---
title: "CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)"
type: source
tags: [Security, CSPM, 3LoD, CTP, Cloud-Security]
date: 2026-04-14
---

## Source File
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md]]

## Summary
- 核心主题：三道防线（3LoD）框架与云安全态势管理（CSPM）
- 问题域：企业云安全组织架构与统一安全态势管理
- 方法/机制：3LoD 框架明确角色职责，CSPM 统一监控多云账户安全配置
- 结论/价值：通过 Cloud Guard 实现跨云账户的安全配置集中监控与合规评估

## Key Claims
- 三道防线模型经 ELT 审批通过，成为组织标准安全框架
- CSPM 解决多云环境安全割裂问题，提供单一视图
- Cloud Guard 在账户创建时自动接入，确保全面覆盖

## Key Quotes
> "The three lines of defense model was approved by ELT mid-year and serves as the organization's go-to model." — Coyote, Head of Enterprise Application Security

> "CSPM should consolidate misconfigurations from multiple cloud accounts into a single platform, provide compliance framework views (CIS, NIST, ISO), and allow custom policies." — 核心需求

## Key Concepts
- [[Three-Lines-of-Defense]]：三道防线框架，第一道为业务单元，第二道为集团办公室，第三道为审计
- [[Cloud-Security-Posture-Management]]：云安全态势管理，持续监控云资源配置合规性
- [[Cloud-Guard]]：选中 CSPM 解决方案，提供态势管理、资产管理、网络配置探索、事件管理、身份管理

## Key Entities
- [[Coyote]]：Head of Enterprise Application Security，三道防线框架与 CSPM 方案主讲人

## Connections
- [[Three-Lines-of-Defense]] ← depends_on ← [[Regulatory-Compliance]]
- [[Cloud-Security-Posture-Management]] ← implements ← [[Cloud-Guard]]
- [[Cloud-Guard]] ← monitors ← [[Multi-Account-Cloud-Environment]]
- [[CTP-Topic-52]] ← part_of ← [[Public-Cloud-Learning-Sessions]]

## Contradictions
- 无冲突记录