u 3R y8Hv3R n .0# x · 5 1.gb p -!8 \c―― 3 91?.8 2.u l me t]r[―― 4< .8 3.yc ―― 6>a1).8...

$: u 3R y8Hv3R n .0# x · 5 1.gb p -!8 \c―― 3 91?.8 2.u l me t]r[―― 4< .8 3.yc ―― 6>a1).8 4.^ ni o`―― ?a'-!9 5.xabj zb v \c―― /&2$=@ 1 6. v d h ―― 5.6 #$
��

�� $�& ��#��(�8350�)

%!"

��2019

��•|Y|; Fg• u��3R�y8Hv3R��n��.0#�x�

•��?|; B7Fg• (6f) JPCERT��$�'��/2�2!� �b• (6f) Oh�vLAN�m>�@P {��b

•D�k^|;��`fk^|;�I�Ai|; Q_•JV\Gl }]c\G:��1oU� )%��TF47•+'"�HD<d9f n��.0#�=a47• çe�Nw~��D��C|Y�� ^_^..

• (OX) ��Ss��E9(JAB) ��oU7• IPA��.0#��-2*xT|9 Q_• JNSA \;n��.0#�qW5tL�9 47• NICT CYDERrp47�NICT SecHack365��,�!�•��MK[ ��(��.0#�zZ�&(�� j�2

��

•8>�M��R# ��"�N�HF�A!��QL�IB��KG�=�P��!@O-'45.&��!5,(10+37/��C"��

• 5,(%-,37/• @O-'45.&10+37/*,.2• 5,(J:• D?9E

•�" ��$�<��!��;��QL�)�6��

3

��

•Q`,("�U�GTV�AM��FB��Z=�L^�H��EK??• 9;�P<��

•K��N]_:JC�D8��[W�O��YV• '�$03!6%+ 26#

• ,2� (.• -46*$(.• 1&)56 ��

• O?�@8��SX/&• IU�R>�7\�� SNS

• Twitter• Facebook• Instagram• ….�

• ��

4

��

5

1. GB�P�-!8�\C――�3�91?.8�2. U�L�ME�T]R[――�4<� .8�3. YC�� ――�6>A1).8�4. ^��NI�O`――�?A'-!9�5. XabJ�Zb��V�\C――�/&2$=@�1�6. �V�D�H�� ――�5.6�#�5�6?��7. WR�Q��\C――�%7 A1/!&�8. A(�0�S�R_�――�;+0@A�

•,�):="A*2 <A'KF• 7A�3>�� D6�9��:�8C�:�E��

• !-!-10��/B&�$*, .%)�+.#• 42��<:��7A�@�5�?;�(")'"�C��=�

��

•0.,+MF'��IRPhj9�J">D�WQ�b['8�@ �Y��-2(• �L� ��Ph• ;]a��?dPh�

•Y<��C7?=• <T�IRPh�

• SU";]� ��?dPh• GA�=&$c_Ph

• 6^L*/1�`B4F•: "��• ��K��%��NX• )3�1�: H�g��

•f\#�C7�Ei• 5Oe�YV• �!�Z"$�?• ��"$�?

PhTTL

https://www.sankei.com/affairs/news/190629/afr1906290012-n1.html

��ID��ID

•Yvs��h@�`!yt�{z�"J��%$h|&q�OB• m%�d� ��iI�F HS��%�

•j��C��$�"�}��• �g��$i&��^Rl�U�$

•FZ�Yvs�� x�$��• �+5��$

• ,>023+�4�CVC/CVV.�4, �\KX) 5-30$/1 account• �x��ox��Mw• D��T]s��10�Ar-->�VaL��#��

• '+*?3��b• SNS'+*?3-->7(2/?-�16:�u• _QGk��9)>�0àWPE• Web+;<à�f�`!��<28328� +;<��p�e�

• cN��[n��~�+;<�/�=&�%��Ar�

7

�� (^-^)��3��CIA

• Confidentiality�>]P�• A:��N��M\��%)(��

• �%)(OC�8E9�ID//(6�-YK• Integrity�=RP�• M\��Q<P�[K��

• WGJ^�; �BS• Availability�:_P�• M\��Z`�H��%)(��

• &(+1/.*,6�%�XI9�LU9��%4"-�

• OECD�M\)$35+ #!-4!7��V@• ISO/IEC27001(JIS Q 27001)��?V

• ISMS(M\)$35+ 0.'27,&(+1��DT��F��I`

8

��CIA3+RAA3

• Reliability�MhP�• &(,1�04)(�dJ� ]E��

• -�*�]E�^�B��:>�&(,1�OS\• Accountability�S_YTP�• igI�%�.(�N�b�S_�Uf��

• 4$XC�-'*2/"35'+#��a`cG(Non-Repudiation)

• Authenticity�ORP�• A6��7H��=<�8�!\ cG��V�I�@�EQ�S_�KD�f9��• 8�!?W�[FLe

• ISO/IEC TR13335��;Z

9

� ��

10

•@O75 S<�T��3B@OU-��• NRG0*

• !��(�HDD NRGHJ• /=G0*

• �(��2?�18L�SNS >�4��#�%"�� @OS<• �!�� AK��&��.6

• B(,)G0*• EFPQ$��)+�!�'� EF�IM @O:;

��

��

��

D9C

��

11

oj 503;�(%��FQDC� #Y#��$2�/%yb�}[�$��

yb`t HJ%V��gOX503;�(��%E��,-19�yb'(.-�$��

ybR� HJ%V��gOX�FQD 503;�(��^|UP%yb�R��$��

�#�� HJ%V�:�+ID 7-;�4%yb�Yr��bp�:�+��#%��M<%M��

@ & FQD 503;�(s�^| yb�Zh�!��\B�$��

xu mS]Y>��W{�M��M<�v�zwi��%K�"xl�$��

~A *�6��d��=n�f��7)03%c_�$��!��*�8- *�6%kT��#�$��

q�e LG��%M�N��W{�aI%?��yb�'(.-Zh�!��*�6�`t��M<%M��

� ��

•�$��IJR�.V�&"%�<��• �(H��DK��1��P1R�a)�• [R(MG��7-)�J��X/��*5(JIS Q 27000:2019)

•�(H��?^��$��Z��(JIS Z 8051Q4)• ?^,W�$��;S�C8�+N0�2 ��?^��$��

• 3@EA(State of the art) • Y`B�\L

• 9�O)�U>FT• UQ:_=��6]

• �'!��# ��'�'�T

12

27000?? 27001??

• ISO/IEC (34?6$)2: International Organization for Standardization /

34=*?6%-: International Electrotechnical Commission)

• ISO/IEC27000�"��8@�� "��#��(ISMS: Information Security Management System)��8@�� "��(B�"��9/:��!��

• JIS Q 27000:2019 (2019>3.1&)

• 8@�� "��A0<,

•+'7�54;�� • https://www.kikakurui.com/q/Q27000-2019-01.html

13

��•��"�• �+��( ��'��• ��( �.( ��$%

•)�,-• ��*!

• ��&#• ��#

• ��)�

14

IPA(��)��

��•1�)3#8!07�,• >d�uV�=V ��1�)3#8�Pb[�fK=V� Kn�,$-&��{|• ah��uV�=V��@��fK�615�H��m��YI

•tCQo!07�,• '8(5+8/}�b[�ipT�DF�rk��

• jO<�SM��;q��c\o�rk�y�A�•WJ4)&v`• ZzNL�f��NL:l��B9��_U^��*%24."�E� Rx

• eg�G]�s~•b�I� !07�,• X?!07�,�w~

15

��

16

�%�"/��-��.�

( �A�.�

(127�,)

��*�'Y: ��P: �)��N: ��N/A: �#��

�+�.�

��*�!�'

!&

!� �$

� ��

��

17

"7��'��49��

3�2C/I/A ��

�6��)�6�!��0,

� ��5��3��%�$��#�8�

�� 4&2

-�3�

.��8�� 4&(�2

� ��OK��?

��*+�/ 1

��

"7��8*+

��>=��%"$��!

#! ��&

��

�3�� 1��#��

1��$�� 0�/"

)&�� -�(+!.(, ��()

�� 2��*�? �� 2

�� ,�� '�� %�

Yes

No

��

��

��

19

;64/��

;64��/(/��/�,-=�)�>(�&�/��)

! x"��

��

��

��

��

� �

�

* 5<9�'��

%$+��1��.�#

�/��0�73:;82��

��

• PMBOK (Project Management Body of Knowledge)• 1987u}XPMI�#$w|�&�7;0+,48609<4�hF{c� ��!��

•7;0+,4�8)51�@N'�%:1,(M>)��mAj�• Ez�:1,��!��dJ"�7;0+,4�1.�7"�{'be�~V�%��:1,�@N'2;��%j�• ?p�:1,��%O��ZO�(*43�/<-"�lG�S�Q��#��:1,�#%8)51�@N'n\`�?p�%j��pD�• oT�:1,�@Nx='L��$�wiH�'oT��$�%j��RT�• a��:1,�U_B��]�@N�K�Cvx=s��%gW":1,�dJ�Yt��%� ��r�m['��j��m[y��k�&%l^PI'fE��%]�q

20

��

•&)#!"%�&'$�+7 ]��($"=3(=3)��Q-Mc

• 2_�=3�1D�T`��:A.�Y1DJ F�H��Mc• 5[�=3 U��Vd�?�RCE�&)#!"%�D>9<�*Z��NZ ]��Mc• 6.�=3�&'$�+7 P/ ��WK1b ?��Mc• G^�L8S�a_��=3�D;��a, 4G��Mc�QBX_�\O��aU I0��@��

21

��

22

•Wl#�,-$�3bq`CIA��P��• ISO/IEC 27001:2005 (Wl=Q-#�,-$�=Q-Wl#�,-$�)&!+.% "$*(ISMS: Information Security Management System)-q@NG��pD�c>��jk�<J

1. [5S�ISMS��BS7799�0H;6�2. ��enHd;6��ISMSfT9R Ver2.0

• V<2��(�"��#�,-$��aU��WlML��:o]�7_]�2p]�)&!+.% "$*��/O�8r�4^��9n�.#'%• Wl#�,-$�)&!+.% "$*(ISMS)�Y�HK;6��ISO/IEC 27001:2005�2005g10C�hE• Hd;6��JIS Q 27001:2006�2006g5C�hE• 3�H�� FAiR1m�X?�B��BILAbZ�\c��enFA;6

ISMS��

23

https://www.ipa.go.jp/security/manager/protect/pdca/standard.html

BS7799-2:2002

•Zk% .0&��*$')/!&�$�Nd<J��@mc�=qKn�Ca ��4LC;F7�BSI��Q]��=q@W•[M�4Ll3RGX��H2i��4LfaA>�UKAS��5�BS7799[MA>�fa��:L�?G�`^��VT

•_1j��Zk% .0&�+(#-1'"$&,�ISMS��VT@W�Code of practice for information security management• 2000g�LPhW6AI(ISO)�LPeBhW7E(IEC)��ISO/IEC17799o��LPhW6

•_2j��Zk% .0&�+(#-1'"$&,�Sp��DOSpecification for information security management systems• 2002g�8b��\9c�Zk% .0&�=q�> �UVY�hWC;

24BS7799�� !?��

ISO/IEC 17799��JIS X 5080

• BS7799 @1M1999IK�!��4?• 2000IPart1�ISO/IEC17799:2000��2V, Part2�BS7799-2:2002• ISO/IEC 17799:2000�RU�2002I3/�JIS X 5080:2002��GQ0.,)�JIS%�• BS7799-2:2002�ISMSE1>L&=F��+8��3AP<GQ;O9W(J-'(JIPDEC)��2002I�/ISMSH:+8(Ver.1.0)• 2003I4/ISMSH:+8(Ver.2.0)�=C

•;O��"# �*W76+8��• H:� ��+8��B$

• 10�*WNT• 36�*WSD• 127�*W5

25

ISO/IEC 17799��JIS X 5080��(10��)

26

��

>��1 $�.1&�?��f a�$�.1&�+("-4'��f

>��2 pc�$�.1&� a�$�.1&�he�l~�X�67:�mv��

>��3 VT��>� VTN��Sk�VT�� @x

>��4 gy$�.1&� gy�8��1#�FJ��y�l~�Q�bG{�@x

>��5 ��y��=Cy$�.1&� }tY>��Um�qv[��{�� @x

>��6 wd��9�>� a�^�!#&,�9�>��$�.1&�� @x

>��7 ��$#iL ��Z�a��$#>��(%'3��$#iL�� @x

>��8 !#&,�;��\ Hn�;��9��!#&,��$�.1&��G��*1 �!/4*2�0,�s�$�.1&��G�a��|��`�5O��>�{�� @x

>��9 WDEr>� WK�R<��A��>��WDEr>�� @x

>��10 zPj uy_�I�*0�)!��M{��yov��]B�zPj��@x

��PDCA�•:P��%O��4��<H�NTH�(8H�@;H A2�'��* 6�DI��@;H 7@�

1. Plan�SB�>T��RL�U��RL�C=��+#2G2. Do�RL�+#��51�)Q�533. Check�53�)Q�+#F�/��J9�RL�C=��%K��M!

4. Act�M!,"��)Q�$?

27

Plan(+#)

Do(53)Act(.E��$?)

Check(I-�&0)

ISMS

ISMS��ISMS��

��

ISMS� ��

� ��1. �,�)#�,�&0��+.��(��

2. 6-�"3��*!1��7�2+��,

3. �,� ��,

4. �54$��,5. "3��'��2%��*�

6. *�� /8��,

28http://www.soumu.go.jp/main_sosiki/joho_tsusin/security/business/executive/04-4.html

��

•,� �/>&%�?��•4.+�<��?��•��"��36��-• *8�0��7��)!�98@�•�A��'31�#B��$5• ��=��;(�:2�?�

29

ISO/IEC270012005��2013

��

30

http://www.atmarkit.co.jp/ait/articles/1408/08/news006.html

ISO/IEC 27001:2013 (JIS Q 27001:2014)

•�¢��)n��x��)£Ynh��n]��z�&(�¢sO�L��)£Ynh��qA�R¥i��e{• �d ¤¢L��Up��'%)�w��¢��)&�¦• @2/+��u�X u��T¨�)mk+�c�)��*'�#�K�$[D�|oz��@2/�a+�Q��@2/��t+��~��i+g��*��'��• BE��¢sO"��¥ ��Q��¢��<81>A7026=�FSz��I\+¡)L�z?!

•�sO�`��• ISMS��§�}��I\+X!��• u�3.?@6,��• T¨�V$Vy�T�)£Ynh��

31

JIS Q 27001:2014 (ISO/IEC27001:2013)

0.r�

1.�¢�C

2.G¢VP

3.¢bX �W

4.�w�vZ

5.@�4�05;

6.^M

7.lJ

8.H¢

9.9:-�<A2�K

10.N�

��qA�V��R¥��X R¥i

jf�_

� ��

•-�#��$(<��*$&+/&�HJ�� GB

1. Kc"�,-%�dN<�Kc"�,-%�e\�6m��VL�Tn\�dAQ�om��6H��

2. VL�(."!��ISMSj=GB�_C�6H��3. ISMS�bj�F?�ki3a��6H��4. g@�Kc"�,-%�)' +/&<� ISMS j=GB��]C�IjQ�^[��

5. ISMS��0P R4�[R��6H��6. ISMS�g@Q�:h��O��D;�E2��7. >Y\5U�XM��8. ��Z�9q��8lW��S`�p1��-�#��$(�HJ��8lW�f7�E2�� 32

��ISMS�1� for CloudISO/IEC 27017:2015

•@=%�#"3#�!&2� �7L��%�#�DB�GI6�*��1�!$,J�8Q��PH�0!�• �/�'��)!SR��N4

•:>A9E��/�'��)!SR��FO"�.0$�+( -3&��'/�3�• 2015K12; ISO/IEC27017:2015 �<?MC5

33

https://www.jaco.co.jp/env_cls_management.htm

�� 2008�2��• 2016��bYFyv��W~��?� �^m��

• 2008-2012 ��JLny��IT-6,:=-2Cutr5>)<9(.';=1!) IT Keys�LEvZ�]�m�*�-#$ • i�MwX��q��NAIST�a��R��JAIST��q�• M�X��IISEC��ISS-(% �[

•��fUc��}�x�..orz• 2013-2015 ��JLn��B�G��gz�p�TCS�302?�(

(enPiT1) .';=1!�� SecCap�LEvZ�• 2016-��JLn u��e��p�Pls`�CuQ��Vu(enPiT2) .';=1!�� Basic SecCapL�vZ�• 2018-��JLn enPiTp�.';=1!5>s`Cu�Nk�5>)<9

enPiT ProSechKsZ�•�R�O�L]_I+"4�.';=1!L��*�-(CySec) hKsZ�L��jo�5>)<9• IPA .';=1!':@5 {]�K\d• NICT CYDER g[AD• NICT SecHack365*�-8-/�•H�&�5@<7<2=-6,:=-2Cu |

34

enPiT-Security ��

35

•FVOD�tQ• 4kR@��!#��mp�FVb��$�6W• Basic SecCap�#�!" �:g 2B• �Basic SecCap��Hw(7]('M)�i`

•Y\4�CUf�Y4k��G;?v• \45 -3B8�J_B8�,I��X>�a9

• Zr�4R�_ �FVb�OD)Q• Uo0n�^e�uH*+�KcFEA6A^e

•l��,I• ZP�PBL,I��Zr�<=�71�a9��!#��ODjL�sS�[.• Cd�hq�&�TN,I0n��%�$�hq�Zr/

enPiT2 Basic SecCap

36

(2016 �V2020 �) TPQSPL!�LJN��R��L��O��HKGMIU

P��

�6J

�*J 4KJ

3.,

GM398

��07/+

05,'

��$�

,55,

366+05

"��

��

��ZYX\[W�

�#�

��$��

�!$��"

2)-46

07

?G��8

)'(*&(��

07/05

3.�*J

��

��T"��U

G�@8BO398

Q#8

�'8

#�8

27�4

�,8

G�'%N8

�'$�8

�#L8

?GC&8

1 4(8

��T"��U

0�8

�>8

;!�N8

��

(1.&

��

366%+6

?G��8

�$��

,F5A>D

��

366035+

��

G�@-F8��8

C�8

�#�N8

8D8

�!��C&8

)=8

A+H�4

��4

"��4�

15�4

�:�4

I�<�4

/E�4

64/37��#$

2)-

366��

��*3��

-5 /

,8BF

,F9;C1<@=D

*3��'

��

05+@:CA<:�%

28?AEA 0+

��

37

y )�o�98I�Az�K'-o��-�Y&�

�;�W]X�98Iifhmpa%Dd`klg^%D$�2G

qd`klg^>Gr

yS��o�98I�AzP1�+-u��V&�sNRO�

>�58I�98I#3lcaoF�o6,

/"o(:o=�o2<@oM3

qLxvwt��Q_nepnbfjr

y4��AzP1�+-o��Q��Y&�s7� �

U![�J8I=T58I\4��*�HB

qxvw0Ar

yxvw�9z�K'-Y&�s7� �

=T58I=TZ�+�JC��.�#E?

38ProSec��

NICT CYDER(Cyber Defense Exercise with Recurrence) NICT SecHack365(Security+Hackathon 365Days)

U25��/)=@3%)<C9��!$&4$�#:D.��71(0C��"��#��"5BD6C*�Nulab��,;=6+D->C2DA Slack#�� 'C?&C�'8?&C��#��

u 3R y8Hv3R n .0# x · 5 1.gb p -!8 \c―― 3 91?.8 2.u l me t]r[―― 4< .8 3.yc ―― 6>a1).8...

Documents

Transcript of u 3R y8Hv3R n .0# x · 5 1.gb p -!8 \c―― 3 91?.8 2.u l me t]r[―― 4< .8 3.yc ―― 6>a1).8...