4.6 KiB
title, type, source-type, category, tags, date-added, video-source, audio-source, status
| title | type | source-type | category | tags | date-added | video-source | audio-source | status | |||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording | cloud-learning | video | DevOps & SRE/07_Security |
|
2026-04-14 | nas:///volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4 | summarized (Gemini 摘要) |
Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015 160257-Meeting Recording
Source: NAS /volume2/work/Public Cloud Learning Sessions/Public Cloud Learning Sessions (OpenText)- GIS Security Policies - 20241015_160257-Meeting Recording.mp4
Type: VIDEO | Category: 07_Security
Status: 🟡 Awaiting Whisper transcription → Summary
GIS Security Policies
The public Cloud Learning session on GIS security policies was presented by Mike and Ed from the Global Information Security Team (GIS). The session covered an overview of the teams in GIS and security policies.
GIS is a pillared organization with classic security elements. Key teams include:
- Security Operations: Keeps the lights on and provides reassurance when issues arise.
- Compliance: Facilitates certifications and ensures adherence to policies.
- Governance, Risk, and Validation: Manages risk, oversees admin roles, and conducts quarterly reviews.
- Privacy Group: A recent addition, still being integrated into the organization.
Open Text uses a layered approach to security, collaborating with various teams to define what needs to be done, while working with other teams to determine how. The organization has a large compliance offering, certified across multiple industries and government entities. Certifications like FedRAMP enable sales into various verticals.
To prove its claims, Open Text conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier. Red teaming exercises are also performed to evaluate the organization without prior knowledge. Advanced threat assessments and internal/third-party pen testing are regularly conducted. Customer audits are performed, sometimes leading to remediation activities.
Tool components are used proactively to monitor environments, along with detection and threat hunting combined with threat intelligence and pen testing. The organization has a large SIM implementation, processing 225 billion log rugs monthly, triaging around 350 cases a month. Open Text leverages its own tools like BrightCloud as a feed into threat intelligence.
Open Text's posture framework is based on ISO 27001, recently updated in 2022 with 11 new control aspects. The organization has a supporting library for its Global Information Security Policy (GISP), reviewed quarterly with leadership. Awareness of security is raised through communications and campaigns, focusing on continuous improvement and awareness.
The overarching policy is the Global Information Security Policy, supported by various policies. Policies define what needs to be done, while providing flexibility for how it is implemented. Feedback is encouraged for continuous improvement.
A security awareness program includes monthly communications and fishing exercises. The focus is on how many people report suspicious activity. A team works with sales and legal to review customer requests, handling opportunities worth over $100 million a month. They also work on contractual wording to ensure realistic commitments. Presentations are given to customers to reassure them about Open Text's security maturity.
The speaker views policies as foundational elements, with operations, tools, and processes built on that framework. The GIS budget and procurement process is managed, along with M&A due diligence. An AI knowledge tool is being developed to provide easy access to policy information and customer responses. A risk organization is being overseen by the compliance area. A GIS Validations team performs access management and reviews. A privacy operations team is being integrated into governance and compliance areas. A business continuity team ensures awareness of global events that could impact Open Text employees.
The main services of the operations team include Cyber Response Center, Security Assurance, Threat Intelligence, Cloud Security, and Security Tools and Engineering. The compliance organization focuses on compliance program management, security roadmap, product risk assessments, continuous compliance and audit delivery, enablement and automation, and program delivery for federal authorizations.