56 lines
3.0 KiB
Markdown
56 lines
3.0 KiB
Markdown
---
|
||
title: "Public Cloud Learning Sessions - OpenText GIS Security Policies - 20241015"
|
||
type: source
|
||
tags:
|
||
- OpenText
|
||
- Security-Policies
|
||
- GIS
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/07_Security/public-cloud-learning-sessions-opentext-gis-security-policies-20241015-160257-me.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:OpenText 全球信息安全团队(GIS)安全策略全景介绍
|
||
- 问题域:企业级安全治理与合规体系设计
|
||
- 方法/机制:分层层级安全组织架构 + ISO 27001 姿态框架 + 三方渗透测试 + 安全意识培训
|
||
- 结论/价值:政策是基础设施的基石,运营、工具和流程均构建在此框架之上
|
||
|
||
## Key Claims(用中文描述)
|
||
- OpenText 采用分层方法定义安全策略——与各团队协作定义"做什么",与执行团队协作确定"怎么做"
|
||
- OpenText 持有 FedRAMP 等多项行业及政府认证,可进入多个垂直市场销售
|
||
- OpenText 每年进行第三方测试(桌面演练+红队演练),持续处于顶级梯队
|
||
- 月处理 2250 亿条日志,每月分诊约 350 个案例
|
||
- Global Information Security Policy(GISP)是最高纲领性政策,季度审查
|
||
|
||
## Key Quotes
|
||
> "Policies are foundational elements, with operations, tools, and processes built on that framework." — Mike & Ed, GIS Team
|
||
|
||
> "The focus is on how many people report suspicious activity." — GIS Security Awareness Program
|
||
|
||
> "Policies define what needs to be done, while providing flexibility for how it is implemented." — GIS Policy Framework
|
||
|
||
## Key Concepts
|
||
- [[Global Information Security Policy (GISP)]]:最高纲领性政策,季度审查
|
||
- [[ISO-27001]]:姿态框架基础,2022 年更新,新增 11 个控制方面
|
||
- [[Security-Awareness-Training]]:月度安全通讯 + 网络钓鱼演练
|
||
- [[Third-Party-Penetration-Testing]]:年度桌面演练 + 红队演练
|
||
- [[Threat-Intelligence]]:结合 BrightCloud 等工具的威胁情报体系
|
||
- [[FedRAMP]]:政府级云安全认证
|
||
|
||
## Key Entities
|
||
- [[Mike]]:Global Information Security Team,主讲人
|
||
- [[Ed]]:Global Information Security Team,主讲人
|
||
- [[OpenText]]:企业主体,安全策略制定者
|
||
- [[BrightCloud]]:OpenText 自有威胁情报工具
|
||
|
||
## Connections
|
||
- [[CTP-Topic-21-Supply-Chain-Security-in-Micro-Focus]] ← related_to ← [[GIS-Security-Policies]](供应链安全同属安全治理范畴)
|
||
- [[CTP-Topic-52-3-Lines-of-Defence]] ← extends ← [[GIS-Security-Policies]](三道防线框架与 GIS 分层组织高度吻合)
|
||
|
||
## Contradictions
|
||
- 与 [[CTP-Topic-10-AWS-Landing-Zone-LZ-Data-Collection-Tagging-Related-Security]] 存在视角互补而非冲突:
|
||
- 冲突点:两者均涉及安全治理,但 Topic 10 聚焦于 AWS 层面的标签化安全策略(SCP/Checkpoint),Topic 41 聚焦于企业级安全政策框架(ISO 27001/GISP)
|
||
- 当前观点:两者互补——GISP 定义全局政策纲领,AWS Landing Zone 层面通过标签和 SCP 实现技术落地
|