42 lines
2.1 KiB
Markdown
42 lines
2.1 KiB
Markdown
---
|
||
title: "CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)"
|
||
type: source
|
||
tags: [Security, CSPM, 3LoD, CTP, Cloud-Security]
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/ctp-topic-52-3-lines-of-defence-3lod-framework-cloud-security-posture-management.md]]
|
||
|
||
## Summary
|
||
- 核心主题:三道防线(3LoD)框架与云安全态势管理(CSPM)
|
||
- 问题域:企业云安全组织架构与统一安全态势管理
|
||
- 方法/机制:3LoD 框架明确角色职责,CSPM 统一监控多云账户安全配置
|
||
- 结论/价值:通过 Cloud Guard 实现跨云账户的安全配置集中监控与合规评估
|
||
|
||
## Key Claims
|
||
- 三道防线模型经 ELT 审批通过,成为组织标准安全框架
|
||
- CSPM 解决多云环境安全割裂问题,提供单一视图
|
||
- Cloud Guard 在账户创建时自动接入,确保全面覆盖
|
||
|
||
## Key Quotes
|
||
> "The three lines of defense model was approved by ELT mid-year and serves as the organization's go-to model." — Coyote, Head of Enterprise Application Security
|
||
|
||
> "CSPM should consolidate misconfigurations from multiple cloud accounts into a single platform, provide compliance framework views (CIS, NIST, ISO), and allow custom policies." — 核心需求
|
||
|
||
## Key Concepts
|
||
- [[Three-Lines-of-Defense]]:三道防线框架,第一道为业务单元,第二道为集团办公室,第三道为审计
|
||
- [[Cloud-Security-Posture-Management]]:云安全态势管理,持续监控云资源配置合规性
|
||
- [[Cloud-Guard]]:选中 CSPM 解决方案,提供态势管理、资产管理、网络配置探索、事件管理、身份管理
|
||
|
||
## Key Entities
|
||
- [[Coyote]]:Head of Enterprise Application Security,三道防线框架与 CSPM 方案主讲人
|
||
|
||
## Connections
|
||
- [[Three-Lines-of-Defense]] ← depends_on ← [[Regulatory-Compliance]]
|
||
- [[Cloud-Security-Posture-Management]] ← implements ← [[Cloud-Guard]]
|
||
- [[Cloud-Guard]] ← monitors ← [[Multi-Account-Cloud-Environment]]
|
||
- [[CTP-Topic-52]] ← part_of ← [[Public-Cloud-Learning-Sessions]]
|
||
|
||
## Contradictions
|
||
- 无冲突记录 |