Microsoft Azure が韓国情報セキュリティ管理システム (K-ISMS) 認定を取得

執筆者: David Burt (Senior Compliance Manager, Azure Trust and Compliance) このポストは、2019 年 1 月 16 日に投稿された Microsoft Azure obtains Korea-Information Security Management System (K-ISMS) certification の翻訳です。   マイクロソフトは、世界中の企業や組織の皆様が国や地域、業界に固有の規制要件に対応できるようにご支援したいと考えています。こうした要件は、個人のデータや社会的機関、重要な技術インフラストラクチャを物理的および論理的に保護するためのものです。Azure は国際的な業界固有のコンプライアンス基準を幅広くサポートしており、このたび新たに、韓国固有の情報管理規制である韓国情報セキュリティ管理システム (K-ISMS) が当社の広範なコンプライアンス ポートフォリオに加わることになりました。 K-ISMS 認定は韓国インターネット振興院 (KISA) (英語) によって導入された制度で、一連の厳格な統制要件を課すことにより、域内のデータのセキュリティとプライバシーの確保を目指しています。この認定の取得により、Azure を利用する韓国のお客様が KISA のコンプライアンス基準を簡単に満たせるようになり、重要なデジタル情報資産の保護に関し、現地法令要件を満たしていることを証明しやすくなります。 KISA は、韓国国内の情報技術インフラストラクチャの保護を目的として K-ISMS を確立しました。企業や組織に適切な情報セキュリティ管理システムの実装および運用を求めることで、効果的なリスク管理を促進し、実績ある優れたセキュリティ施策の適用を可能にします。 K-ISMS の枠組みは、既に効果が認められた各種の情報セキュリティ戦略やポリシーに基づいており、セキュリティ違反の影響を最小限に抑えられるよう、さまざまなセキュリティ対策と脅威への対応手順が組み込まれています。こうした要件は ISO 27001 および 27002 の統制目標と多くの部分が重なりますが、まったく同じというわけではありません。 K-ISMS 認定は韓国の国家行政機関である科学技術情報通信部 (MSIT) によって監督されており、同国の情報通信網法の第…


Infrastructure + Security: Noteworthy News (January, 2019)

Hi there! Stanislav Belov here, and you are reading the next issue of the Infrastructure + Security: Noteworthy News series!   As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Microsoft Azure Azure Backup for virtual…


Office 365 Weekly Digest | January 13 – 19, 2019

Welcome to the January 13 – 19, 2019 edition of the Office 365 Weekly Digest. Last week there were eight additions to the Office 365 Roadmap last week, including new features for Microsoft Planner, Microsoft Teams, Outlook on the web, Flow, MyAnalytics, Microsoft Whiteboard for Education, and Microsoft Bookings. There are lots of new events,…


Secure Credentials with Self-Signed Certificates for PowerShell Scripts

Hello everyone, I’m Preston K. Parsard, specializing in Platforms, Azure Infrastructure and Automation topics, and I’d like to share some insights for securing PowerShell credentials using certificates. This post is based on a recent customer project, but we’ll also wrap a story around it on behalf of our made-up friends at our fictitous company Adatum.com….

3

Office 365 Weekly Digest | January 6 – 12, 2019

Welcome to the January 6 – 12, 2019 edition of the Office 365 Weekly Digest. Seven features were added to the Office 365 Roadmap last week, with important updates for Microsoft Teams, Advanced Threat Protection, and Office 365. One Office 365 feature of note is the update for the Office app tile icons on the…


January 2019 Office Update Release

The January 2019 Public Update releases for Office are now available! This month, there are 25 security updates and 19 non-security updates. All of the security and non-security updates are listed in KB article 4484800. A new version of Office 2013 Click-To-Run is available: 15.0.5101.1002 A new version of Office 2010 Click-To-Run is available: 14.0.7228.5000


Office 365 Weekly Digest | December 30, 2018 – January 5, 2019

Happy New Year, and welcome to the December 30, 2018 – January 5, 2019 edition of the Office 365 Weekly Digest. Following the holidays there were just a few additions to the Office 365 Roadmap last week, including updates for Access and SharePoint. The last addition is important for Office 365 Business and Office 365…


Office 365 Weekly Digest | December 30, 2018 – January 5, 2019

Happy New Year, and welcome to the December 30, 2018 – January 5, 2019 edition of the Office 365 Weekly Digest. Following the holidays there were just a few additions to the Office 365 Roadmap last week, including updates for Access and SharePoint. The last addition is important for Office 365 Business and Office 365…


Contextualizing Attacker Activity within Sessions in Exchange Online

Overview The Exchange audit log is an important tool in the defender toolbox to understand the activity of users (or attackers masquerading as users) in an organization. Defenders can manually browse through their audit logs for user activity that indicates malicious activity. These audit logs feed many first-party and third-party protect, detect, and investigate capabilities…


Infrastructure + Security: Noteworthy News (December, 2018)

Hi there! Stanislav Belov here to bring you the next issue of the Infrastructure + Security: Noteworthy News series!   As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Microsoft Azure Introducing the new Azure PowerShell…