy Pyramid and derivatives and integrals. There are 6 orders, or levels, of derivatives. Starting with the 0th order derivative, we have the function itself. Let's use position as the 0th order.

The 1st order derivative would then be velocity, the 2nd order derivative would be acceleration, the 3rd order derivative would be jerk, the 4th order derivative would be snap, the 5th order derivative would be crackle, and the 6th order derivative would be pop.

Calculus Orders (Physics Analogy)

Movement7th Order
Pop6th Order
Crackle5th Order
Snap4th Order
Jerk3rd Order
Acceleration2nd Order
Velocity1st Order
Position0th Order

The Policy Pyramid

The Policy Pyramid is a common information security concept within medium to enterprise-sized organizations. What can we take from mathematics to develop a better understanding of the interrelationships between concepts, relationships, and dependencies represented via the Policy Pyramid.

Traditional Policy Pyramid showing the hierarchy of policies, processes, standards, and procedures

Note: There are many pyramids out there with a policy layer or without and simply called a policy pyramid. The pyramid we will be using here has many common components as other pyramids but has been customized to fit the needs of the author.

The pyramid works well, but let's go with the following pyramid for our working model (or framework). This pyramid model has been expanded to bring in additional layers, so we have layers of policy, process, standard and procedure.

Enhanced Claim Pyramid with seven layers mapped to calculus derivatives, showing the relationship between organizational layers and mathematical concepts

Putting it All Together

Using our framing of calculus for the pyramid, we can then apply derivatives or derivation. We derive information for higher layers from lower layers. This means we integrate higher layer content into lower layers.

Ask yourself what you can derive from lower layers, and what you can integrate from higher layers. Also have a bit of fun with the fantastic naming of physics derivatives inspired by eating Rice Krispies. :)

Claim Pyramid ↔ Calculus Orders

ClaimPop
GuidelineCrackle
PolicySnap
ProcessJerk
StandardAcceleration
ProcedureVelocity
ConfigurationPosition

Derive from below, integrate from above.

We'll pick up here in our next session.

- The Phenom Security Group

Explore Advanced Frameworks

This research represents our innovative approach to security policy optimization. Contact us to learn how these frameworks can transform your organization's security posture.

Schedule Consultation →