--- title: "Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015" type: source tags: - OpenText - Security-Policies - GIS date: 2026-04-14 --- ## Source File - [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md]] ## Summary(用中文描述) - 核心主题:OpenText 全球信息安全团队(GIS)安全策略全景介绍 - 问题域:企业级安全治理与合规体系设计 - 方法/机制:分层层级安全组织架构 + ISO 27001 姿态框架 + 三方渗透测试 + 安全意识培训 - 结论/价值:政策是基础设施的基石,运营、工具和流程均构建在此框架之上 ## Key Claims(用中文描述) - OpenText 采用分层方法定义安全策略——与各团队协作定义"做什么",与执行团队协作确定"怎么做" - OpenText 持有 FedRAMP 等多项行业及政府认证,可进入多个垂直市场销售 - OpenText 每年进行第三方测试(桌面演练+红队演练),持续处于顶级梯队 - 月处理 2250 亿条日志,每月分诊约 350 个案例 - Global Information Security Policy(GISP)是最高纲领性政策,季度审查 ## Key Quotes > "Policies are foundational elements, with operations, tools, and processes built on that framework." — Mike & Ed, GIS Team > "The focus is on how many people report suspicious activity." — GIS Security Awareness Program > "Policies define what needs to be done, while providing flexibility for how it is implemented." — GIS Policy Framework ## Key Concepts - [[Global Information Security Policy (GISP)]]:最高纲领性政策,季度审查 - [[ISO-27001]]:姿态框架基础,2022 年更新,新增 11 个控制方面 - [[Security-Awareness-Training]]:月度安全通讯 + 网络钓鱼演练 - [[Third-Party-Penetration-Testing]]:年度桌面演练 + 红队演练 - [[Threat-Intelligence]]:结合 BrightCloud 等工具的威胁情报体系 - [[FedRAMP]]:政府级云安全认证 ## Key Entities - [[Mike]]:Global Information Security Team,主讲人 - [[Ed]]:Global Information Security Team,主讲人 - [[OpenText]]:企业主体,安全策略制定者 - [[BrightCloud]]:OpenText 自有威胁情报工具 ## Connections - [[CTP-Topic-21-Supply-Chain-Security-in-Micro-Focus]] ← related_to ← [[GIS-Security-Policies]](供应链安全同属安全治理范畴) - [[CTP-Topic-52-3-Lines-of-Defence]] ← extends ← [[GIS-Security-Policies]](三道防线框架与 GIS 分层组织高度吻合) ## Contradictions - 与 [[CTP-Topic-10-AWS-Landing-Zone-LZ-Data-Collection-Tagging-Related-Security]] 存在视角互补而非冲突: - 冲突点:两者均涉及安全治理,但 Topic 10 聚焦于 AWS 层面的标签化安全策略(SCP/Checkpoint),Topic 41 聚焦于企业级安全政策框架(ISO 27001/GISP) - 当前观点:两者互补——GISP 定义全局政策纲领,AWS Landing Zone 层面通过标签和 SCP 实现技术落地