セキュリティ戦略・発表と総括 / Security Strategies, Presentation and Conclusions

Slide 1

Slide 1 text

Hardening for cyber security — generated by Stable Diffusion XL v1.0 2024 13-14 (WBS) 2024 13-14 — 2024-07-22 – p.1/43

Slide 2

Slide 2 text

https://speakerdeck.com/ks91/collections/cyber-security-2024-summer 2024 13-14 — 2024-07-22 – p.2/43

Slide 3

Slide 3 text

1 6 10 (1) • 2 6 10 (2) • 3 6 17 • 4 6 17 • 5 6 24 I ( ) • 6 6 24 I ( ) • 7 7 1 • 8 7 1 • 9 7 8 • 10 7 8 • 11 7 15 II ( ) • 12 7 15 II ( ) • 13 7 22 • 14 7 22 • W-IOI / ( ) 2024 13-14 — 2024-07-22 – p.3/43

Slide 4

Slide 4 text

( 20 ) 1 • 2 • 3 • 4 (TCP/IP ) • 5 • 6 • 7 • 8 • 9 • 10 World Wide Web • 11 Web API • 12 • 13 git GitHub • 14 • SSH • (6/24 ) / (2 ) OK / 2024 13-14 — 2024-07-22 – p.4/43

Slide 5

Slide 5 text

( ) II 10 2024 13-14 — 2024-07-22 – p.5/43

Slide 6

Slide 6 text

+ 2024 13-14 — 2024-07-22 – p.6/43

Slide 7

Slide 7 text

2024 13-14 — 2024-07-22 – p.7/43

Slide 8

Slide 8 text

6. II (1) ( ) (2) 2024 7 18 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 13-14 — 2024-07-22 – p.8/43

Slide 9

Slide 9 text

. . . . . . 12 7 (7/20( ) ) ( ) DDoS ( ∼ ) < ( ∼1,2 ) 2024 13-14 — 2024-07-22 – p.9/43

Slide 10

Slide 10 text

N ⇒ ^^; 2024 13-14 — 2024-07-22 – p.10/43

Slide 11

Slide 11 text

A CSIRT ( ) ⇒ AI 2024 13-14 — 2024-07-22 – p.11/43

Slide 12

Slide 12 text

L CEO CEO ⇒ MVV OvenAI MVV ( ) Mission : Vision : AI Value : W(X) vision value . . . 2024 13-14 — 2024-07-22 – p.12/43

Slide 13

Slide 13 text

A W WebAPP ks91 ⇒ 2024 13-14 — 2024-07-22 – p.13/43

Slide 14

Slide 14 text

2024 6 10 ∼7 22 Google 7 2024 13-14 — 2024-07-22 – p.14/43

Slide 15

Slide 15 text

6 10 Google https://lomgrp.co.jp/wp-content/uploads/2024/06/Informationleak_240610.pdf 2024 13-14 — 2024-07-22 – p.15/43

Slide 16

Slide 16 text

6 11 WEB 136 5 6 https://news.yahoo.co.jp/articles/71d073180db7d261c1dab9fe554d154f6193c46d 2024 13-14 — 2024-07-22 – p.16/43

Slide 17

Slide 17 text

6 17 https://www.shochiku.co.jp/wp-content/uploads/2024/06/20240617_02.pdf 2024 13-14 — 2024-07-22 – p.17/43

Slide 18

Slide 18 text

6 17 https://csw-kawasaki.or.jp/wp-content/uploads/2024/06/20240617 -1.pdf Google ⇒ Google 2024 13-14 — 2024-07-22 – p.18/43

Slide 19

Slide 19 text

6 18 AI https://www.ocha.ac.jp/news/d014901.html Google Forms Google Google 2024 13-14 — 2024-07-22 – p.19/43

Slide 20

Slide 20 text

6 25 https://bravegroup.co.jp/news/6359/ URL 2024 13-14 — 2024-07-22 – p.20/43

Slide 21

Slide 21 text

6 26 Google https://www.gifu-pu.ac.jp/news/2024/06/post-268.html 2024 13-14 — 2024-07-22 – p.21/43

Slide 22

Slide 22 text

6 28 ( 3.0 ) https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00215.html 2024 13-14 — 2024-07-22 – p.22/43

Slide 23

Slide 23 text

7 1 OpenSSH “regreSSHion” CVE-2024-6387 2024 13-14 — 2024-07-22 – p.23/43

Slide 24

Slide 24 text

7 9 “regreSSHion” OpenSSH CVE-2024-6409 2024 13-14 — 2024-07-22 – p.24/43

Slide 25

Slide 25 text

7 9 Zoom High ∼ ( ) https://news.yahoo.co.jp/articles/00fb89f571bf72672e5165cb19049bfc1ade7242 2024 13-14 — 2024-07-22 – p.25/43

Slide 26

Slide 26 text

7 19 Windows CrowdStrike Falcon Sensor https://news.yahoo.co.jp/articles/dee7ebe1e0f5ac28fd833033c454ee3792727046 2024 13-14 — 2024-07-22 – p.26/43

Slide 27

Slide 27 text

https://kurashi.com/journal/11074 + CSIRT 2024 13-14 — 2024-07-22 – p.27/43

Slide 28

Slide 28 text

(1) IPA Ver 3.0 (2023) https://www.meti.go.jp/policy/netsecurity/mng_guide.html IPA Ver 3.0 4 (2023) https://www.ipa.go.jp/security/economics/csm-practice.html 2024 13-14 — 2024-07-22 – p.28/43

Slide 29

Slide 29 text

(2) +1 / IPA ( ) Ver2.0 F 2 (2022) https://www.meti.go.jp/policy/netsecurity/mng_guide.html ( Ver 2.0) CSIRT Ver.2.1 https://www.nca.gr.jp/activity/imgs/recruit-hr20201211.pdf 2024 13-14 — 2024-07-22 – p.29/43

Slide 30

Slide 30 text

(3) (2019) https://www.keidanren.or.jp/policy/cybersecurity/CyberRiskHandbook .html 10 NIST 2024 13-14 — 2024-07-22 – p.30/43

Slide 31

Slide 31 text

3 2024 13-14 — 2024-07-22 – p.31/43

Slide 32

Slide 32 text

10 1. 2. 3. ( ) 4. 5. 6. PDCA 7. 8. 9. 10. F 2024 13-14 — 2024-07-22 – p.32/43

Slide 33

Slide 33 text

1 IT 2 3 4 5 2024 13-14 — 2024-07-22 – p.33/43

Slide 34

Slide 34 text

NIST 5 (Identify) (Protect) (Detect) (Respond) (Recover) 2024 13-14 — 2024-07-22 – p.34/43

Slide 35

Slide 35 text

: 5 5 2024 13-14 — 2024-07-22 – p.35/43

Slide 36

Slide 36 text

(OvenAI) 2024 6 10 OvenAI (BCP) OK 2024 13-14 — 2024-07-22 – p.36/43

Slide 37

Slide 37 text

2024 13-14 — 2024-07-22 – p.37/43

Slide 38

Slide 38 text

2024 2024 13-14 — 2024-07-22 – p.38/43

Slide 39

Slide 39 text

( ) (1) (2) ( ) ⇒ 2024 13-14 — 2024-07-22 – p.39/43

Slide 40

Slide 40 text

( ) NISC 7 ( ) 2024 13-14 — 2024-07-22 – p.40/43

Slide 41

Slide 41 text

2024 13-14 — 2024-07-22 – p.41/43

Slide 42

Slide 42 text

7. 2024 7 29 ( ) 23:59 JST Waseda Moodle (Q & A ) 2024 13-14 — 2024-07-22 – p.42/43

Slide 43

Slide 43 text

2024 13-14 — 2024-07-22 – p.43/43