Tweet
Tweet

Slide 1

Slide 1 text

@ken5scal, 2024/06/13 ϦεΫධՁͱ ೥࣍ରԠ

Slide 2

Slide 2 text

Πϯτϩ

Slide 3

Slide 3 text

- ڴҖϞσϦϯάʢͱ͍͏͔ϦεΫධՁ…ʣ͸੕ͷ਺΄Ͳ͋Δ - ͦͷԼҐϞσϧͰ͋Δۀ຿ϑϩʔ΍੬ऑੑ؅ཧ΋੕ͷ਺΄Ͳ͋Δ - ͿͬͪΌ͚ॳճΤΠοͱ΍Δ͚ͩͳΒͳΜͱ͔ͳΔ - ௨೥ͦͯ͠਺೥Λ௨͠ɺมԽʹ߹Θͤͨӡ༻ɾӡӦ͕Ή͍ͣ - ӡ༻ɾӡӦͷࣄྫΛग़ͤɺࣄྫΛɻ - ·ͣ͸ݴ͍ग़ͬ͠΃͔Βɻ - ͦΕʹ൐͏ٞ࿦ͷ׆ൃԽ٩(Ň•̀ω•́Ň)و - ౰ࣾ΁ͷڵຯΛ͋͛Δ ࠓ೔ͷഎܠɾ໨త

Slide 4

Slide 4 text

- ॴଐ - ࡾҪ෺࢈σδλϧɾΞηοτϚωδϝϯτ - ίʔϙϨʔτγεςϜ෦: DevSecOps, Corp Eng౳ - LayerX Fintechࣄۀ෦ʢˢʹग़޲ʣ - ݸਓ׆ಈ - िؒχϡʔεϨʔλʔɺPodCastɺಉਓࢽ - དྷྺ - ۚ༥ܥSIer > ࢿ࢈؅ཧɾՈܭ฽ɾձܭSP > ূ݊ձࣾ > ݱ৬ - ͳΜ͔ͩΜͩFintech/ূ݊ܥʹ͍Δ - ࠷ۙ͸σʔλΤϯδχΞϦϯάΛཤमத @ken5scal χϡʔεϨλʔ: https://ken5scal.notion.site/54bda4932da14add9e9911ab3e9a6e5c podcast: https://open.spotify.com/show/73sFeKzUIkSYfCZWVBNO70

Slide 5

Slide 5 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ݟग़͠ https://speakerdeck.com/layerx/company-deck

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

݁࿦ʢ݁࿦ͱ͸͍ͬͯͳ͍ʣ

Slide 9

Slide 9 text

ࠓ೔ͷഎܠ ΨοπϦՇ ஫: ຊஶͷஶऀʢੴ઒͞ΜʣͱεϐʔΧʔ͸ಉ͡ձࣾʹ͍ͨ͜ͱ͕͋Γ·͢

Slide 10

Slide 10 text

ࠓ೔ͷഎܠ ͋Δఔ౓ɺՇ (STRIDE, Diamond modelΛ࣮ફ ͕ͨ͋͠Θͳ͔ͬͨ౰ࣾͷҙݟʣ

Slide 11

Slide 11 text

ࠓ೔ͷഎܠ ͋Δఔ౓ɺՇ ࢛൒ظɾ൒ظɾ೥࣍Ϩϙʔτ౳

Slide 12

Slide 12 text

- ͿͬͪΌ͚ଞࣾͷ೰Έฉ͖͍ͨɾҰॹʹ೰Έ͍ͨ - ౰ࣾͷ೰Έ - ࢒ଘ੬ऑੑͷείΞʢଥ౰ੑɺΞϧΰϦζϜߋ৽ɺՄٯੑʣ - νʔϜߏ੒ - Ͳ͏ίϛοτͤ͞Δ͔ - ޿͞ΛऔΔ͔ɺਂ͞ΛऔΔ͔ - λΠϜϥΠϯ - ͕࣌ؒ͋·ͬͨͱ͖ʹ͔͍ͭ·ΜͰ࿩͍ͨ͠ͷͰɺฉ͖͍ͨ಺༰͕͋͋Ε͹ʮ#ڴҖϞσ Ϧϯά #೰ΈʯͰͭͿ΍͍͍ͯͩ͘͞ ࠓ೔ͷਅɾཪ໨త

Slide 13

Slide 13 text

Ұൠ࿦ ஫: ʮ ڴҖΠϯςϦδΣϯεͷڭՊॻʯͱͯ͠ͷҰൠ࿦

Slide 14

Slide 14 text

- ϦεΫ: “૝ఆ͞ΕΔڴҖ͕৘ใࢿ࢈ͷ࣋ͭ੬ऑੑΛѱ༻ͨ݁͠ Ռɺ૊৫ʹରͯ͠ѱӨڹΛ༩͑ΔજࡏՄೳੑ” - ࢿ࢈ x ੬ऑੑ x ڴҖ - ੬ऑੑ: “ٕज़ɾϓϩηεͳͲʹ಺ࡏ͢ΔαΠόʔηΩϡϦςΟ ্ͷܽ఺ɾܽؕ” - ٕज़ɾϓϩηεɾਓ ϦεΫ

Slide 15

Slide 15 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ

Slide 16

Slide 16 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ

Slide 17

Slide 17 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ - ISMSͷ؅ཧࡦ: ໿90ۙ͘ - FISCͷج४ɿ໿300ۙ͘ - ਌ձࣾΨΠυϥΠϯ: ໿230ۙ͘ - ͔͠΋Ұ෦͸ҟͳΔจݴͰඃ͍ͬͯΔɻ

Slide 18

Slide 18 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ - ༏ઌॱҐ͕͚ͭͮΒ͍ - ಘΒΕΔΞ΢τΧϜ͕ɺୡ੒཰xx%͘Β͍ - 0~100ͷ͏ͪ1Ͱ΋΍͍ͬͯͨΒʮ΍͍ͬͯΔʯͱ Ԡ͑ΒΕΔ

Slide 19

Slide 19 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ

Slide 20

Slide 20 text

1. “ηΩϡϦςΟΛ೦಄ʹγεςϜܭըɾߏஙɾҡ࣋Λߦ͏ଶ੎͕͋Δ” 1. ࢿ࢈؅ཧɺύον؅ཧɺ੬ऑੑ؅ཧɺಛݖ؅ཧɺύεϫʔυ؅ཧ ͳͲͷجຊతͳऔΓ૊Έ • NIST CSF, SP800, CISίϯτϩʔϧʢv7 basicʣ౳ 2. “ਓ͕ܧଓతʹؔ༩ͤͣɺҰ؏ੑͷ͋Δ๷ޚϝΧχζϜΛ༗͍ͯ͠Δ” 1. ଟ૚๷ޚ ڴҖΠϯςϦδΣϯεʢΛ༗ޮʹ׆༻͢Δʣʹඞ༻ͳ੒ख़౓

Slide 21

Slide 21 text

౰ࣾͷ࣮ફ

Slide 22

Slide 22 text

- ϒϩοΫνΣʔϯࣄۀ͔ΒͷϐϘοτ - ಉ࣌ෳ਺ࣄۀ෦্ཱͪ͛ - ≒͚͜Ε͹ձࣾɾࣄۀ͕ࢮ͵ - ௒Τϯϓϥͱͷڠۀ͔Βɺ୯७ͳSaaSར༻ऀ·Ͱސ٬૚͕޿͍ - ࠷ॳͷηΩϡϦςΟϚϯʢken5ʣͷ݉຿ͱ݉຿ - ࣄۀ໨తͰηΩϡϦςΟଶ੎ͷ੔උ͕։࢝͞ΕΔʢ޾ӡʣ എܠ(2021)

Slide 23

Slide 23 text

- ෳ਺ࣄۀʹద༻Ͱ͖ΔΑ͏ - ৽نࣄۀͷͨΊͷϕʔεϥΠϯॏࢹ - ݴ͏ͯόΫϥΫͰ͢Β5೥ະຬͷαʔϏε - ڴҖϕʔε͸ʮΠϯγσϯτʯ΍ʮใࠂॻʯ͔Βʮ౰ࣾʹࢗ͞Δ΋ͷʯΛݫબ - ྫ: LastPass / Okta, APT29 - ݉຿ͷݶք͔Β୭ʹͰ΋Ҿ͖ܧ͛ΔΑ͏ - ౰ࣾͷόϦϡʔͰ͋ΔʮσδλϧԽʯ - ITԽ≠σδλϧԽ ηΩϡϦςΟଶ੎ͷϙΠϯτ

Slide 24

Slide 24 text

̍೥໨

Slide 25

Slide 25 text

ϦεΫ؅ཧͷΞϓϩʔν 1-1 ܦӦͱηΩϡϦςΟͷᓔੵ , CISOͷͨΊͷ৘ใηΩϡϦςΟઓུ ←ิ׬ؔ܎ͱΈͳ͠ɺλΠϜϦϛοτ಺ͰՄೳͳݶΓ ࣮γεςϜΛௐ΂ɺجຊɺະରࡦͷ෦෼ʹूதɻߋͳ ΔूதϙΠϯτͱͯ͠ݫબͨ͠ڴҖϕΫτϧΛબఆˠ

Slide 26

Slide 26 text

1೥໨: γεςϜϦεΫධՁͷۀ຿ϑϩʔ࡞੒ https://oss-db.jp/dojo/dojo_info_04

Slide 27

Slide 27 text

- ʮσδλϧԽʯʹ͋ͨͬͯ͸ྑ࣭ͳσʔλ͕ඞਢʂ - ϦεΫධՁϑϩʔͷղ૾౓ʹҧ͍͋Γ - ۀ຿ͷચ͍ग़͠ -> ղ૾౓ߴ - ڴҖධՁ -> ղ૾౓௿ - ෳ਺ࣄۀମʹΑΔه࿥Λڞ௨తʹݟฦ͢ඞ༻ 1೥໨: σʔλεΩʔϚΛఆٛ https://oss-db.jp/dojo/dojo_info_04 εΩʔϚͱਖ਼نԽΛ࣮ࢪ

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

- ॏෳ͕ͳ͘ͳΔܗͰςʔϒϧΛ෼ׂͰ͖ͨ͜ͱʹΑΓɺςʔϒϧ͝ͱͷΦʔ φʔ΋ఆٛͰ͖ͨ - ୭͕ͲͷσʔλΛอ࣋͠ɺϝϯςΛ͠ͳ͚Ε͹͍͚ͳ͍͔੹຿ΛΘ͚΍͍͢ - ௒ڊେͳ̍ͭͷϑΝΠϧʹ͠ͳ͍͜ͱͰՄࢹੑ޲্ - πʔϧΛҙ޲ͯ͠΋ɺ੔߹ੑ͕อͨΕΔ - (2021) Notion -> (2024) ςʔϒϧԽ͕Մೳͱͳͬͨεϓγ - ΠϯαΠτΛಘΔͨΊͷ෼ੳ͕΍Γ΍͘͢ͳΔ - ࡶͰ΋͍͍ͷͰ࢝Ίͳ͍ͱҰੜͰ͖ͳ͍ ਖ਼نԽʹΑΓ͑ΒΕͨϝϦοτ https://oss-db.jp/dojo/dojo_info_04 ਺গͳ͍ʮࣗ৴Λ΋ͬͯʯ΍ͬ ͯΑ͔ͬͨͱ͍͑Δ΍ͭ

Slide 30

Slide 30 text

1. ϦεΫධՁͷख๏Λೖྗ 2. ςʔϒϧઃܭͷํ਑Λࢦࣔ 3. ਖ਼نԽͷࢦࣔ

Slide 31

Slide 31 text

1. ʢNotionͰඳըͰ͖ΔΑ͏ʹʣERਤΛmermaidه๏Ͱ ࡞੒͢ΔΑ͏ࢦࣔ

Slide 32

Slide 32 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ݟग़͠

Slide 33

Slide 33 text

- Ϧετ - Ϧετ - Ϧετ - Ϧετͷڧௐจࣈ - Ϧετ ݟग़͠ ۀ຿ςʔϒϧ ࢒ଘ੬ऑੑςʔϒϧ ڴҖςʔϒϧ ϦεΫධՁςʔϒϧ

Slide 34

Slide 34 text

ۀ຿ςʔϒϧ ࣄۀͷӨڹʹूத -> ि࣍ɾ݄࣍ɾ4൒ظ౳ͷܦӦձ͔ٞΒٯࢉͯ͠ ॏࢹͯͦ͠͏ͳۀ຿͕ߴ͘ͳΔΑ͏είΞ

Slide 35

Slide 35 text

࢒ଘ੬ऑੑςʔϒϧ ϕʔεϥΠϯͱڴҖϕʔε྆ํʹ ରԠͰ͖ΔΑ͏ͳϦεΫܭࢉํ๏

Slide 36

Slide 36 text

࢒ଘ੬ऑੑςʔϒϧ

Slide 37

Slide 37 text

ϦεΫରԠࢪࡦςʔϒϧ

Slide 38

Slide 38 text

- ि࣍ɾ݄࣍ɾ4൒ظ౳ͷܦӦձٞɺސ٬ΠϯλϏϡʔɺܦӦऀͷաڈ ͷൃݴ౳͔Βٯࢉͯ͠ɺॏࢹͯͦ͠͏ͳσʔλ͔Βٯࢉ - ֤ϓϩμΫτΦʔφʔ͔Βۀ຿ϑϩʔΛ΋Β͍ɺͬ͟ͱ೺Ѳ - ඞཁʹԠͯࣗ͡෼Ͱ5w1hΛ௥ه - ࡞ͬͯͳ͍ͱ͜͸ࣗ෼Ͱ࡞Δ - ࣄۀʢຊʣ෦௕ͱܦӦਞʹɺ࠷ॏཁࢿ࢈ͷબఆΛ͓ئ͍ - ͦͷपลͷۀ຿ΛΨοπϦௐ΂ࠐΈ 1೥໨: Crown JewelΛαΫοͱબఆ

Slide 39

Slide 39 text

1೥໨: ͬ͘͟ΓڴҖείʔϓΛܾΊΔ ׂΓ੾ͬͯɺ͜͜͸ଐਓ্౳ɺ͋͑ͯܕԽ͠ͳ͔ͬͨ

Slide 40

Slide 40 text

ࠓ೔ͷഎܠ ·ͣ͸Info StealerܥͷΞλοΫύεʹدͤͯ·͢

Slide 41

Slide 41 text

- جຊతʹશ෦1ਓͰ΍Δ - ࢒ଘ੬ऑੑચ͍ग़͠ʙϦεΫධՁ·Ͱ: ken5 - ϦεΫධՁʙ೥࣍ϦεΫରԠ·Ͱ: ݱ৔ + ken5 - ސ٬਺΋গͳ͘ɺαʔϏε΋ۦ͚ग़ͩͬͨ͠ͷͰߏ੒΋ γϯϓϧͩͬͨʢ࣮૷ϨϕϧͰ೺ѲͰ͖ͨʣ 1೥໨: ࢒ଘ੬ऑੑચ͍ग़͠ʙ೥࣍ϦεΫରԠ·Ͱ

Slide 42

Slide 42 text

2೥໨~

Slide 43

Slide 43 text

!? ݟग़͠

Slide 44

Slide 44 text

- όΫϥΫαʔϏεഒ૿ - ୯७ʹݟΔ΂͖ϦιʔεͷഒԽ - ෳࡶͳ૊৫ߏ੒ʹΑΔΦʔφʔγο ϓͷ෼ࢄ - ϒϩοΫνΣʔϯࣄۀ෦ -> Trusted Computingܥࣄۀ -> Privacy Techࣄۀ -> AI/LLMࣄۀ - 1.5೥΄ͲͰθϩ͔Β࢝·Δʮࣄۀʯ ݟग़͠

Slide 45

Slide 45 text

2೥໨: ੹೚෼ք

Slide 46

Slide 46 text

2೥໨: खҾ࡞੒

Slide 47

Slide 47 text

- ۀ຿ϑϩʔ͸ - ۀ຿ར༻͍ͯ͠Δ΋ͷΛ - ͳ͚Ε͹ςϯϓϨΛ༻ҙ - ࢒ଘ੬ऑੑͷ - ೖྗํ๏΍ߟ͑ํΛఏڙ - શମతͳεέδϡʔϧ΋ఏڙ 2೥໨: τϨʔχϯά

Slide 48

Slide 48 text

2೥໨: τϨʔχϯά

Slide 49

Slide 49 text

՝୊

Slide 50

Slide 50 text

- ৘ใࢿ࢈DBͱͷ࿈ܞ - ಛʹAttack Surfaceʹؔ࿈͢Δࢿ࢈ͱ͸ܨ͍͛ͨ - एׯɺۀ຿ΧοτʹΑ͍ͬͯΔͷͰIntegrationํ๏͕೉͠ ͍ ͏·͍ͬͯ͘ͳ͍͜ͱ - ະղܾ

Slide 51

Slide 51 text

- ࢒ଘ੬ऑੑͷείΞͷӡ༻ - ඪ४Խ͠ͳ͚Ε͹ҙຯ͕ͳ͍ - ίϯϓϥతͳඪ४ʢٕज़ରԠɺFISCରࡦج४ʣͱɺείΞͷซ༻͕͏·͍͔ͬͯ͘ͳ͍͔΋ - Ұํɺαʔόʔͷ੬ऑੑͱɺΫϥ΢υαʔϏε্ͷ੬ऑੑʢߏ੒ෆඋʣʹڞ༗͢ΔΑ͏ͳείΞϩδο Ϋ͕೉͍͠ - ͳΜͱͳ͕ͩ͘ɺࢿ࢈ʹԠͨ͡είΞΛ͚ͭΔ͜ͱʹͳΔؾ͕͢Δ - தؒςʔϒϧര஀ͳ༧ײ͕ͩɺNotion/εϓγͰ͸ೝ஌ෛՙ͕ݫ͍͠ - CSPMͱͷ࿈ܞඞཁ - ਖ਼ղ͸ͳ͍ͷͰߋ৽͠ͳ͚Ε͹ͳΒͳ͍͕ɺߋ৽ޙʹͲͷΑ͏ʹաڈσʔλͱ੔߹ੑΛอ͔ͭ - ίϯϓϥΠΞϯεϕʔεͰߟྀ͢Δͱɺ΍ͬͯͳ͍ࢪࡦ͸ࣗಈతʹ࠷େͷϦεΫείΞʹͳͬͯ͠·͏ ͏·͍ͬͯ͘ͳ͍͜ͱ - ະղܾ

Slide 52

Slide 52 text

- ڴҖͷӡ༻ɾܕԽ: ΍Βͳ͔ͬͨ - ڴҖͷʮσδλϧԽʯͷΠϝʔδ͕·ͩͳ͍ - είʔϓΛߜΔͷΈʹ׆༻ - MitreϑϨʔϜϫʔΫͷ૊ΈࠐΈ͸ɺλΫςΟΫε·ͰΧόʔ͢ΔͱେมɻڭՊॻʹ΋͋Δ ௨ΓࣗಈԽ͞Εͳ͍ͱ೉͍͠ - ͓ͦΒ͘ɺίϯϓϥΠΞϯεϕʔεTͱڴҖϕʔεTΛ෼཭͠ࣄʹ౰ͨΔͷͰ͸ͳ͍ͩΖ͏͔ - લऀ͕CSIRTɾޙऀ͕PSIRT?ɹ͋Δ͍͸ύʔϓϧTʁɹ - ૊৫ߏ੒ͷΠϝʔδ͕·͍͍ͩͭͯͳ͍ ͏·͍ͬͯ͘ͳ͍͜ͱ - ະղܾ

Slide 53

Slide 53 text

- ۀ຿ϑϩʔͷཻ౓΍ඪ४Խʁɹଟ෼Ͱ͖ͳ͍ɻɻɻ - ϓϩμΫτΦʔφʔͷר͖ࠐΈ - εΩʔϚߋ৽࣌ͷϚΠάϨʔγϣϯ - ରԠͷཻ౓…௕͘ͶʁରԠ·ͰηοτͰߟ͑Δ͔Βʁ - λΠϜϥΠϯͱϦιʔε: 1q-2q·Δ·Δ࢖͏ɻ্ͱಉ͡ͰධՁ ͷείʔϓʁ ͏·͍ͬͯ͘ͳ͍͜ͱ - ະղܾ

Slide 54

Slide 54 text

- ΢ϧτϥϩϯάͳΤΫηϧ - ಛఆ෦໳͕Ұੜ΍ͬͯ͘Εͳ͍ - ධՁ΁ͷ૊ΈࠐΈ - Ұ෦ղܾࡁΈ: ࣗಇԽ ͏·͍ͬͯ͘ͳ͍͜ͱ - ղܾࡁΈ

Slide 55

Slide 55 text

←Ԡื ໘ஊˠ ←ࡶஊ DM (X): @ken5scal