ログの話

Transcript

1. Let's talk about logs. Why do we need logs? By

   Hirokazu Yoshida / At Let's all meet#3 / 2022.2.24

2. ϩάͷ࿩Λ͠Α͏ ϩάͬͯͳΜͰඞཁͳͷʁ ٢ాͻΖ͔ͣ / શһू߹#3 / 2022.2.24

3. Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job

   : Security Engineer Community : Security-JAWS Handle Name : fnifni

4. Today's expected audience and their issues • ৘ใγεςϜ୲౰ऀ • ηΩϡϦςΟԿ͔͠ͳ͍ͱෆຯ͍ͱࢥ͏

   • ϩάΛूΊͳ͍ͱ͍͚ͳ͍Β͍͠ 
 →ɹԿΛूΊͨΒྑ͍͔Θ͔ΒΜ • Ͳ͏ͨ͠Β͍͍͔Θ͔ΒΜ͚ͲɺSIEMΛ࢖͑͹͍͍Μ͡Όͳ͍ʁ 
 →ɹͳΜ͔͍͍SIEMͳ͍ͷʁ

5. Today's topic • ͲͷϩάΛूΊͨΒྑ͍͔෼͔Βͳ͍໰୊ • อଘظؒͲ͏͠Α͏໰୊ • ୺຤ૢ࡞ϩά͕ඞཁͩ໰୊

6. What to talk about today and what not to talk

   about • ࠓ೔࿩͢͜ͱ • ϩάΛूΊΔͱ͍͏͜ͱʹର͢ΔϑΝϯμϝϯλϧͳߟ͑ํ΍ 
 Α͋͘Δٙ໰΍՝୊ʹ͓͚Δࢀߟจݙͷ঺հ΍ࣔࠦ • ࿩͞ͳ͍͜ͱ • SIEM͸͜ΕΛ࢖͑͹ྑ͍Ͱ͢ʂ • ͜ͷϩάΛूΊΕ͹େৎ෉ʂ

7. Today's topic • ͲͷϩάΛूΊͨΒྑ͍͔෼͔Βͳ͍໰୊ • อଘظؒͲ͏͠Α͏໰୊ • ୺຤ૢ࡞ϩά͕ඞཁͩ໰୊

8. ͦ΋ͦ΋ ͳΜͰϩάΛूΊΑ͏ͱ ࢥͬͨΜ͚ͩͬʁ

9. ηΩϡϦςΟͷͨΊʹ ඞཁ͔ͩΒ

10. ηΩϡϦςΟͬͯ ୭ͷ੹೚ʹ͓͍ͯ ΍ΔΜ͚ͩͬʁ

11. Responsibility • ܦӦऀ • ܦӦऀ͸ɺαΠόʔηΩϡϦςΟϦεΫΛೝࣝ͠ɺϦʔμʔγοϓʹ ΑͬͯରࡦΛਐΊΔ͜ͱ͕ඞཁ • ࣗࣾ͸໪࿦ͷ͜ͱɺϏδωεύʔτφʔ΍ҕୗઌ΋ؚΊͨαϓϥΠ νΣʔϯʹର͢ΔηΩϡϦςΟରࡦ͕ඞཁ •

    ฏ࣌ٴͼۓٸ࣌ͷ͍ͣΕʹ͓͍ͯ΋ɺαΠόʔηΩϡϦςΟϦεΫ΍ର ࡦʹ܎Δ৘ใ։ࣔͳͲɺؔ܎ऀͱͷద੾ͳίϛϡχέʔγϣϯ͕ඞཁ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

12. Responsibility • ܦӦऀ • ৘ใηΩϡϦςΟରࡦ͸ɺܦӦʹେ͖ͳӨڹΛ༩͑·͢ • ରࡦͷෆඋʹΑΓɺܦӦऀ͕๏తɾಓٛత੹೚Λ໰ΘΕΔ • ૊৫ͱͯ͠ରࡦ͢ΔͨΊʹɺ୲౰ऀ΁ͷࢦ͕ࣔඞཁ https://www.ipa.go.jp/security/keihatsu/sme/guideline/

13. ܦӦऀ͸ͦͷ੹೚ʹج͍ͮͯ ηΩϡϦςΟରࡦͷࢦࣔΛग़͍ͯ͠Δ

14. Responsibility • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ5ʳαΠόʔηΩϡϦςΟϦεΫʹରԠ͢ΔͨΊͷ࢓૊Έͷߏங • ʢલུʣٕज़తͳऔ૊Λߦ͍ͬͯͨͱͯ͠΋ɺ߈ܸͷݕ஌ɾ෼ੳͱͦΕʹجͮ͘ ରԠ͕Ͱ͖ΔΑ͏ɺద੾ͳӡ༻͕ߦΘΕ͍ͯͳ͚Ε͹ɺαΠόʔ߈ܸͷঢ়گΛਖ਼ ֬ʹ೺Ѳ͢Δ͜ͱ͕Ͱ͖ͣɺ߈ܸऀʹ૊৫಺ͷॏཁ৘ใΛ઄औ͞ΕΔͳͲͷɺக ໋తͳඃ֐ʹൃల͢ΔڪΕ͕͋Δɻ

    • ʲରࡦྫʳΞΫηεϩά΍௨৴ϩά౳͔ΒαΠόʔ߈ܸΛ؂ࢹɾݕ஌͢Δ࢓૊Έ Λߏங͢Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

15. Responsibility • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ7ʳΠϯγσϯτൃੜ࣌ͷۓٸରԠମ੍ͷ੔උ • ۓٸ࣌ʹ͓͍ͯɺҎԼΛ࣮ࢪͰ͖ΔΑ͏ͳରԠମ੍Λߏங͢Δɻ • αΠόʔ߈ܸʹΑΔඃ֐Λड͚ͨ৔߹ɺඃ֐ݪҼͷಛఆ͓ΑͼղੳΛ଎ ΍͔ʹ࣮ࢪ͢ΔͨΊɺ଎΍͔ͳ֤छϩάͷอશ΍ײછ୺຤ͷ֬อ౳ͷূ

    ڌอશ͕ߦ͑Δମ੍Λߏங͢Δͱͱ΋ʹɺؔ܎ػؔͱͷ࿈ܞʹΑΔௐࠪ ͕ߦ͑ΔΑ͏ࢦࣔ͢Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

16. ηΩϡϦςΟΛ ߟ͑ͳ͍ͱ͍͚ͳ͍ൣғ ͬͯԿͩΖ͏ʁ

17. ηΩϡϦςΟΛߟ͑Δൣғ 
 ʹ Ϗδωε͕ߦΘΕ͍ͯΔൣғ

18. Ϗδωε͕ߦΘΕ͍ͯΔൣғ͢΂ͯʹ ηΩϡϦςΟରࡦʢϩάͷऔಘʣ͠ͳ͍ͱ ͍͚ͳ͍ͷʁ

19. ·͊ɺམͪண͍ͯ

20. Responsibility • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ̐ʳ 
 αΠόʔηΩϡϦςΟϦεΫͷ೺ѲͱϦεΫରԠʹؔ͢Δܭըͷࡦఆ • اۀͷܦӦઓུʹج͖ͮɺ֤اۀͷঢ়گʹԠͨ͡ద੾ͳϦεΫରԠ Λ࣮ࢪ͠ͳ͚Ε͹ɺա౓ͳରࡦʹΑΓ௨ৗͷۀ຿਱ߦʹࢧোΛ͖ͨ

    ͢ͳͲͷෆ౎߹͕ੜ͡ΔڪΕ͕͋Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

21. Responsibility • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ̐ʳରࡦྫ • ૊৫ʹ͓͚Δ৘ใͷ͏ͪɺܦӦઓུͷ؍఺͔ΒकΔ΂͖৘ใΛಛఆ ͠ɺͦΕΒ͕Ͳ͜ʹอଘ͞Ε͍ͯΔ͔Λ೺Ѳ͢Δɻ • कΔ΂͖৘ใʹରͯ͠ɺൃੜ͠͏ΔαΠόʔηΩϡϦςΟϦεΫʢྫ

    ͑͹ɺܦӦઓ্ུॏཁͳӦۀൿີͷྲྀग़ʹΑΔଛ֐ʣΛ೺Ѳ͢Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

22. ཁ͸ ϙΠϯτΛߜͬͯରࡦ͠Α͏ ͱݴ͏࿩

23. ϦεΫͷ೺ѲͬͯݴΘΕͯ΋ Ͳ͏΍ͬͨΒ͍͍ͷʁ

24. Responsibility • ϦεΫΞηεϝϯτख๏ͷ୅දྫ • ϕʔεϥΠϯΞϓϩʔν • ৄࡉϦεΫ෼ੳ ੍ޚγεςϜͷηΩϡϦςΟϦεΫ෼ੳΨΠυ ୈ2൛ ʙηΩϡϦςΟରࡦʹ͓͚ΔϦεΫΞηεϝϯτͷ࣮ࢪͱ׆༻ʙ

    https://www.ipa.go.jp/security/controlsystem/riskanalysis.html • ૊Έ߹Θͤํࣜ • ඇܗࣜΞϓϩʔν

25. Responsibility • ϦεΫΞηεϝϯτख๏ͷ୅දྫ • ϕʔεϥΠϯΞϓϩʔν • ৄࡉϦεΫ෼ੳ ੍ޚγεςϜͷηΩϡϦςΟϦεΫ෼ੳΨΠυ ୈ2൛ ʙηΩϡϦςΟରࡦʹ͓͚ΔϦεΫΞηεϝϯτͷ࣮ࢪͱ׆༻ʙ

    https://www.ipa.go.jp/security/controlsystem/riskanalysis.html • ૊Έ߹Θͤํࣜ • ඇܗࣜΞϓϩʔν

26. Responsibility • ϦεΫΞηεϝϯτख๏ͷ୅දྫ • ϕʔεϥΠϯΞϓϩʔν • ৄࡉϦεΫ෼ੳ ੍ޚγεςϜͷηΩϡϦςΟϦεΫ෼ੳΨΠυ ୈ2൛ ʙηΩϡϦςΟରࡦʹ͓͚ΔϦεΫΞηεϝϯτͷ࣮ࢪͱ׆༻ʙ

    https://www.ipa.go.jp/security/controlsystem/riskanalysis.html • ૊Έ߹Θͤํࣜ • ඇܗࣜΞϓϩʔν

27. Responsibility • ϦεΫΞηεϝϯτख๏ͷ୅දྫ • ϕʔεϥΠϯΞϓϩʔν • ৄࡉϦεΫ෼ੳ ੍ޚγεςϜͷηΩϡϦςΟϦεΫ෼ੳΨΠυ ୈ2൛ ʙηΩϡϦςΟରࡦʹ͓͚ΔϦεΫΞηεϝϯτͷ࣮ࢪͱ׆༻ʙ

    https://www.ipa.go.jp/security/controlsystem/riskanalysis.html • ૊Έ߹Θͤํࣜ • ඇܗࣜΞϓϩʔν

28. Responsibility • ϦεΫΞηεϝϯτख๏ͷ୅දྫ • ϕʔεϥΠϯΞϓϩʔν • ৄࡉϦεΫ෼ੳ ੍ޚγεςϜͷηΩϡϦςΟϦεΫ෼ੳΨΠυ ୈ2൛ ʙηΩϡϦςΟରࡦʹ͓͚ΔϦεΫΞηεϝϯτͷ࣮ࢪͱ׆༻ʙ

    https://www.ipa.go.jp/security/controlsystem/riskanalysis.html • ૊Έ߹Θͤํࣜ • ඇܗࣜΞϓϩʔν

29. ͭ·Γ ೺Ѳͨ͠ϦεΫͷରԠࡦͷҰ෦͕ ϩάऔಘɾ෼ੳͱ͍͏खஈͰ͋Γɺ ໌֬ͳ໨తʹج͍ͮͯऩू͢Δ ͱ͍͏͜ͱ

30. ͱ͸ݴ͑ɺ ͦΜͳ͜ͱ΍ͬͯͨΒ ؒʹ߹Θͳ͍ͬ͢Α

31. Կʹؒʹ߹Θͳ͍ͷʁ

32. A common story • Ϗδωεͷཁٻ΍ࣄ৘ʹΑͬͯɺ͜ΕΒͷਅͬ౰ͳΞϓϩʔν͕ؒʹ ߹Θͳ͍͜ͱ͸͋Δ • ࣾ௕͕͍ͭ·Ͱʹxxͱ͍͏ೝূΛऔΔͱܾΊͯ͠·ͬͨ • ϏδωεͷεςʔΫϗϧμʔ͕ɺ͜Ε͔Β݁Ϳܖ໿ͷͨΊʹɺ

    
 ೝূͷऔಘΛཁٻ͍ͯ͠Δ • ۩ମతʹࠔ͍ͬͯΔ͜ͱ͕͋Γɺۀ຿ʹࢧো͕ग़͍ͯΔ

33. ޻෉ͷ༨஍͸͋Δ

34. We can be creative • ϦεΫ෼ੳ • ඇܗࣜΞϓϩʔνɺείʔϓΛߜͬͨৄࡉϦεΫ෼ੳ • ϦεΫʹجͮ͘ରࡦʢͷҰ෦ʣͱͯ͠ɺඞཁͳϩάͷબ୒

    • ʮͲ͜ʹ͋ΔɺͲΜͳܗࣜͷϩάΛɺͲ͏Ͱ͖ͨΒউͪʯͷ 
 ετʔϦʔΛ࡞Δ • ର৅ϩάͷ୯Ґ࣌ؒͷൃੜྔͷ֬ೝͱอଘظؒͷܾఆ

35. We can be creative • ΋͠΋SIEMΛ࢖͏ͳΒ • औಘର৅ϩάͷιʔεͱͷܨ͗ࠐΈͷ೉қ౓ • Ͱ͖Ε͹ɺεϞʔϧελʔτՄೳͳ੡඼

    • ݪຊอ؅ʹ΋ཹҙ

36. طʹΊͪΌͪ͘Ό ϩάΛूΊͪΌͬͯΔΜ͚ͩͲ ʢ͋Γ͗ͯ͢Α͘Θ͔ΒΜʣ

37. Let's get to work • ϦεΫ෼ੳ • ૊Έ߹ΘͤΞϓϩʔνʹඇܗࣜΞϓϩʔνΛ௥Ճ • ϦεΫʹجͮ͘ରࡦʢͷҰ෦ʣͱͯ͠ɺඞཁͳϩάͷબผ

    • ʮͲ͜ʹ͋ΔɺͲΜͳܗࣜͷϩάΛɺͲ͏Ͱ͖ͨΒউͪʯͷ 
 ετʔϦʔΛ࡞ͬͯɺͲΕ͚ͩͰ͖͍ͯΔ͔ͷ֬ೝ • औಘ͍ͯ͠Δϩάͷաෆ଍Λௐ੔͢Δ

38. ϩάʹ͸ͲΜͳ৘ใ͕ ؚ·ΕΔඞཁ͕͋Δͷʁ

39. Reference Information • ISO 27002 - 12.4.1 Πϕϯτϩάऔಘ 
 ʲ࣮ࢪͷखҾʳؔ࿈͕͋Δ৔߹͸ɼ࣍ͷࣄ߲ΛΠϕϯτϩάʹؚΊΔ͜ͱ͕๬·͍͠ɻ

    
 ɹa) ར༻ऀID 
 ɹb) γεςϜͷಈ࡞ 
 ɹc) ओཁͳΠϕϯτͷ೔࣌ٴͼ಺༰ʢྫ͑͹ɼϩάΦϯɼϩάΦϑʣ 
 ɹd) ૷ஔͷIDຢ͸ॴࡏ஍ʢՄೳͳ৔߹ʣɼٴͼγεςϜͷࣝผࢠ 
 ɹe) γεςϜ΁ͷΞΫηεͷɼ੒ޭٴͼࣦഊͨ͠ࢼΈͷه࿥ 
 ɹf) σʔλٴͼଞͷࢿݯ΁ͷΞΫηεͷɼ੒ޭٴͼࣦഊͨ͠ࢼΈͷه࿥ 
 ɹg) γεςϜߏ੒ͷมߋ

40. Reference Information • ISO 27002 - 12.4.1 Πϕϯτϩάऔಘ 
 ʲ࣮ࢪͷखҾʳؔ࿈͕͋Δ৔߹͸ɼ࣍ͷࣄ߲ΛΠϕϯτϩάʹؚΊΔ͜ͱ͕๬·͍͠ɻ

    
 ɹh) ಛݖͷར༻ 
 ɹi) γεςϜϢʔςΟϦςΟٴͼΞϓϦέʔγϣϯͷར༻ 
 ɹj) ΞΫηε͞ΕͨϑΝΠϧٴͼΞΫηεͷछྨ 
 ɹk) ωοτϫʔΫΞυϨεٴͼϓϩτίϧ 
 ɹl) ΞΫηε੍ޚγεςϜ͕ൃͨ͠ܯใ 
 ɹm) อޢγεςϜʢྫ͑͹ɼ΢ΟϧεରࡦγεςϜɼ৵ೖݕ஌γεςϜʣͷ࡞ಈٴͼఀࢭ 
 ɹn) ΞϓϦέʔγϣϯʹ͓͍ͯར༻ऀ͕࣮ߦͨ͠τϥϯβΫγϣϯͷه࿥

41. Today's topic • ͲͷϩάΛूΊͨΒྑ͍͔෼͔Βͳ͍໰୊ • อଘظؒͲ͏͠Α͏໰୊ • ୺຤ૢ࡞ϩά͕ඞཁͩ໰୊

42. ϩάΛͲΕ͘Β͍ͷظؒ อଘ͢Ε͹͍͍ͷʁ

43. ΢ν͸ӬٱอଘͳΜͰ͢Θ

44. ͲͷΈͪ อଘظؒʹ͍ͭͯ ࠜڌͷઆ໌͕ඞཁ

45. Responsibility • ͓͓Αͦ3ϲ݄~1೥ • ΞϯέʔτͰ͸1~3೥ اۀʹ͓͚Δ৘ใγεςϜͷϩά؅ཧʹؔ͢ Δ࣮ଶௐࠪ - ௐࠪใࠂॻ -

    https://www.ipa.go.jp/ fi les/000052999.pdf

46. Other considerations • ϩάͷอଘʹ͸ਓతɾۚમతίετ͕͍ͭͯճΔ • શͯͷϩάΛ3೥ΑΓ௕ظอ؅͢Δʹ͸ࠜڌ͕ݫ͍͠ • ࣗ෼͕ͨͪऔΓѻ͏σʔλ΍܎ΘΔεςʔΫϗϧμʔɺϏδωε ؀ڥʹԠͯ͡อଘظؒΛνϣΠε͢Δͷ͕߹ཧత •

    e-σΟεΧόϦʔʹجͮ͘ిࢠతͳূڌอશʹ͍ͭͯҙࣝ͢Δඞ ཁ͕͋ΔʢλΠϜελϯϓ΍ݪຊੑͷอূɺจॻԽ͞Εͨ࡟আʣ

47. Other considerations • อଘظؒΛ௕͘͢Δ৔߹ɺSIEMͷଞʹอଘ৔ॴͷ༻ҙ͕ඞཁ • Ϋϥ΢υܕSIEMͷอଘظؒ͸90೔ʙ2೥ఔ౓͕ଟ͍ • ஷΊͨϩάΛΞοϓϩʔυऔΓࠐΈ͢Δػೳ͕ඞཁͩͬͨΓɺ 
 ผͷख๏Ͱ෼ੳͰ͖Δඞཁ͕͋Δ

    • ஞ࣍ྲྀೖํࣜͷSIEMʹอଘͨ͠ϩάΛϩʔυ͢Δͷ͸όουϊ΢ϋ΢

48. Today's topic • ͲͷϩάΛूΊͨΒྑ͍͔෼͔Βͳ͍໰୊ • อଘظؒͲ͏͠Α͏໰୊ • PCૢ࡞ϩά͕ඞཁͩ໰୊

49. PCૢ࡞ϩάΛऔΓ͍ͨΜͰ͢Α

50. ԿͷͨΊʹʁ

51. ಺෦ෆਖ਼΍৘ใͷ࣋ͪग़͠ɺ 
 αʔϏε࢒ۀΛݟ͚͍ͭͨΜͰ͢

52. ؾ࣋ͪ͸෼͔Δ

53. Common terminal operation logs • PCͷϩάΠϯɺϩάΞ΢τɺϩοΫ(ղআ)࣌ࠁͷه࿥ • ΞΫηεͨ͠αΠτͷURL΍ϒϥ΢βλϒද໊ࣔͷه࿥ • Open,

    Delete, Edit, Copy, Move, Rename, Print౳Λߦͬͨ 
 ϑΝΠϧ໊ͱอଘઌͷه࿥ • ىಈͨ͠ΞϓϦέʔγϣϯ໊ͷه࿥

54. ͜ΕΒͷϩά͕औΕͨΒ ղܾ͢Δͷʁ

55. Is it really a solution? • PCͷϩάΠϯɺϩάΞ΢τɺϩοΫ(ղআ)࣌ࠁͷه࿥ • ࢓ࣄΛ͍ͯ͠Δ͔൱͔ͷڥ໨͕ᐆດ •

    WebΛݟ͍ͯΔ͚͔ͩ΋͠Εͳ͍͠ɺফ͠๨Ε͔΋͠Εͳ͍ • ૢ࡞಺༰͔Βػցతʹۀ຿ɾۀ຿֎Λ൑ผ͢Δ͜ͱ͸ࠔ೉ • ਓͷ౎߹ɾෆ౎߹Λ዁౓ͯ͘͠ΕΔγεςϜͳΜ͔ͳ͍

56. αʔϏε࢒ۀରࡦͷ໨తͳΒ 
 ຊ࣭తʹ͸࢒ۀ୅ࢧ෷੍͍౓ͷ ڭҭͷపఈͱಁ໌ੑ͕ےͳͷͰ͸

57. Is it really a solution? • Open, Delete, Edit, Copy,

    Move, Rename, Print౳Λߦͬͨ 
 ϑΝΠϧ໊ͱอଘઌͷه࿥ • ۀ຿ʹ͓͚ΔUSBϝϞϦͷར༻͸શһʹඞཁʁ 
 →ɹΫϥ΢υετϨʔδͷར༻ͰUSBϝϞϦར༻ΛہॴԽͰ͖ΔͷͰ͸ • औಘͨ͠ͱ͜ΖͰɺ৘ใ࣋ͪग़͠ʹରԠͰ͖Δύλʔϯ͸ݶఆత 
 →ɹ৘ใ࣋ͪग़͠͸PC্Ͱ͚ͩߦΘΕΔͷʁ

58. Inconvenient facts • SaaS࿈ܞ(OAuthΞϓϦ) • ೝূΛ௨ͤ͹ɺϢʔβʔϨϕϧͷೝՄൣғͰσʔλ࣋ͪग़͠Մೳ 
 →ɹࣾ༗Ϋϥ΢υετϨʔδͱࢲ෺Ϋϥ΢υετϨʔδͷσʔλ࿈ܞ 
 →ɹνϟοτʹBotΛઃఆͯ͠ɺผͷSaaSʹձ࿩ͱϑΝΠϧΛԣྲྀ͠

    • PCϩʔΧϧͷΫϥ΢υετϨʔδ౷߹ • ར༻͸ೝΊΒΕ͍ͯΔ͕ɺ઀ଓઌΛࢲ෺Ϋϥ΢υετϨʔδʹ੾Γସ͑Մೳ

59. ࢥߟఀࢭͯ͠·ͤΜ͔ʁ

60. Responsibilityʢ࠶ܝʣ • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ̐ʳ 
 αΠόʔηΩϡϦςΟϦεΫͷ೺ѲͱϦεΫରԠʹؔ͢Δܭըͷࡦఆ • اۀͷܦӦઓུʹج͖ͮɺ֤اۀͷঢ়گʹԠͨ͡ద੾ͳϦεΫରԠ Λ࣮ࢪ͠ͳ͚Ε͹ɺա౓ͳରࡦʹΑΓ௨ৗͷۀ຿਱ߦʹࢧোΛ͖ͨ

    ͢ͳͲͷෆ౎߹͕ੜ͡ΔڪΕ͕͋Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

61. Responsibilityʢ࠶ܝʣ • ܦࡁ࢈ۀলʮαΠόʔηΩϡϦςΟܦӦΨΠυϥΠϯʯΑΓ • ʲࢦࣔ̐ʳରࡦྫ • ૊৫ʹ͓͚Δ৘ใͷ͏ͪɺܦӦઓུͷ؍఺͔ΒकΔ΂͖৘ใΛಛఆ ͠ɺͦΕΒ͕Ͳ͜ʹอଘ͞Ε͍ͯΔ͔Λ೺Ѳ͢Δɻ • कΔ΂͖৘ใʹରͯ͠ɺൃੜ͠͏ΔαΠόʔηΩϡϦςΟϦεΫʢྫ

    ͑͹ɺܦӦઓ্ུॏཁͳӦۀൿີͷྲྀग़ʹΑΔଛ֐ʣΛ೺Ѳ͢Δɻ https://www.meti.go.jp/policy/netsecurity/download fi les/guide2.0.pdf

62. ॏཁσʔλͷॴࡏΛ೺Ѳ͠ ϦεΫʹԠͨ͡ରࡦΛ͢Δ ͱ͍͏ࢦࣔͰ͋ͬͯ PCૢ࡞ϩάΛऔΕͱ͸ݴΘΕ͍ͯͳ͍

63. ཈͑Δ΂͖͸ σʔλͷྲྀ௨Ͱ͋ͬͯ PCૢ࡞͸ͦͷҰ෦ʹա͗ͳ͍

64. Distribution of data

65. Attention • PCૢ࡞ϩάͷऔಘΛ׬શ൱ఆ͢Δ࿩Ͱ͸͋Γ·ͤΜ • ໨తʹରͯ͠ɺखஈ͕ਖ਼͍͠Ͱ͔͢ʁ 
 ଞʹ΍Γํ͕͋ΔΜ͡Όͳ͍Ͱ͔͢ʁ 
 είʔϓ͸ਖ਼͍͠Ͱ͔͢ʁͱ͍͏࿩ •

    Ұ෦ͷಛݖૢ࡞΍ػີ౓ͷߴ͍ॏཁ৘ใΛૢ࡞͢ΔPCͰ͸ɺ 
 ݫ੍͍͠ݶઃఆΛࢪ্ͨ͠Ͱɺ୺຤ૢ࡞ϩά΍୺຤ૢ࡞Λ࿥ըΛऔಘ͢Δ͜ ͱ͸ඞཁ

66. conclusion • ॏཁ৘ใͷॴࡏ΍ϦεΫ෼ੳ݁ՌͳͲͷࠜڌʹج͍ͮͯɺ 
 ετʔϦʔΛ࡞Γɺؔ܎͢ΔϩάΛબผɾऔಘ͢Δ • Ϗδωεͷಛੑ΍ѻ͏৘ใɺ४ڌ͢΂͖ن੍ʹج͍ͮͯɺ 
 ߹ཧతͳอଘظؒΛઃఆ͠ɺͦͷͱ͓Γʹӡ༻͢Δʢಁ໌ੑʣ •

    ཈͑Δ΂͖͸PCͰ͸ͳ͘ɺσʔλͷྲྀ௨

67. Thank you !