Appearance
Last Week Cheatsheet
Domain 1 Quick Rules
- Tech is last
- First action = Confirm obligations, assess risk, establish reporting line
- Choose auditable and defensible options
- Prefer governance/process controls over ad-hoc fixes
- Board report = business impact, risk level, required decisions
Domain 2-8 Quick Rules
- D2 (Asset):
Classify -> Owner -> Retention -> Disposal - D3 (Architecture):
Principle first, product later - D4 (Network):
Boundary -> Segmentation -> Protected transport - D5 (IAM):
Identity proofing before entitlement - D6 (Assessment):
Scope/Authorization before testing - D7 (Operations):
Safety & Evidence before eradication - D8 (Software):
Shift-left security in SDLC
10-Second Elimination
- 根拠確認なしの即実施を捨てる
- 責任主体が曖昧な選択肢を捨てる
- 記録が残らない対応を捨てる
- 法令/契約観点がない選択肢を捨てる
Memory Hook
Legal -> Governance -> Risk -> Process -> Tech
D2 Data | D3 Design | D4 Network | D5 Identity | D6 Test | D7 Operate | D8 Build