Skip to content

Last Week Cheatsheet

Domain 1 Quick Rules

  • Tech is last
  • First action = Confirm obligations, assess risk, establish reporting line
  • Choose auditable and defensible options
  • Prefer governance/process controls over ad-hoc fixes
  • Board report = business impact, risk level, required decisions

Domain 2-8 Quick Rules

  • D2 (Asset): Classify -> Owner -> Retention -> Disposal
  • D3 (Architecture): Principle first, product later
  • D4 (Network): Boundary -> Segmentation -> Protected transport
  • D5 (IAM): Identity proofing before entitlement
  • D6 (Assessment): Scope/Authorization before testing
  • D7 (Operations): Safety & Evidence before eradication
  • D8 (Software): Shift-left security in SDLC

10-Second Elimination

  1. 根拠確認なしの即実施を捨てる
  2. 責任主体が曖昧な選択肢を捨てる
  3. 記録が残らない対応を捨てる
  4. 法令/契約観点がない選択肢を捨てる

Memory Hook

Legal -> Governance -> Risk -> Process -> Tech

D2 Data | D3 Design | D4 Network | D5 Identity | D6 Test | D7 Operate | D8 Build