43 lines
1.3 KiB
Markdown
43 lines
1.3 KiB
Markdown
---
|
||
title: "Three Lines of Defense"
|
||
type: concept
|
||
tags: [Security, Governance, Risk-Management, Framework]
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Definition
|
||
三道防线(Three Lines of Defense,3LoD)是一种企业风险管理框架,通过分层职责确保安全控制的有效性。
|
||
|
||
## First Line of Defense
|
||
业务单元:负责在其领域内实施和管理安全控制,是安全的直接责任方。
|
||
|
||
## Second Line of Defense
|
||
集团办公室:负责制定政策、事件响应和网络工具,作为第一道防线的顾问,提供指导和支持。
|
||
|
||
## Third Line of Defense
|
||
审计:确保第一道和第二道防线的合规性,为企业提供保证。
|
||
|
||
## Key Drivers
|
||
- 监管合规(Regulatory Compliance)
|
||
- 集中化平台(Centralized Platform)
|
||
- 云迁移(Cloud Migration)
|
||
- 基线控制(Baseline Controls)
|
||
- 更大的安全响应覆盖范围
|
||
|
||
## Work Streams Implemented
|
||
- 政策审查与整合
|
||
- 事件响应参与
|
||
- 网络安全风险与控制指标开发
|
||
- 网络安全工具审查
|
||
- 安全架构标准与模式
|
||
|
||
## Related Entities
|
||
- [[Coyote]] — Head of Enterprise Application Security,框架推动者
|
||
|
||
## Related Concepts
|
||
- [[Cloud-Security-Posture-Management]]
|
||
- [[Regulatory-Compliance]]
|
||
- [[Risk-Management]]
|
||
|
||
## Related Sources
|
||
- [[CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)]] |