Auto-sync: wiki-ingest 3 sources (2026-04-16)
This commit is contained in:
@@ -10,7 +10,7 @@ tags:
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 21_ Supply Chain Security in Micro Focus.mp4"
|
||||
audio-source: ""
|
||||
status: summarized
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 21 Supply Chain Security in Micro Focus
|
||||
@@ -19,7 +19,7 @@ status: summarized
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
**Status:** ✅ 已完成(Gemini 摘要)
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ tags:
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 24_ Micro Focus Product Privacy Framework.mp4"
|
||||
audio-source: ""
|
||||
status: summarized
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 24 Micro Focus Product Privacy Framework
|
||||
@@ -20,7 +20,7 @@ status: summarized
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
**Status:** ✅ 已完成(Gemini 摘要)
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
---
|
||||
title: "CTP Topic 37 Secrets Certificates Management"
|
||||
title: CTP Topic 37 Secrets Certificates Management
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: "DevOps & SRE/07_Security"
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Secrets-Manager
|
||||
@@ -10,9 +10,9 @@ tags:
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4"
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 37 Secrets Certificates Management
|
||||
@@ -27,7 +27,16 @@ status: raw
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
> ## Secrets Management
|
||||
|
||||
This session covers secrets management, including the tools and methods for managing digital authentication credentials, secrets, passwords, keys, APIs, and tokens for application services, privileged accounts, and other sensitive parts of the IT ecosystem. The cloud transformation program requires standardization of secrets management as workloads move to the public cloud. In March 2022, CCLE was assigned to explore Micro Focus use cases and evaluate potential secrets management solutions.
|
||||
|
||||
The evaluation included AWS Secrets Manager, HashiCorp Vault, and Micro Focus PAM by CyberArk. AWS Secrets Manager is a managed service with built-in integration for AWS RDS, Redshift, and DynamoDB, supporting high availability and DR, with costs based on usage. HashiCorp Vault (Enterprise version) is self-hosted, cloud vendor agnostic, and supports on-demand dynamic secrets and embedded signing of certificates, with costs based on the number of users. Micro Focus PAM was found to require significant investment to be competitive and was not pursued due to a lack of investment plans.
|
||||
|
||||
*We've started a pilot with AWS Secrets Manager, which lasted 30 days.* The pilot phase included HashiCorp Vault and AWS Secrets Manager. The HashiCorp Vault pilot used the freeware version and found it lacking in enterprise capabilities like high availability and multi-tenancy. The AWS Secrets Manager pilot validated out-of-the-box features and identified missing features such as SSH key rotation and user integration password rotation. *AWS Secrets Manager is easy and simple to implement.*
|
||||
|
||||
AWS Secrets Manager was chosen as the secrets management solution for Micro Focus. The implementation phase involves removing clear text passwords and keys from CI/CD processes, starting with Control Tower. The process includes centralizing secrets in Secrets Manager, cleaning repositories, and automating secret retrieval. AWS manages secrets at the account level, which can reduce costs and increase security.
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
---
|
||||
title: CTP Topic 37 Secrets Certificates Management
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Secrets-Manager
|
||||
- Certificates
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# CTP Topic 37 Secrets Certificates Management
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 37_ Secrets _ Certificates Management.mp4`
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
|
||||
---
|
||||
|
||||
## 关键概念
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 行动项
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 相关视频
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: CTP Topic 49 Container Lifecycle Hardening Standards
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- Container
|
||||
- Security
|
||||
- Hardening
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# CTP Topic 49 Container Lifecycle Hardening Standards
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 49_ Container Lifecycle Hardening Standards.mp4`
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
|
||||
---
|
||||
|
||||
## 关键概念
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 行动项
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 相关视频
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
@@ -1,17 +1,17 @@
|
||||
---
|
||||
title: "CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)"
|
||||
title: CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: "DevOps & SRE/07_Security"
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- Security
|
||||
- CSPM
|
||||
- 3LoD
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4"
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)
|
||||
@@ -26,7 +26,20 @@ status: raw
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
> ## Three Lines of the Fence Framework and Cloud Security Posture Management
|
||||
|
||||
Coyote, Head of Enterprise Application Security, discussed the three lines of defense model and cloud security posture management. The three lines of defense model was approved by ELT mid-year and serves as the organization's go-to model.
|
||||
|
||||
The previous fragmented security models with multiple security teams and policies led to an audit that recommended a better framework for clear roles and responsibilities. The first line of defense is the business units, responsible for implementing and managing security controls in their areas. The second line is the group's office, responsible for policies, incident response, and cyber tooling, acting as advisors to the first line. The third line involves auditing to ensure the first and second lines are compliant, providing assurance to the business. *The key organization drivers are regulatory compliance, centralized platform, cloud migration, baseline controls, and greater security response coverage.*
|
||||
|
||||
Key organizational drivers include regulatory compliance, a centralized platform, cloud migration, baseline controls, and improved security response. Work streams implemented as a result include policy review and consolidation, incident response engagement, development of cybersecurity risk and control metrics, cybersecurity tools review, and security architecture standards and patterns. The cloud architecture pattern aims to be agnostic, reusable, and applicable across AWS, Azure, and GCP environments, developed with input from BU leads.
|
||||
|
||||
Cloud security posture management (CSPM) addresses siloed management and the lack of a central view of public cloud security posture, which led to incidents and prolonged response times. A CSPM should consolidate misconfigurations from multiple cloud accounts into a single platform, provide compliance framework views (CIS, NIST, ISO), and allow custom policies. Core features include discovery, monitoring, assessment, and protection. Cloud Guard was selected after a POC of two vendors.
|
||||
|
||||
Cloud Guard's core features include posture management, asset management, network configuration exploration, event management, identity management, and intelligence. *Cloud Guard provides the ability to assess the compliance of public cloud accounts.* It uses built-in and custom rule sets, manages assets in onboarded cloud environments, visualizes network policies, and offers in-depth views of security groups. The system also provides intelligence by ingesting cloud trail logs and applying rules to detect anomalies and potential issues.
|
||||
|
||||
New accounts are onboarded into Cloud Guard as part of the creation process, ensuring comprehensive coverage and application of relevant rulesets. The organization is working to improve prevention rates by enforcing rules and enhancing visibility, aiming to minimize the gap between deviations and corrections. The speaker also addressed questions about log aggregation, the decommissioning of CCYE guard rails, and how teams are adapting to alerts from the CSPM.
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- Security
|
||||
- CSPM
|
||||
- 3LoD
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4`
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
|
||||
---
|
||||
|
||||
## 关键概念
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 行动项
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 相关视频
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
@@ -1,17 +1,17 @@
|
||||
---
|
||||
title: "CTP Topic 55 AWS Firewall Manager"
|
||||
title: CTP Topic 55 AWS Firewall Manager
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: "DevOps & SRE/07_Security"
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Firewall-Manager
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4"
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 55 AWS Firewall Manager
|
||||
@@ -26,7 +26,29 @@ status: raw
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
> ## AWS Firewall Manager
|
||||
|
||||
AWS Firewall Manager is a management service to centrally configure firewall rules and security rules across accounts and applications within organizations. It provides a dashboard view of compliant and non-compliant resources, with options for auto-remediation. It offers features for WAF, network firewall, and AWS Shield, with a focus on managing security groups.
|
||||
|
||||
The primary reasons for adopting Firewall Manager in Grand Torque Landing Zone are to address the challenges of managing security policies across multiple landing zones (RLABS, R&D, SAS, CAT) with varying security requirements. Initially, LAPS Landing Zone used Checkpoint Firewall with wide-open security group rules. However, the production SAS Landing Zone, which serves external customers via public subnets, necessitated additional security rules to protect against traffic not scanned by Checkpoint. *We have gone through these policies and we come up with some baseline security groups.*
|
||||
|
||||
The rollout process involves creating security group policies in the Firewall Manager account, specifying the target accounts or OUs, and applying the baseline security groups to existing and new instances. This approach centralizes management, reduces the time spent rolling out security policies, and addresses issues related to shared services like QALIS, which scans instances in product accounts. Firewall Manager uses AWS Config and Lambda to trigger events and enforce policies.
|
||||
|
||||
There are three types of firewall security policies:
|
||||
* **Common security groups:** Attaches baseline security groups while allowing product teams to add their own.
|
||||
* **Audit and enforcement security group rules:** Denies over-permissive rules, offering options for manual action or auto-remediation.
|
||||
* A third type cleans up unused redundant security groups.
|
||||
|
||||
Prerequisites for setting up Firewall Manager include administrator access within the OU and AWS Config enabled in all accounts. Security groups are created in specific VPCs and regions, and prefix lists are used to easily share and update rules across accounts using RAM (Resource Access Manager). *RAM is like it's a tool available within this AWS where you can specify or you can share your AWS resources to any other account that you wanted to specify.*
|
||||
|
||||
The Firewall Manager account is separate and not tied to any specific landing zone, enabling cross-landing zone deployment. A pipeline, such as the Atlantis server in the digital factory landing zone, is used to deploy changes to the Firewall Manager. The service manages security policies and can be used across different landing zones. The prefix list facilitates sharing security group rules.
|
||||
|
||||
For SAS landing zone accounts, all security groups will be applied as baseline security groups. Two security groups will be created in the policy: one for common shared prefix lists and another for allowing shared account CIDR to reach instances. Before rollout, product teams will be engaged to address any concerns.
|
||||
|
||||
Firewall Manager can also manage WAF rules, allowing for baseline rules to be rolled out from the Firewall Manager while letting product teams add additional rule sets.
|
||||
|
||||
A demo was conducted to show the creation of a common security group policy via Terraform and TerraGrant code, demonstrating how it attaches to EC2 instances automatically. The demo involved creating a security policy in the Firewall Manager account and associating it with a playground production account. The policy included a rule allowing SSH traffic. The security group was automatically attached to an existing EC2 server in the playground account. A new EC2 instance was created, and the security group was automatically attached to it as well. Deleting the policy in the Firewall Manager account automatically removed the security group from the instances.
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: CTP Topic 55 AWS Firewall Manager
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Firewall-Manager
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# CTP Topic 55 AWS Firewall Manager
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 55_ AWS Firewall Manager.mp4`
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
|
||||
---
|
||||
|
||||
## 关键概念
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 行动项
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 相关视频
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
@@ -1,17 +1,17 @@
|
||||
---
|
||||
title: "CTP Topic 62 AWS Secrets Manager"
|
||||
title: CTP Topic 62 AWS Secrets Manager
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: "DevOps & SRE/07_Security"
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Secrets-Manager
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4"
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# CTP Topic 62 AWS Secrets Manager
|
||||
@@ -26,7 +26,20 @@ status: raw
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
> ## AWS Secrets Manager
|
||||
|
||||
This session is a follow-up to a session held in July of the previous year. The presenters are Nurit and Daniel. The session covers a summary of the previous learning session, introduces the AWS Secrets Management Standard document, shares implementation opportunities, and provides GitHub links.
|
||||
|
||||
The previous session covered the journey of choosing a secrets management platform, with a POC phase for both HashiCorp Vault and AWS Secrets Manager. AWS Secrets Manager was chosen as the more cost-effective solution. *AWS Secrets Manager is easy and simple to implement.* Missing features can be developed in multiple languages. The next steps included removing clear text passwords and keys from the CI/CD process of Control Tower, sharing code and documentation, and providing an AWS Secrets Management standard document for managing Secrets.
|
||||
|
||||
The standard document started as a best practices document and became the standard document for Secrets Management in public cloud. It is based on the implementation done with Control Tower and is aligned with general best practices. The document covers how to use AWS Secrets Manager correctly, with a phased approach: centralize the Secrets, adjust automations to retrieve the Secrets, and then start with secret rotation. *With that idea, developers actually do not need to have direct access to their Secrets.* The document also outlines the advantages and drawbacks of using AWS Secrets Manager, including cost information, and provides recommendations for Lambda usage and opportunities for custom Secrets management solutions.
|
||||
|
||||
Implementation opportunities include improving Control Tower stacks, Oracle DB user password rotation for Control Tower Dev Database, and a POC for a centralized mail service to support send grid key rotation without application restart. The phase approach involves centralizing secrets, automating retrieval, and rotation. Daniel provides a deep understanding of how those opportunities were implemented. Centralizing and working with microservices helps with physical improvement, false isolation, program and language agnostic development, easier deployment, visibility, faster time to market, and the ability to experiment.
|
||||
|
||||
The Control Tower stacks were redesigned to centralize parameters and secrets, ensuring that all stacks use the same secret. The database team collaborated to improve password rotation, removing the need to send passwords via email. The new system grants access to the secret by roles through AWS credentials. The solution uses a Lambda function to connect to the Oracle instance and perform the rotation. The centralized email service of Sendgrid aims to solve the problem of multiple teams needing to rotate the Sendgrid API, which often requires code changes and application restarts. The proposed solution centralizes the SMTP service and rotation, offering the service to all teams. The solution involves rotating keys for Sangrid, with the ability to auto-rotate keys or escalate permissions. The SMTP service solution provides the SMTP server on port 1025, allowing accounts to consume the service without being aware of the backend.
|
||||
|
||||
Victor demoed logging into an Oracle database without knowing the password, using a JDBC wrapper and AWS SDK to retrieve secrets from Secrets Manager. The username is controlled by the role and access. Secrets can be tagged for classification and access control. AWS Secrets Manager does not require clients, unlike HashiCorp Vault.
|
||||
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: CTP Topic 62 AWS Secrets Manager
|
||||
type: cloud-learning
|
||||
source-type: video
|
||||
category: DevOps & SRE/07_Security
|
||||
tags:
|
||||
- AWS
|
||||
- Secrets-Manager
|
||||
- Security
|
||||
- CTP
|
||||
date-added: 2026-04-14
|
||||
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# CTP Topic 62 AWS Secrets Manager
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 62_ AWS Secrets Manager.mp4`
|
||||
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
|
||||
---
|
||||
|
||||
## 关键概念
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 行动项
|
||||
|
||||
-
|
||||
|
||||
---
|
||||
|
||||
## 相关视频
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
@@ -10,7 +10,7 @@ tags:
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4"
|
||||
audio-source: ""
|
||||
status: raw
|
||||
status: summarized (Gemini 摘要)
|
||||
---
|
||||
|
||||
# Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording
|
||||
@@ -23,28 +23,29 @@ status: raw
|
||||
|
||||
---
|
||||
|
||||
## 摘要
|
||||
## GIS Security Policies
|
||||
|
||||
> 待转录后由 LLM 生成
|
||||
The public Cloud Learning session on GIS security policies was presented by Mike and Ed from the Global Information Security Team (GIS). The session covered an overview of the teams in GIS and security policies.
|
||||
|
||||
---
|
||||
GIS is a pillared organization with classic security elements. Key teams include:
|
||||
|
||||
## 关键概念
|
||||
* Security Operations: Keeps the lights on and provides reassurance when issues arise.
|
||||
* Compliance: Facilitates certifications and ensures adherence to policies.
|
||||
* Governance, Risk, and Validation: Manages risk, oversees admin roles, and conducts quarterly reviews.
|
||||
* Privacy Group: A recent addition, still being integrated into the organization.
|
||||
|
||||
-
|
||||
Open Text uses a layered approach to security, collaborating with various teams to define *what* needs to be done, while working with other teams to determine *how*. The organization has a large compliance offering, certified across multiple industries and government entities. Certifications like FedRAMP enable sales into various verticals.
|
||||
|
||||
---
|
||||
To prove its claims, Open Text conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier. Red teaming exercises are also performed to evaluate the organization without prior knowledge. Advanced threat assessments and internal/third-party pen testing are regularly conducted. Customer audits are performed, sometimes leading to remediation activities.
|
||||
|
||||
## 行动项
|
||||
Tool components are used proactively to monitor environments, along with detection and threat hunting combined with threat intelligence and pen testing. The organization has a large SIM implementation, processing 225 billion log rugs monthly, triaging around 350 cases a month. Open Text leverages its own tools like BrightCloud as a feed into threat intelligence.
|
||||
|
||||
-
|
||||
Open Text's posture framework is based on ISO 27001, recently updated in 2022 with 11 new control aspects. The organization has a supporting library for its Global Information Security Policy (GISP), reviewed quarterly with leadership. Awareness of security is raised through communications and campaigns, focusing on continuous improvement and awareness.
|
||||
|
||||
---
|
||||
The overarching policy is the Global Information Security Policy, supported by various policies. Policies define *what* needs to be done, while providing flexibility for *how* it is implemented. Feedback is encouraged for continuous improvement.
|
||||
|
||||
## 相关视频
|
||||
A security awareness program includes monthly communications and fishing exercises. The focus is on how many people report suspicious activity. A team works with sales and legal to review customer requests, handling opportunities worth over $100 million a month. They also work on contractual wording to ensure realistic commitments. Presentations are given to customers to reassure them about Open Text's security maturity.
|
||||
|
||||
> 配对视频笔记链接(生成后填入)
|
||||
The speaker views policies as foundational elements, with operations, tools, and processes built on that framework. The GIS budget and procurement process is managed, along with M&A due diligence. An AI knowledge tool is being developed to provide easy access to policy information and customer responses. A risk organization is being overseen by the compliance area. A GIS Validations team performs access management and reviews. A privacy operations team is being integrated into governance and compliance areas. A business continuity team ensures awareness of global events that could impact Open Text employees.
|
||||
|
||||
---
|
||||
|
||||
*最后更新: 2026-04-14*
|
||||
The main services of the operations team include Cyber Response Center, Security Assurance, Threat Intelligence, Cloud Security, and Security Tools and Engineering. The compliance organization focuses on compliance program management, security roadmap, product risk assessments, continuous compliance and audit delivery, enablement and automation, and program delivery for federal authorizations.
|
||||
|
||||
@@ -1,24 +1,23 @@
|
||||
---
|
||||
title: "Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015 160257"
|
||||
title: "Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording"
|
||||
type: cloud-learning
|
||||
source-type: pptx
|
||||
source-type: video
|
||||
category: "DevOps & SRE/07_Security"
|
||||
tags:
|
||||
- OpenText
|
||||
- Security-Policies
|
||||
- GIS
|
||||
- Presentation
|
||||
date-added: 2026-04-14
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015_160257.pptx"
|
||||
video-source: "nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4"
|
||||
audio-source: ""
|
||||
status: raw
|
||||
---
|
||||
|
||||
# Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015 160257
|
||||
# Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording
|
||||
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies important information - 20241015_160257.pptx`
|
||||
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4`
|
||||
|
||||
**Type:** PPTX | **Category:** 07_Security
|
||||
**Type:** VIDEO | **Category:** 07_Security
|
||||
|
||||
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
||||
|
||||
Reference in New Issue
Block a user