1. ã»ãã¥ãªãã£ãšã³ãžãã¢ãšã¯äœãïŒ
1.1 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®å®çŸ©
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãçµç¹ã®æ å ±ã·ã¹ãã ãããŒã¿ãå®ã圹å²ãæ ãITãããã§ãã·ã§ãã«ã§ãã圌ãã®äž»èŠãªæ¥åã¯ãã³ã³ãã¥ãŒã¿ã·ã¹ãã ããããã¯ãŒã¯ããŠã§ããµãŒãã¹ã®ã»ãã¥ãªãã£ã確ä¿ããããšã§ãããã®åœ¹å²ã¯ãæå 端ã®æ»ææè¡ã«è¿œãã€ããäŒæ¥ã®è²Žéãªæ å ±ãå®ãããã«çµ¶ããæ°ããªç¥èãåŠã³ç¶ããå¿ èŠããããŸãã
圌ãã®æ¥åã¯ãé²åŸ¡çã®èšèšãšå®è£ ãè匱æ§ã®è©äŸ¡ãšç®¡çãããã«ã¯ã»ãã¥ãªãã£ã€ã³ã·ãã³ããçºçããéã®å¯Ÿå¿ãªã©ãå¹ åºãåºãããŸãã
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãäŒæ¥ã®ããžã¿ã«è³ç£ãç¶æããçµç¹ãæ³ä»€éµå®ãã€ã³ã·ãã³ã察å¿ãè匱æ§ç®¡ççã®èª²é¡ã«å¯Ÿå¿ã§ãããããµããŒãããéåžžã«éèŠãªåœ¹å²ãæãããŸãã
1.2 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®æ¥åžžæ¥å
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®æ¥åžžçãªæ¥åã«ã¯ãã»ãã¥ãªãã£ããªã·ãŒã®çå®ãšã¬ãã¥ãŒãã·ã¹ãã ã®è匱æ§è©äŸ¡ãã»ãã¥ãªãã£ã¢ã©ãŒãã®ç£èŠãšå¯Ÿå¿çãå«ãŸããŸãããããã¯äŒæ¥ã®ããŒã¿ãä¿è·ããæ©å¯æ å ±ãæŒæŽ©ããããšãé²ãããã«äžå¯æ¬ ãªæ¥åã§ãã
ãŸããããŸããŸãªã»ãã¥ãªãã£ããŒã«ã®éçšã»ç®¡çãã¹ã¿ãããžã®ã»ãã¥ãªãã£æè²ãç£æ»å¯Ÿå¿ãªã©ã圌ãã®éèŠãªã¿ã¹ã¯ãšãªããŸãããããã®æ¥åãéããŠãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯çµç¹ããµã€ããŒæ»æããå®ãé²å£ãšãªã£ãŠããŸãã
æŽã«ãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯æ»æè ã®èŠç¹ã§ã·ã¹ãã ãè©äŸ¡ããæœåšçãªãªã¹ã¯ãç¹å®ãè©äŸ¡ã軜æžãã圹å²ãæãããŸãããã㯠“ãããã¬ãŒã·ã§ã³ãã¹ãã£ã³ã°” ã “èµ€ããŒã æŒç¿” ãšãåŒã°ããçµç¹ã®ã»ãã¥ãªãã£å¯Ÿçã®å¹æã確èªããéèŠãªæŽ»åã§ãã
1.3 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®ãã£ãªã¢ãã¹
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®ãã£ãªã¢ãã¹ã¯å€å²ã«æž¡ããŸããäžéšã®ãšã³ãžãã¢ã¯ãçµç¹ã®ã·ã¹ãã ãšããŒã¿ãä¿è·ããããã®å ·äœçãªæè¡çææ³ã«éäžããŸãããããã®å°é家ã¯ããããã¯ãŒã¯ã»ãã¥ãªãã£ãšã³ãžãã¢ããœãããŠã§ã¢ã»ãã¥ãªãã£ãšã³ãžãã¢ããŸãã¯ã¯ã©ãŠãã»ãã¥ãªãã£ãšã³ãžãã¢ãªã©ãšç§°ãããããšããããŸãã
äžæ¹ã§ãã»ãã¥ãªãã£ãšã³ãžãã¢ã®äžã«ã¯ãçµç¹å šäœã®ã»ãã¥ãªãã£æŠç¥ãçå®ããããžãã¹ç®æšãšã»ãã¥ãªãã£ã調åããã圹å²ãæãããšã³ãžãã¢ãããŸãã圌ãã¯ãCISOïŒChief Information Security OfficerïŒãã»ãã¥ãªãã£ãããŒãžã£ãŒãšãã£ã圹è·ã§æŽ»åããŠããããšãå€ãã§ãã
ãŸããäžéšã®å°é家ã¯ç¬ç«ããŠãããªãŒã©ã³ã¹ã®ã»ãã¥ãªãã£ã³ã³ãµã«ã¿ã³ãããšã³ãžãã¢ãšããŠæŽ»åããéããããŸãããããã®ãšã³ãžãã¢ã¯ãããŸããŸãªã¯ã©ã€ã¢ã³ãã®ãããžã§ã¯ãã«åå ãããã®ã»ãã¥ãªãã£ã®å°éæ§ã暪æçã«æŽ»çšããŠããŸãã
1.4 ã»ãã¥ãªãã£ãšã³ãžãã¢ãšä»ã®ITãšã³ãžãã¢ãšã®éã
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ããã®ç¹æ§äžãä»ã®ITãšã³ãžãã¢ãšã¯äžéšéè€ããã¹ãã«ã»ãããæã£ãŠããäžæ¹ã§ãç¹æã®åœ¹å²ãšè²¬ä»»ãæã£ãŠããŸãããã®äžã§æãéèŠãªã®ã¯ãçµç¹ã®æ å ±ã»ãã¥ãªãã£ã確ä¿ãã圹å²ã§ãã
ä»ã®ITãšã³ãžãã¢ãäž»ã«ã·ã¹ãã ã®æ©èœæ§ãããã©ãŒãã³ã¹ã䜿ããããã«çŠç¹ãåœãŠãŠããã®ã«å¯ŸããŠãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ã·ã¹ãã ã®ã»ãã¥ãªãã£ãæåªå ãããŸããããã¯ãããŒã¿ã®ä¿è·ãšçµç¹ã®ãªã¹ã¯ã®ç®¡çã圌ãã®äž»ãªé¢å¿äºã§ããããã§ãã
ããã«ãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ææ°ã®è åšæ å ±ãè¿œããããæ»æè ã®æŠè¡ãšææ³ãç解ããããã«å¯Ÿæããæ°ãã察çãèãåºãèœåãæ±ããããŸããããã«å¯ŸããŠäžè¬çãªITãšã³ãžãã¢ã¯ããããŸã§æè¡ã®é²åãšãšãã«è·æ¥ã¹ãã«ãæŽæ°ããããšãæ±ããããŸãã
2. ã»ãã¥ãªãã£ãšã³ãžãã¢ã®æ¥åå 容
ã»ãã¥ãªãã£ãšã³ãžãã¢ãšã¯ãã³ã³ãã¥ãŒã¿ã·ã¹ãã ããããã¯ãŒã¯ã®ã»ãã¥ãªãã£ã確ä¿ããæ§ã ãªã»ãã¥ãªãã£ãªã¹ã¯ããçµç¹ãå®ãããã®å°é家ã§ãããã®æ¥åå 容ã¯å¹ åºããã·ã¹ãã ããããã¯ãŒã¯ã®ã»ãã¥ãªãã£ç¢ºä¿ãã»ãã¥ãªãã£èšºæãšæ¹åææ¡ããããŠç·æ¥æã®å¯Ÿå¿ãªã©ãå€å²ã«ããããŸãã
2.1 ã·ã¹ãã ã»ãã¥ãªãã£ã®ç¢ºä¿
ã·ã¹ãã ã»ãã¥ãªãã£ã®ç¢ºä¿ã¯ãã»ãã¥ãªãã£ãšã³ãžãã¢ãæ åœããéèŠãªæ¥åã®äžã€ã§ããã³ã³ãã¥ãŒã¿ã·ã¹ãã ã䟵害è¡çºãäžæ£ã¢ã¯ã»ã¹ããå®ãããŠãããã©ãã確èªããå¿ èŠã«å¿ããŠã»ãã¥ãªãã£èšå®ãæŽæ°ãã圹å²ãæãããŸãã
ãŸããæ°ããªã·ã¹ãã ãå°å ¥ãããéã«ã¯ããã®èšèšæ®µéããé¢äžããã»ãã¥ãªãã£èŠä»¶ãæºããèšèšãšãªãããã«æå°ããŸãã
ããã«ãæ¢åã·ã¹ãã ã®ã»ãã¥ãªãã£ç¶æ³ãå®æçã«ç£æ»ããåé¡ç¹ãçºèŠããå Žåã«ã¯æ¹åçãæã¡åºããŸãã
2.2 ãããã¯ãŒã¯ã»ãã¥ãªãã£ã®ç¢ºä¿
次ã«ããããã¯ãŒã¯ã»ãã¥ãªãã£ã®ç¢ºä¿ã¯ãæ å ±ãå®å šã«éåä¿¡ããããã«äžå¯æ¬ ã§ãããã£ãã·ã³ã°æ»æããããã³ã°ãªã©ãæ§ã ãªè åšãããããã¯ãŒã¯ãä¿è·ããããã®å¯Ÿçãè¬ããŸãã
å ·äœçã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®ã調æŽãäžæ£ã¢ã¯ã»ã¹ã®æ€ç¥ãšå¯ŸçããŠã€ã«ã¹å¯Ÿçãœããã®å°å ¥ãšæŽæ°ãªã©ããããŸãã
ãŸãããããã¯ãŒã¯ãå®å šã«å©çšããããã®ã¬ã€ãã©ã€ã³äœæãæè²ãéèŠãªæ¥åãšãªããŸãã
2.3 ã»ãã¥ãªãã£èšºæãšæ¹åææ¡
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãå®æçã«ã·ã¹ãã ããããã¯ãŒã¯ã®ã»ãã¥ãªãã£èšºæãè¡ãããã®çµæã«åºã¥ããŠæ¹åææ¡ãè¡ããŸãã
蚺æã«ã¯ãè匱æ§èšºæãäŸµå ¥ãã¹ãããããæ°ããªã»ãã¥ãªãã£ãªã¹ã¯ã®çºèŠãšå¯Ÿçã®ææ¡ãäž»ãªã¿ã¹ã¯ãšãªããŸãã
ããã«ãçŸè¡ã®ã»ãã¥ãªãã£ããªã·ãŒããããã³ã«ã®èŠçŽããå«ãŸããŸãããã®äžéšãšããŠãææ°ã®ã»ãã¥ãªãã£æè¡ã®ç¿åŸãšé©çšã«ãç¹ãããŸãã
2.4 ç·æ¥æã®å¯Ÿå¿
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãäºæãã¬ã»ãã¥ãªãã£ã€ã³ã·ãã³ããçºçããéã®ç·æ¥å¯Ÿå¿ãæ åœããŸãã
å ·äœçã«ã¯ãã€ã³ã·ãã³ãçºçæã®åå 調æ»ã圱é¿ç¯å²ã®ç¹å®ã察çã®ç«æ¡ãšå®æœãåçºé²æ¢çã®çå®ãªã©ãäž»ãªæ¥åãšãªããŸãã
ãã®ãããªç·æ¥å¯Ÿå¿ã¯ãçµç¹å šäœã«å¯Ÿããæ·±å»ãªåœ±é¿ãæå°éã«æããããã«å¿ èŠãªãã»ãã¥ãªãã£ãšã³ãžãã¢ã®éèŠãªåœ¹å²ã®äžã€ã§ãã
3. ã»ãã¥ãªãã£ãšã³ãžãã¢ã«å¿ èŠãªã¹ãã«
ã»ãã¥ãªãã£ãšã³ãžãã¢ãæã€ã¹ãã¹ãã«ã¯éåžžã«å¹ åºãã§ãããã®è·åã®å€é¢æ§ãæ±ããããããã§ããããã§ã¯äž»èŠãª4ã€ã®ã¹ãã«ã»ãããèŠãŠãããŸãããã
3.1 ããã°ã©ãã³ã°èœå
æãåºæ¬çãªã¹ãã«ãšããŠãããã°ã©ãã³ã°èœåãå¿ èŠãšãªããŸããã»ãã¥ãªãã£ãšã³ãžãã¢ã¯æ§ã ãªããã°ã©ãã³ã°èšèªãæãããšã§ããœãããŠã§ã¢ã®ã»ãã¥ãªãã£è åšãç¹å®ãåæã解決ããèœåã身ã«ã€ããŸãã
ç¹ã«PythonãJavaãC++ãªã©ã¯ã»ãã¥ãªãã£ç°å¢ã§é »ç¹ã«ééããéèŠãªèšèªã§ãããããã®èšèªã䜿ããšãã»ãã¥ãªãã£ã·ã¹ãã ã®äœæã管çããããã°ã«åœ¹ç«ã¡ãŸãã
ã ãããšèšã£ãŠããã«ãã¹ãŠã®èšèªãç¿åŸããå¿ èŠã¯ãããŸããããŸãã¯äžã€éžã³ãããããã¹ãã«ãåºããŠãããšããã§ãããã
3.2 ãããã¯ãŒã¯ç¥è
ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãããã¯ãŒã¯ã®ä»çµã¿ãç解ãããããä¿è·ãã圹å²ãæãããŸãããã®ãããIPã¢ãã¬ã¹ãTCP/IPãHTTPãSSLãªã©ã®ãããã¯ãŒã¯ãããã³ã«ã«ç²ŸéããŠããããšãå¿ é ãšãªããŸãã
ããã«å ããŠããããã¯ãŒã¯ããã€ã¹ïŒã«ãŒã¿ãŒãã¹ã€ãããªã©ïŒã®ç®¡çãããã©ãã£ãã¯åæãªã©ã®ãããã¯ãŒã¯ç®¡çã¹ãã«ãå¿ èŠãšãªããŸãã
ãããã®ç¥èã¯ãæœåšçãªã»ãã¥ãªãã£ãªã¹ã¯ãæ©æã«çºèŠãããããé©åã«å¯ŸåŠããããã«äžå¯æ¬ ã§ãã
3.3 ã»ãã¥ãªãã£ç¥è
å°éçãªã»ãã¥ãªãã£ç¥èããã»ãã¥ãªãã£ãšã³ãžãã¢ã®åºæ¬ã¹ãã«ã»ããã«å«ãŸããŸããããã«ã¯ãæå·åæè¡ãèªèšŒãããã³ã«ãäŸµå ¥æ€ç¥ã·ã¹ãã ïŒIDSïŒãªã©ããããŸãã
æŽã«ãã»ãã¥ãªãã£ããªã·ãŒã®èšèšãè匱æ§ã®è©äŸ¡ããªã¹ã¯è©äŸ¡ãªã©ã®ã»ãã¥ãªãã£ç®¡çæ¥åã身ã«ã€ããã¹ãé åã§ãã
ããã«ãææ°ã®ã»ãã¥ãªãã£ãã¬ã³ããšè åšã远跡ãããããã®æ å ±ã掻çšããŠäºåã®ã»ãã¥ãªãã£å¯Ÿçãèšç»ããããšãéèŠãªåœ¹å²ãæãããŸãã
3.4 ã³ãã¥ãã±ãŒã·ã§ã³èœå
æå€ã«æãããããããŸããããã³ãã¥ãã±ãŒã·ã§ã³èœåã¯ã»ãã¥ãªãã£ãšã³ãžãã¢ã«å¿ èŠäžå¯æ¬ ãªã¹ãã«ã§ãããªããªãã圌ãã¯çµç¹å ã®ããŸããŸãªã¹ããŒã¯ãã«ããŒãšé£æºããã»ãã¥ãªãã£ãªã¹ã¯ã«å¯Ÿããèªèãåºãã察çãå®è¡ããå¿ èŠãããããã§ãã
ç¹ã«ãæè¡çãªå 容ãéæè¡è ã«ãç解ã§ããããã«äŒããèœåã¯éåžžã«éèŠã§ããããã«ãããå šå¡ãã»ãã¥ãªãã£æèãåäžãããçµç¹å šäœã®ã»ãã¥ãªãã£ã確ä¿ããããšãã§ããŸãã
ãã®ä»ãããŒã ã¯ãŒã¯ããããžã§ã¯ã管çã¹ãã«ããæåããã»ãã¥ãªãã£ãšã³ãžãã¢ã«ãšã£ãŠéèŠãªèŠçŽ ã§ãã
4. ã»ãã¥ãªãã£ãšã³ãžãã¢ã®è³æ Œ
ã»ãã¥ãªãã£ãšã³ãžãã¢ãšããŠæ±ããããã¹ãã«ãæã€ãšèšŒæããããã«ã¯ãè³æ ŒãéèŠãªåœ¹å²ãæãããŸãã以äžã§ã¯ãã»ãã¥ãªãã£ãšã³ãžãã¢ã«æçšãšãããäž»èŠãªè³æ Œã«ã€ããŠè©³ãã解説ããŸãã
ãããã®è³æ ŒãååŸããããšã§ããšã³ãžãã¢ã®å°éç¥èãšæè¡èœåãèªããããéçšæ©äŒãåºããå¯èœæ§ãåºãŠããŸããããã«ãããããã®ã»ãã¥ãªãã£æ¥çã«ãããŠå¿ èŠãšãªãã¹ãã«ãå åãã§ããŸãã
ããããã®è³æ Œã«ã¯ç°ãªãç¥èãšã¹ãã«ãå¿ èŠã«ãªãã®ã§ãèªèº«ã®ãã£ãªã¢ç®æšã«åãããŠãæé©ãªãã®ãéžã¶ããšãéèŠã§ãã
4.1 CISSP (Certified Information Systems Security Professional)
CISSPã¯ãæ å ±ä¿è·ã«é¢ããåºç¯ãªç¥èãæã€ãããã§ãã·ã§ãã«ãèªå®ããé«åºŠãªè©Šéšã§ããè³æ Œè©Šéšã¯æ å ±ä¿è·ã®ããã»ã¹å šäœãã«ããŒããŠããŸãã
CISSPè³æ Œãæã€ãšã³ãžãã¢ã¯ãã»ãã¥ãªãã£ããªã·ãŒã®èšèšãæ å ±ã·ã¹ãã ã®ãã¬ãŒã ã¯ãŒã¯ã®äœæããªã¹ã¯ç®¡çãªã©ã®åºç¯å²ãªã¹ãã«ãæã€ããšã蚌æããŠããŸãã
ãã®è³æ ŒãååŸããããšã§ãã»ãã¥ãªãã£æ¥çã§ã®ä¿¡é Œæ§ãšå°éæ§ãé«ããããšãã§ããŸãã
4.2 CEH (Certified Ethical Hacker)
CEHã¯ããããã³ã°ã®æè¡ãšæèæ¹æ³ãç解ãããããå©çšããŠã·ã¹ãã ã®ã»ãã¥ãªãã£ãé«ããããšãç®æããšã³ãžãã¢åãã®è³æ Œã§ãã
CEHã®è³æ Œãææãããšã³ãžãã¢ã¯ãã»ãã¥ãªãã£äŸµç¯ã®è åšãç解ããããã«å¯Ÿããé©åãªå¯Ÿçãç«ãŠãèœåã蚌æããŠããŸãã
ãã®è³æ Œã§ã¯ãããã«ãŒã®èŠç¹ããè匱æ§ãèŠã€ãããããä¿®æ£ããæ¹æ³ãåŠã¹ããããã»ãã¥ãªãã£ãšã³ãžãã¢ãšããŠã®ã¹ãã«ãé«ããäžã§åå䟡å€ããããŸãã
4.3 CompTIA Security+
CompTIA Security+ã¯ãITã»ãã¥ãªãã£ã®åºç€çãªç¥èãã¹ãã«ã蚌æããè³æ Œã§ããITã»ãã¥ãªãã£ã®çŸå Žã§çŽé¢ããåé¡ã解決ããèœåã蚌æããããšãã§ããŸãã
ãã®è©Šéšã®äž»ãªãããã¯ã¯ãããã¯ãŒã¯ã»ãã¥ãªãã£ãæå·åã®ç解ãã¢ã¯ã»ã¹ç®¡çã身å 確èªããªã¹ã¯è©äŸ¡ãªã©ã§ãã
CompTIA Security+ã¯ãã»ãã¥ãªãã£ãšã³ãžãã¢ãšããŠã®ãã£ãªã¢ãã¹ã¿ãŒãããã«ã¯çæ³çãªè³æ ŒãšãããŠããŸãã
4.4 CCSP (Certified Cloud Security Professional)
CCSPã¯ã¯ã©ãŠãã³ã³ãã¥ãŒãã£ã³ã°ã»ãã¥ãªãã£ã®å°éç¥èã蚌æããè³æ Œã§ããã¯ã©ãŠãç°å¢ã§ã®ãªã¹ã¯ç®¡çãšããŒã¿ã»ãã¥ãªãã£ã«ã€ããŠç解ããŠããããšã蚌æããŸãã
ãã®è©Šéšã§ã¯ãã¯ã©ãŠãã¢ãŒããã¯ãã£ãšèšèšãã¯ã©ãŠãããŒã¿ã»ãã¥ãªãã£ãã¯ã©ãŠããã©ãããã©ãŒã ãšã€ã³ãã©ã¹ãã©ã¯ãã£ã»ãã¥ãªãã£ãªã©ãã«ããŒãããŠããŸãã
ã¯ã©ãŠããµãŒãã¹ãæ¥éã«æ®åããäžã§ãCCSPè³æ Œã¯ã»ãã¥ãªãã£ãããã§ãã·ã§ãã«ãšããŠé«ãè©äŸ¡ãããããã«ãªã£ãŠããŸãã
5. ã»ãã¥ãªãã£ãšã³ãžãã¢ãç®æãããã®åŠç¿æ¹æ³
ã»ãã¥ãªãã£ãšã³ãžãã¢ãç®æãå Žåãå¹ åºãç¥èãšã¹ãã«ãç¿åŸããå¿ èŠããããŸããããã§ã¯ãé²ããã¹ãäž»èŠãªåŠç¿æ¹æ³ã«ã€ããŠèª¬æããŸãã
ããããå ã4ã€ã®åŠç¿æ¹æ³ãææ¡ããŸããåºæ¬çãªã»ãã¥ãªãã£ç¥èã®ç¿åŸãããæ·±ãç解ãæããããã®ããã°ã©ãã³ã°ã¹ãã«ãçŸå®äžçã®è åšãžã®ç解ããããŠè³æ Œã®ååŸã§ãã
åªããã»ãã¥ãªãã£ãšã³ãžãã¢ã«ãªãããã«ã¯ãåºç€ããå§ããäžæ©ãã€ç¢ºå®ã«æé·ããããšãéèŠã§ãã
5.1 ã»ãã¥ãªãã£ã«é¢ããåºç€ç¥èã®åŠç¿
åºæ¬çãªã»ãã¥ãªãã£ã®æŠå¿µãç解ãããããäœã§ãããã説æã§ããããšãéèŠã§ãããããã¯ãŒã¯ã»ãã¥ãªãã£ãæå·åãèªèšŒæ¹æ³ããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã®ã»ãã¥ãªãã£çãåŠã¶ãšè¯ãã§ãããã
å€ãã®æç§æžããªã³ã©ã€ã³ææãååšããŠãããç¥èé¢ãåºããã®ã«åœ¹ç«ã¡ãŸãããŸããå®éã®ã»ãã¥ãªãã£ã·ããªãªãæš¡æ¬ããããã®ããŒã«ã䜿çšãããšç解ãæ·±ãŸããŸãã
äžçã®ITã€ã³ãã©ãå®å šã«å®ã£ãŠããããã«ã¯ããã®åºæ¬çãªç¥èãéèŠãšãªããŸãã
5.2 ããã°ã©ãã³ã°ã¹ãã«ã®ç¿åŸ
ã»ãã¥ãªãã£ãšã³ãžãã¢ãšããŠæåããããã«ã¯ãããã°ã©ãã³ã°ãæ¬ ãããŸããããŠã§ãã¢ããªã±ãŒã·ã§ã³ã®ã»ãã¥ãªãã£ã«é¢ããç¥èã«å ããŠãå°ãªããšã1ã€ã®ããã°ã©ãã³ã°èšèªãç¿åŸããããšããªã¹ã¹ã¡ããŸãã
å ·äœçã«ã¯ãPythonãJavaScriptãªã©ã®èšèªãæå¹ã§ãããããã¯ã»ãã¥ãªãã£ããŒã«ã®éçºãèªååã¿ã¹ã¯ããŠã§ãã¢ããªã±ãŒã·ã§ã³ã®æ»æã·ãã¥ã¬ãŒã·ã§ã³ãªã©ã«ãã䜿çšãããŸãã
ããæ·±ãã»ãã¥ãªãã£ãç解ããããå¹ççãªå¯Ÿçãå®æœããããã«ããããã°ã©ãã³ã°ã¹ãã«ã®ç¿åŸã¯å¿ é ã§ãã
5.3 å žåçãªã»ãã¥ãªãã£è åšãžã®ç解
å®åã§æ±ããããã»ãã¥ãªãã£å¯Ÿçã®å€§éšåã¯ãå žåçãªè åšãæ»æãã¿ãŒã³ã«å¯Ÿãã察çã§ãããã®ããããããã®è åšã«ã€ããŠå ·äœçãªç¥èãæã€ããšãéèŠãšãªããŸãã
äŸãã°ãSQLã€ã³ãžã§ã¯ã·ã§ã³ãã¯ãã¹ãµã€ãã¹ã¯ãªããã£ã³ã°ïŒXSSïŒãCSRFãªã©ã®ãŠã§ãã¢ããªã±ãŒã·ã§ã³ã«å¯Ÿããæ»æããã¡ã€ã¢ãŠã©ãŒã«ã®ãã€ãã¹ææ³ããªããŒã¹ãšã³ãžãã¢ãªã³ã°ãªã©ãç解ããŠãããšè¯ãã§ãããã
ãããã®è åšãžã®ç解ã¯ãå®åã§çŽé¢ããå¯èœæ§ãããåé¡ã«ã察æã§ãããããªç¥èãšã¹ãã«ãé€ãäžã§ãæå¹ã§ãã
5.4 ã»ãã¥ãªãã£ã«é¢é£ããè³æ Œã®ååŸ
ã»ãã¥ãªãã£ãšã³ãžãã¢ãšããŠæŽ»èºããããã«ã¯ãæ¥çèªç¥åºŠã®ããè³æ Œã®ååŸãå©ãã«ãªããŸããCompTIA Security+ãCISSPãCISMãªã©ã®åºç¯ã§åºæ¬çãªã»ãã¥ãªãã£ç¥èãæ±ããããè³æ Œãæåã§ãã
è³æ Œãããããšã§ãããªããæã£ãŠããç¥èãã¹ãã«ã®èšŒãšãªããæ¡çšã®éã«æå©ã«åããŸãããŸããåŠç¿ã®ææšãšããªããèªå·±åçºã®åŒ·åãªããŒã«ãšããªãããŸãã
ç¶ç¶çãªåŠç¿ãšè³æ Œã®æŽæ°ã¯ãèªèº«ã®ã¹ãã«ããã€ã§ãææ°ã®ãã®ã«ä¿ã€ã®ã«åœ¹ç«ã¡ãŸãã
6. å°æ¥æ§ãšæ±äººåå
ã€ã³ã¿ãŒããã瀟äŒãé²è¡ããããå€ãã®æ å ±ãããžã¿ã«åãããäžãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãŸãããä»åŸã®äžçã§å¿ èŠãšãããå°éè·ã®äžã€ã§ãã以äžã§ã¯ãã»ãã¥ãªãã£ãšã³ãžãã¢ã®åžå Žãæ±äººååãå°æ¥æ§ããããŠåå ¥ã«ã€ããŠè©³ãã解説ããŸãã
6.1 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®åžå Ž
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®åžå Žã¯ãè¿å¹Žæ¥éã«æé·ãã€ã€ãããŸããããŒã¿ããã³æ å ±ã®ä¿è·ãéèŠããäŒæ¥ãçµç¹ãå¢ããŠãããããã«äŒŽãã»ãã¥ãªãã£ãšã³ãžãã¢ãžã®ããŒãºãé«ãŸã£ãŠããŸãã
ä»åŸãããã«ITæè¡ã®é²åãšãšãã«ãæ°ããªã»ãã¥ãªãã£ãªã¹ã¯ãå¢å€§ããŠãããšäºæ³ããããã®çµæãã»ãã¥ãªãã£ãšã³ãžãã¢ã®åœ¹å²ã¯ãŸããŸãéèŠãšãªãã§ãããã
ææ°ã®æè¡ååãç解ãã絶ããåŠã³ç¶ããèœåãæ±ãããããããç¥èãšã¹ãã«ãæŽæ°ãç¶ããããšãæ±ããããŸãã
6.2 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®æ±äººåå
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®æ±äººååãèŠããšãåºç¯å²ã®æ¥çã§éèŠãèŠãããŸããç¹ã«ãéèã補é ãITãéä¿¡ãªã©ã®ã»ã¯ã¿ãŒã§åœŒãã®ã¹ãã«ã¯é«ãè©äŸ¡ãããŠããŸãã
ã¹ã¿ãŒãã¢ãããã倧æäŒæ¥ãŸã§ãæ å ±ä¿è·ã«å¯Ÿããæèãé«ãŸã£ãŠãããã»ãã¥ãªãã£ãšã³ãžãã¢ãžã®éèŠã¯å¢ãç¶ããŠããŸãããã®çµæãæ±äººã§ãé«çµŠãæ瀺ãããŠããåŸåããããŸãã
ãŸãããªã¢ãŒãã¯ãŒã¯ã®å¢å ã«ããããµã€ããŒã»ãã¥ãªãã£ã®ããŒãºãå¢å€§ããŠãããã»ãã¥ãªãã£ãšã³ãžãã¢ãžã®éèŠãããã«æ¡å€§ãããšäºæž¬ãããŠããŸãã
6.3 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®å°æ¥æ§
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®å°æ¥æ§ã¯æ¥µããŠé«ããšèšããŸããITç°å¢ã®è€éåãšãšãã«ãã»ãã¥ãªãã£ãšã³ãžãã¢ãžã®éèŠã¯ä»åŸãå¢å ãããšèŠãããŠããŸãã
ç¹ã«ãæ°ããªæè¡ã®å°å ¥ãããžã¿ã«ãã©ã³ã¹ãã©ãŒã¡ãŒã·ã§ã³ã®é²è¡ã«äŒŽããäŒæ¥ã§ã¯å°éçãªã»ãã¥ãªãã£ãšã³ãžãã¢ã®ç¢ºä¿ãæ±ããããŠããŸãã
ãã ããæ¥çãé²åãç¶ããäžã§ãã»ãã¥ãªãã£ãšã³ãžãã¢ã¯åžžã«æ°ããã¹ãã«ãç¥èã身ã«ã€ããŠã¢ããããŒããç¶ããå¿ èŠããããŸãã
6.4 ã»ãã¥ãªãã£ãšã³ãžãã¢ã®åå ¥
ã»ãã¥ãªãã£ãšã³ãžãã¢ã®åå ¥ã¯å°éæ§ã®é«ããçµéšããããŠæ¥çžŸã«ãã倧ããå€åããŸãããäžè¬çã«ã¯é«åå ¥è·çš®ã®äžã€ãšãããŠããŸãã
ãŸããå°æ¥çã«ããã«é絊ã®ã®ã£ãããåºããå¯èœæ§ããããããã«äŒŽããåå ¥ãäžæãç¶ãããšäºæ³ãããŠããŸãã
ã¡ãªã¿ã«ãäžè¬çã«å€§æäŒæ¥ã®ã»ãã¥ãªãã£ãšã³ãžãã¢ã¯ãã¹ã¢ãŒã«ããããµã€ãºäŒæ¥ã®ãã®ãšæ¯èŒããŠé«ãå ±é ¬ãæ¯æãããåŸåã«ãããŸãã