mobile WG

モバイルユーザーワーキンググループのページです。

CSA-JC モバイルユーザーワーキンググループは、CSAグローバルのMobile Working Groupの活動に準じて、クラウド中心の視点から、エンドユーザー向けにセキュアなモバイルデバイスコンピューティングを支援するための基本的な調査研究を提供し、モバイル環境のクラウドセキュリティに関する啓発活動を推進することを目的とします。

活動要旨

CSA-JC モバイルユーザーワーキンググループの設置企画書は、こちらを参照してください

公開情報

活動内容

[2019年12月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年12月は特に活動なし
  • 1.  CSA Mobile Working Group
    2-1. IoT Working WG Meeting(終了)
    日時:2019年12月13日(金) 03:00am – 04:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:

    • CSA Announcements

      IoT in the News

      CSA UL Collab – Update

      • White paper about survey results, discussion, and call to action
      • Webinar in Jan with Brian and UL’s Gonda about the survey
        • Slides will be posted after the webinar is done so anyone from the working group interested in presenting can do so
      • NEED VOLUNTEERS
        • Help finalize whitepaper
        • Supporting the proof of concept

      CSA IoT Controls Matrix v2

      • Brian and Michael will work on developing a plan for steps to complete this version
      • Feedback: Content is great, but it’s not as approachable to use within their environment
        • App (i.e. turbo tax style – series of questions leads to controls)
        • Inquire with graphics professional (Umesh)
        • Discussion further on next call
      • Upcoming global privacy regulations and laws that apply to IoT on Jan 9th (Raj)

      IDAM for IoT v2

      • Next Steps: Select protocols .
      • Are there others to include?

      Other

    • Revive webinar series and start with Mark (end of CIA triad and what it is now)
    • Hillary reach out after beginning of the year
    • Event: NIST’s Identity Management & Access Control in Multi-clouds Workshop and Conference, Jan 22-24, 2020.  Join a day early for hands-on sessions and lightning talks.

[2019年11月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年11月は特に活動なし
  • 2.  CSA IoT Working Group
    2-1. IoT Working WG Meeting(終了)
    日時:2019年11月1日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    [UL Collab]
    -Pfizer/Cheryl working with UL to figure out what the POC will look like. Make some adjustments
    [V2 IoT Security Controls – Update]
    -Looking at vendor architecture and comparing that to the shared responsibility model (application and device plane) – Mark, Umesh, and Michael
    -Discussed the adjustments to shared responsibilities model for IoT
    [NIST IR Comments]
    -Comment period ends tomorrow
    -Add any comments here and CSA will submit them together
    [Other]
    -Aaron/OWASP will be releasing a document on IoT Firmware Security Testing Methodology tomorrow – Nov 1st
    -Aaron/OWASP will also be releasing a sandbox to find, test, and fix IoT vulnerabilities – will announce when it is released.

[2019年10月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年10月は特に活動なし
  • 2. CSA IoT Working Group
         2019年10月は特に活動なし

[2019年9月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年9月は特に活動なし
  • 2. CSA IoT Working Group
    2-1. IoT Working WG Meeting(終了)
    日時:2019年9月6日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    [Action Items]
    -Continue work on the IoT Matrix. Contact leadership to sign-up for a set of controls
    [Discussions]
    -IoT Matrix: Discussion of what’s been worked on and the references that are being pulled from.
    -Defining an IoT Shared Responsibility Model for Version 2 of the IoT Controls Matrix
    [Other]
    -If anyone is interested in presenting on the IoT Framework at an upcoming conference, please reach out to the leadership team. We can provide a slide deck, abstract, and additional support for your effort.

[2019年8月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年8月は特に活動なし
  • 2. CSA IoT Working Group
    2-1. IoT Working WG Meeting(終了)
    日時:2019年8月23日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    [CSA Announcements]
    -New website! – cloudsecurityalliance.org/
    -Current open peer reviews – https://cloudsecurityalliance.org/research/contribute/
    -Recent releases – cloudsecurityalliance.org/research/artifacts/
    -Upcoming events – https://csacongress.org/
    [Update on CSA/UL – volunteers needed for each of the below Tasks]
    -List of Controls- Compile comprehensive list of manufacturer-scope security, privacy and safety controls
    -Graphic – High level graphic to depict the relationship between manufacturer-scoped controls and IoT controls matrix
    -Mapping – Map IoT Framework with manufacturer controls
    Proof of concept – employ as proof of concept in their organization
    [Review Azure’s IoT Security Services – complied by Umesh]
    [IoT Control Matrix Updates: (touching base with Michael Roza – discussion revolving issues/control methodologies)]
    -Secure Connections
    -Vulnerability Management
    -Volunteers go to domain assignments tab and add your name to your domain they’d like to cover
    [Action Items]
    -Brian – Intro meeting with UL/Cheryl for proof of concept portion
    -Michael – Post list of manufacturer scope controls when ready
    -Brian/Umesh – post Umesh’s document with azure iot security services

[2019年7月]

  • グローバル活動
  • 1.  CSA Mobile Working Group
         2019年7月は特に活動なし
  • 2. CSA IoT Working Group
    2-1. IoT Working WG Meeting(終了)
    日時:2019年7月26日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    [Welcome new co-chair: Aaron Guzman]
    -Aaron has been a member of the IoT Working Group since its inception and we’re excited to have him join the IoT Leadership Team.
    [IoT Security Controls Framework]
    -Adding indicators of compromise (IOC) section
    -Need volunteers for reviewing sections of controls
    [Collaboration with UL]
    -Hillary to send leadership team information about the CFP for the upcoming U.S. Chapter Summits.
    [Other]
    -Eric presented on the IoT Controls Framework recently at a conference in VA

[2019年6月]

  • グローバル活動
    2019年6月は特に活動なし

[2019年5月]

  • 国内活動
    2019年5月は特に活動なし
  • グローバル活動
  • 2-1.  CSA Mobile Working Group
    2018年3月14日をもって、グローバルのWG活動を正式に休止
  • 2-2.   CSA Mobile Application Security Testing(MAST) Working Group
     2019年5月の活動は特になし
  • 2-3.   CSA IoT Working Group
  • 2-3-1. IoT Working WG Meeting(終了)
    日時:2019年5月17日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    Action Items:
    Gathering volunteers for the Identity Management/ Identity Access Management for IoT Devices v2 document.
    Reviewing of the Version 2 of the CSA IoT Controls Matrix.  Comments only for now.Meeting Minutes:
    1.CSA Announcements
    -Upcoming Events
    -Share IoT Survey
    -Open peer review
    Reviewed and discussed initial UL/CSA Survey Results
    2.Call for participation: Identity and Access Management for the IoT
    Taking a lead on certain sections within the paper.
    3.Next Steps: Version 2 of the CSA IoT Controls Matrix –
    -Beginning to review and update current version for second release
    -Participants wanted to work on sections of the document, more formal announcements regarding the strategy/work will be coming soon.
    -Currently looking for comments only

[2019年4月]

  • 国内活動
    2019年3月は特に活動なし
  • グローバル活動
  • 2-1.  CSA Mobile Working Group
    2018年3月14日をもって、グローバルのWG活動を正式に休止
  • 2-2.   CSA Mobile Application Security Testing(MAST) Working Group
     2019年4月の活動は特になし
  • 2-3.   CSA IoT Working Group
  • 2-3-1. IoT Working WG(終了)
    日時:2019年5月3日(金) 02:00am – 03:00am
    場所:オンライン(WebEX)
    コーディネーター:Hillary Baron (CSA)
    概要:
    AGENDA: Guest Speaker
    The Sweetness of Low Hanging Fruit: GDPR, Brute-Forcing, & Default and Weak Credentials.
    Cyber is putting billions of dollars into research and defense but we’ve failed to detect and fix the basics. Learn new methods of brute-force detection scanning that overcomes the traditional limitations.

[2019年3月]

  • 国内活動
    2019年3月は特に活動なし
  • グローバル活動
  • 2-1.  CSA Mobile Working Group
    2018年3月14日をもって、グローバルのWG活動を正式に休止
  • 2-2.   CSA Mobile Application Security Testing(MAST) Working Group
     2019年3月の活動は特になし
  • 2-3.   CSA IoT Working Group
  • 2-3-2. IoT Working WG/Blockchain WG Presentation(終了)
    日時:2019年3月27日(金) 01:00am – 02:00am
    場所:オンライン(WebEX)
    コーディネーター:John Yeoh (CSA)
    概要:
    ” OpenCPE: Giving back control of your certifications, continuing education and identity” ; presented by our very own Mr.Kurt.Seifried , who serves as Director of IT  at the CSA, Edmonton, Canada.Kurt will present the CSA’s OpenCPE (Open Continuing Professional Education) Service, a blockchain based solution using new and innovative techniques to allow for the secure and controlled sharing of PII (Personally Identifiable Information) data, by the data owners. OpenCPE runs on top of an Open Cybersecurity Ledger (a public blockchain) which allows for the secure sharing and validation of identity, certification, continuing education credits, and project participation claims without having to store any PII within a public blockchain.We will cover how the CSA Labs has implemented Open Cybersecurity Ledgers to manage PII and other forms of sensitive data in ways that are secure, private, GDPR compliant and quantum crypto safe. Learn how Zero Knowledge Proofs and Merkle trees can be used to prove claims about identities, such as possessing a valid certification, without having to store or control the data itself.

[2019年2月]

  1. 国内活動
  • Japan Azure User Group 「第17回 Tokyo Jazug Night」(終了)

日時:2019年2月27日(木)午後7時~9時

会場:日本マイクロソフト株式会社

 

  1. グローバル活動

2-1.  CSA Mobile Working Group

2018年3月14日をもって、グローバルのWG活動を正式に休止

2-2.   CSA Mobile Application Security Testing(MAST) Working Group

2019年2月の活動は特になし

2-3.   CSA IoT Working Group

2-3-2. IoT Working Group Call

日時:2019年2月22日(金) 03:00am – 04:00am

場所:オンライン(WebEX)

コーディネーター:John Yeoh (CSA)

概要:

“An Examination of the Evolution of IoT Attacks”

Speaker: Alon Levin, VP Product Management, VDOO.

Alon is the VP Product Management at VDOO. Prior to his current role, Alon led product management and technical field operations at Cyvera, until it was acquired by Palo Alto Networks. After the acquisition, he recruited and technically led the sales engineer specialists team in Palo Alto Networks’ endpoint business.

The year 2018 saw increased IoT adoption and a leap in regulation. IoT products were faced with multiple IoT attack variants: Wicked, OMG Mirai, ADB.Miner, DoubleDoor, Hide ‘N Seek and even a Mirai-Variant IoT Botnet used to target the Financial Sector. The major attack in 2018 was VPNFilter, infecting over a half a million devices from a wide range of known vendors. In 2016 the same size attack, by the infamous Mirai, was major news and caused havoc on the Internet. Today, while such an attack is relatively big, it is not uncommon or unexpected.

Alon will examine why the 2018 attacks are more advanced that what we’ve seen in the past. He will explore today’s new emerging attack types and their impacts on the future of IoT. Finally, Alon will talk about different types of security solutions that could have easily mitigated most of the attacks in 2018 and will make it difficult for attackers to successfully target embedded devices in the future.

[2019年1月]

1. 国内活動

1-1. Facebook Developer Circle Tokyo Launch Event(終了)
日時:2019年1月27日(日)午後2時30分~6時
会場:住友不動産大崎ガーデンタワー
* Facebook Developer Circle Osakaとクラウドセキュリティにおける連携を進める予定
1-2. Alibaba Cloud InternetChap Japan Kick-off Meeting(終了)
日時:2019年1月29日(火)午後2時~5時
会場:ミッドタウン日比谷
テーマ:Alibaba Cloudのセキュリティについて
*STAR認証取得企業で、CCMに準拠した管理策を講じている
*CSA Chinaと連携しながら、日本国内での開発者コミュニティとの連携を進める予定
1-3. Japan Azure User Group 「第16回 Tokyo Jazug Night」(終了)
日時:2019年1月30日(木)午後7時~9時
会場:日本マイクロソフト株式会社
1-4. Japan Azure User Group 「第17回 Tokyo Jazug Night」(予定)
日時:2019年2月27日(木)午後7時~9時
会場:日本マイクロソフト株式会社

2. グローバル活動

2-1. CSA Mobile Working Group
2018年3月14日をもって、グローバルのWG活動を正式に休止

2-2. CSA Mobile Application Security Testing(MAST) Working Group
2019年1月の活動は特になし

2-3. CSA IoT Working Group
2-3-1. OWASPとの連携活動
OWASP SAMM V2.0 BETAリリース
2-3-2. IoT Working Group Call
日時:2019年1月25日(金) 03:00am – 04:00am
場所:オンライン(WebEX)
コーディネーター:Hillary Baron (CSA)
概要:
• Kicked off the call with Introductions for new and returning volunteers.
• Discussed latest IoT Security Items of Interest.
• Discussed creation of CSA IoTWG roadmap for 2019 – 2020
• Key areas of interest:
• Lee Szilagyi mentioned zero-trust and Michael Roza briefed the group on various SDP efforts:
• Brian Russell mentioned autonomy as a focus area
• Reviewed Joint Survey between CSA IoTWG and Underwriters Lab (UL)
• Finalizing CSA IoT Controls Matrix
• Discussed RSA 2019
o Brian to be onsite for CSA IoTWG In-person meeting on Tuesday March 5, 2019
o Will host WG members to review and update 2019-2020 roadmap

[2018年12月]

1. 国内活動

1-1. Japan Azure User Group 「第15回 Tokyo Jazug Night」(終了)
日時:2018年12月6日(木)午後7時~9時
会場:日本マイクロソフト株式会社

2. グローバル活動

2-1. CSA Mobile Working Group
2018年3月14日をもって、グローバルのWG活動を正式に休止

2-2. CSA Mobile Application Security Testing(MAST) Working Group
2018年12月の活動は特になし

2-3. CSA IoT Working Group
2-3-1. OWASPとの連携活動
OWASP IoT Top 10 for 2018アップデート版リリース
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project

2018年11月

1. 国内活動

1-1. Japan Azure User Group 「Azure DevOps Tokyo」(終了)
日時:2018年11月24日(土)午後1時~6時
会場:日本マイクロソフト株式会社
LT:「DevOpsとクラウド環境のアプリケーションセキュリティ」

1-2. Japan Azure User Group 「第15回 Tokyo Jazug Night」(予定)
日時:2018年12月6日(木)午後7時~9時
会場:日本マイクロソフト株式会社
https://jazug.connpass.com/event/109350/

2. グローバル活動

2-1. CSA Mobile Working Group
2018年3月14日をもって、グローバルのWG活動を正式に休止

2-2. CSA Mobile Application Security Testing(MAST) Working Group
2018年11月の活動は特になし

2-3. CSA IoT Working Group