The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to
the categories of actions and investments that contribute to cyber security. The five
categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence,
and Offense. The continuum between the five categories helps visualize that not all
actions are static or easily defined. Understanding these interconnected categories that
contribute to cyber security helps individuals and organizations better understand the
purpose and impacts of their resource investments, establish a maturity model for their
security program, and break down cyber attacks to identify root cause analysis in a way
that encourages growth by defenders over time. The understanding of each phase helps
individuals and organizations understand that categories on the left hand side of the
scale build the appropriate foundation that make the other actions of the scale more
obtainable, useful, and less resource intensive. The goal should be to invest resources
starting on the left hand side of the scale and address those issues to achieve a proper
return on investment before allocating significant resources to the other categories.
This approach recognizes the increasing cost of success to adversaries facing properly
prepared organizations and empowers defenders to engage security in a manner that
evolves over time.
Read the paper at SANS Institute.