{"id":61573,"date":"2023-12-08T20:25:38","date_gmt":"2023-12-08T11:25:38","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=61573"},"modified":"2024-03-29T17:31:34","modified_gmt":"2024-03-29T08:31:34","slug":"keio-univ-information-leak","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak","title":{"rendered":"Co se m\u016f\u017eeme nau\u010dit o krizov\u00e9m \u0159\u00edzen\u00ed a roli pr\u00e1vn\u00edka z \u00faniku informac\u00ed na Univerzit\u011b Keio"},"content":{"rendered":"\n<p>\u00daniky informac\u00ed zp\u016fsoben\u00e9 neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem se vyskytuj\u00ed nejen v podnic\u00edch, ale tak\u00e9 v oblasti vzd\u011bl\u00e1v\u00e1n\u00ed, av\u0161ak zd\u00e1 se, \u017ee reakce na n\u011b se v t\u011bchto dvou prost\u0159ed\u00edch m\u00edrn\u011b li\u0161\u00ed.<\/p>\n\n\n\n<p>Obzvl\u00e1\u0161t\u011b v p\u0159\u00edpad\u011b osobn\u00edch \u00fadaj\u016f, kter\u00e9 se t\u00fdkaj\u00ed p\u0159edev\u0161\u00edm student\u016f a pedagogick\u00fdch pracovn\u00edk\u016f, se zd\u00e1, \u017ee pokud dojde k incidentu s \u00fanikem informac\u00ed, zve\u0159ejn\u011bn\u00ed informac\u00ed je omezeno na ur\u010dit\u00fd rozsah.<\/p>\n\n\n\n<p>Av\u0161ak ochrana osobn\u00edch \u00fadaj\u016f je stejn\u011b d\u016fle\u017eit\u00e1 jak pro podniky, tak pro \u0161koly a z\u00e1kladn\u00ed principy krizov\u00e9ho \u0159\u00edzen\u00ed v p\u0159\u00edpad\u011b \u00faniku informac\u00ed jsou stejn\u00e9.<\/p>\n\n\n\n<p>V tomto \u010dl\u00e1nku se proto zam\u011b\u0159\u00edme na krizov\u00e9 \u0159\u00edzen\u00ed v p\u0159\u00edpad\u011b incident\u016f s \u00fanikem osobn\u00edch \u00fadaj\u016f zp\u016fsoben\u00fdch neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem, a to na z\u00e1klad\u011b reakce na incident s \u00fanikem informac\u00ed na Keio University Shonan Fujisawa Campus (d\u00e1le jen &#8220;Keio SFC&#8221;).<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Prehled_udalosti_uniku_informaci_na_Keio_SFC\" title=\"P\u0159ehled ud\u00e1losti \u00faniku informac\u00ed na Keio SFC\">P\u0159ehled ud\u00e1losti \u00faniku informac\u00ed na Keio SFC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Odhaleni_neopravneneho_pristupu_a_prvotni_reakce\" title=\"Odhalen\u00ed neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu a prvotn\u00ed reakce\">Odhalen\u00ed neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu a prvotn\u00ed reakce<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#O_prvotni_reakci_Keio_SFC\" title=\"O prvotn\u00ed reakci Keio SFC\">O prvotn\u00ed reakci Keio SFC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#O_oznameni_zainteresovanym_stranam\" title=\"O ozn\u00e1men\u00ed zainteresovan\u00fdm stran\u00e1m\">O ozn\u00e1men\u00ed zainteresovan\u00fdm stran\u00e1m<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Tiskova_zprava_po_odhaleni_uniku_informaci\" title=\"Tiskov\u00e1 zpr\u00e1va po odhalen\u00ed \u00faniku informac\u00ed\">Tiskov\u00e1 zpr\u00e1va po odhalen\u00ed \u00faniku informac\u00ed<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#O_tiskove_zprave_Keio_SFC\" title=\"O tiskov\u00e9 zpr\u00e1v\u011b Keio SFC\">O tiskov\u00e9 zpr\u00e1v\u011b Keio SFC<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Casovani_tiskove_zpravy\" title=\"\u010casov\u00e1n\u00ed tiskov\u00e9 zpr\u00e1vy\">\u010casov\u00e1n\u00ed tiskov\u00e9 zpr\u00e1vy<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Upozorneni_na_podvody_a_obtezovani\" title=\"Upozorn\u011bn\u00ed na podvody a obt\u011b\u017eov\u00e1n\u00ed\">Upozorn\u011bn\u00ed na podvody a obt\u011b\u017eov\u00e1n\u00ed<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Ridici_tym_jako_stredobod_krizoveho_rizeni\" title=\"\u0158\u00edd\u00edc\u00ed t\u00fdm jako st\u0159edobod krizov\u00e9ho \u0159\u00edzen\u00ed\">\u0158\u00edd\u00edc\u00ed t\u00fdm jako st\u0159edobod krizov\u00e9ho \u0159\u00edzen\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Shrnuti\" title=\"Shrnut\u00ed\">Shrnut\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/keio-univ-information-leak\/#Predstaveni_opatreni_nasi_kancelare\" title=\"P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Prehled_udalosti_uniku_informaci_na_Keio_SFC\"><\/span>P\u0159ehled ud\u00e1losti \u00faniku informac\u00ed na Keio SFC<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Hlavn\u00ed body t\u00fdkaj\u00edc\u00ed se \u00faniku informac\u00ed zp\u016fsoben\u00e9ho neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem, kter\u00fd se stal na Keio SFC, jsou n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul>\n<li>Odhalen\u00ed \u00faniku: 29. z\u00e1\u0159\u00ed 2020 (2020) v brzk\u00fdch rann\u00edch hodin\u00e1ch byla zji\u0161t\u011bna mo\u017enost \u00faniku informac\u00ed zp\u016fsoben\u00e9ho neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem do syst\u00e9mu pro podporu v\u00fduky (SFC-SFS).<br>\u203b SFC-SFS je syst\u00e9m s funkcemi jako hromadn\u00fd e-mail pro studenty, stahov\u00e1n\u00ed seznamu student\u016f, registrace \u00fakol\u016f a zpr\u00e1v, p\u0159ij\u00edm\u00e1n\u00ed odevzd\u00e1n\u00ed, registrace v\u00fdsledk\u016f (koment\u00e1\u0159\u016f), zad\u00e1v\u00e1n\u00ed a prohl\u00ed\u017een\u00ed koment\u00e1\u0159\u016f k v\u00fduce.<\/li>\n\n\n\n<li>P\u0159\u00ed\u010dina \u00faniku: Byly ukradeny ID a hesla 19 u\u017eivatel\u016f syst\u00e9mu, kter\u00e9 byly zneu\u017eity t\u0159et\u00edmi stranami k neopr\u00e1vn\u011bn\u00e9mu p\u0159\u00edstupu do syst\u00e9mu. Hlavn\u00ed p\u0159\u00ed\u010dinou se zd\u00e1 b\u00fdt zranitelnost SFC-SFS.<\/li>\n\n\n\n<li>Rozsah \u00faniku: Osobn\u00ed informace student\u016f a zam\u011bstnanc\u016f spravovan\u00e9 Shonan Fujisawa Campus.<\/li>\n\n\n\n<li>Obsah \u00faniku: Krom\u011b &#8220;jm\u00e9na&#8221;, &#8220;adresy&#8221;, &#8220;u\u017eivatelsk\u00e9ho jm\u00e9na&#8221;, &#8220;e-mailov\u00e9 adresy&#8221; zahrnuje v p\u0159\u00edpad\u011b student\u016f tak\u00e9 &#8220;fotografii obli\u010deje&#8221;, &#8220;\u010d\u00edslo studenta&#8221;, &#8220;informace o z\u00edsk\u00e1n\u00ed kredit\u016f&#8221;, &#8220;datum n\u00e1stupu do \u0161koly&#8221; atd., v p\u0159\u00edpad\u011b zam\u011bstnanc\u016f &#8220;\u010d\u00edslo zam\u011bstnance&#8221;, &#8220;pozice&#8221;, &#8220;profil&#8221;, &#8220;osobn\u00ed e-mailov\u00e1 data&#8221; atd.<\/li>\n\n\n\n<li>Po\u010det \u00fanik\u016f: Mo\u017en\u00fd \u00fanik informac\u00ed se t\u00fdk\u00e1 p\u0159ibli\u017en\u011b 33 000 p\u0159\u00edpad\u016f.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/keio-univ-information-leak-3.jpg\" alt=\"\" class=\"wp-image-36576\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Odhaleni_neopravneneho_pristupu_a_prvotni_reakce\"><\/span>Odhalen\u00ed neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu a prvotn\u00ed reakce<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Dne 15. z\u00e1\u0159\u00ed kolem 17:45 byly v IT odd\u011blen\u00ed Keio SFC zji\u0161t\u011bny stopy po sporadick\u00e9m hled\u00e1n\u00ed zranitelnost\u00ed v syst\u00e9mu SFC-SFS.<\/p>\n\n\n\n<p>N\u00e1sledn\u011b, v noci 28. z\u00e1\u0159\u00ed, byl detekov\u00e1n podez\u0159el\u00fd p\u0159\u00edstup k syst\u00e9mu SFC-SFS a po vy\u0161et\u0159en\u00ed byla v brzk\u00fdch rann\u00edch hodin\u00e1ch 29. z\u00e1\u0159\u00ed odhalena mo\u017enost \u00faniku informac\u00ed v d\u016fsledku neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu.<\/p>\n\n\n\n<p>Keio SFC zah\u00e1jila n\u00e1sleduj\u00edc\u00ed prvotn\u00ed reakce den po zji\u0161t\u011bn\u00ed hled\u00e1n\u00ed zranitelnost\u00ed, co\u017e je p\u0159edzv\u011bst neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu:<\/p>\n\n\n\n<ul>\n<li>\u017d\u00e1dost o zm\u011bnu hesla v\u0161ech u\u017eivatel\u016f (16. z\u00e1\u0159\u00ed, 30. z\u00e1\u0159\u00ed)<\/li>\n\n\n\n<li>Neust\u00e1l\u00e9 sledov\u00e1n\u00ed v\u0161ech m\u00edst ov\u011b\u0159en\u00ed a ov\u011b\u0159ovac\u00edch z\u00e1znam\u016f (od 16. z\u00e1\u0159\u00ed)<\/li>\n\n\n\n<li>Omezen\u00ed p\u0159ihl\u00e1\u0161en\u00ed na sd\u00edlen\u00fd v\u00fdpo\u010detn\u00ed server z vn\u011bj\u0161\u00edch zdroj\u016f pouze na ov\u011b\u0159en\u00ed ve\u0159ejn\u00fdm kl\u00ed\u010dem (16. z\u00e1\u0159\u00ed)<\/li>\n\n\n\n<li>Zastaven\u00ed webov\u00fdch slu\u017eeb, u kter\u00fdch byla zji\u0161t\u011bna zranitelnost, a oprava zraniteln\u00fdch m\u00edst [prob\u00edh\u00e1] (postupn\u011b od 16. z\u00e1\u0159\u00ed, SFC-SFS 29. z\u00e1\u0159\u00ed)<\/li>\n\n\n\n<li>Zastaven\u00ed syst\u00e9mu SFC-SFS (29. z\u00e1\u0159\u00ed)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"O_prvotni_reakci_Keio_SFC\"><\/span>O prvotn\u00ed reakci Keio SFC<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>P\u0159i odhalen\u00ed neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu je z\u00e1kladem z\u0159\u00edzen\u00ed krizov\u00e9ho \u0161t\u00e1bu a proveden\u00ed prvotn\u00ed reakce, ale v tomto p\u0159\u00edpad\u011b se zd\u00e1, \u017ee IT odd\u011blen\u00ed pod veden\u00edm pana Kuniya, st\u00e1l\u00e9ho \u0159editele Keio a hlavn\u00edho informa\u010dn\u00edho a bezpe\u010dnostn\u00edho d\u016fstojn\u00edka, fungovalo jako krizov\u00fd \u0161t\u00e1b.<\/p>\n\n\n\n<p>D\u016fle\u017eit\u00e9 prvotn\u00ed reakce zahrnuj\u00ed &#8220;izolaci informac\u00ed&#8221;, &#8220;odpojen\u00ed s\u00edt\u011b&#8221; a &#8220;zastaven\u00ed slu\u017eby&#8221; za \u00fa\u010delem zabr\u00e1n\u011bn\u00ed roz\u0161\u00ed\u0159en\u00ed \u0161kody a vzniku sekund\u00e1rn\u00ed \u0161kody. V p\u0159\u00edpad\u011b Keio SFC je v\u0161ak po\u010det u\u017eivatel\u016f syst\u00e9mu omezen na studenty a zam\u011bstnance, tak\u017ee se prioritou st\u00e1v\u00e1 zm\u011bna hesla a omezen\u00ed zp\u016fsobu p\u0159ihl\u00e1\u0161en\u00ed.<\/p>\n\n\n\n<p>Av\u0161ak skute\u010dnost, \u017ee se Keio SFC ihned pohnula po zji\u0161t\u011bn\u00ed p\u0159edzv\u011bsti neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu, a to, \u017ee zastavila syst\u00e9m SFC-SFS 29. z\u00e1\u0159\u00ed, kdy byla odhalena mo\u017enost \u00faniku informac\u00ed, lze pova\u017eovat za adekv\u00e1tn\u00ed krizov\u00e9 \u0159\u00edzen\u00ed.<\/p>\n\n\n\n<p>Co se t\u00fd\u010de prvotn\u00ed reakce Keio SFC, ot\u00e1zkou z\u016fst\u00e1v\u00e1, zda po proveden\u00ed opat\u0159en\u00ed pro zachov\u00e1n\u00ed d\u016fkaz\u016f proti neopr\u00e1vn\u011bn\u00e9mu p\u0159\u00edstupu, kter\u00fd je trestn\u00fdm \u010dinem, podala zpr\u00e1vu dozor\u010d\u00edm org\u00e1n\u016fm nebo policii. Tuto informaci v\u0161ak nelze ov\u011b\u0159it, proto\u017ee v tiskov\u00fdch zpr\u00e1v\u00e1ch a medi\u00e1ln\u00edch zpr\u00e1v\u00e1ch nejsou \u017e\u00e1dn\u00e9 zm\u00ednky.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/dad0f120d841b7eb2043aae31cc35910.jpg\" alt=\"\" class=\"wp-image-35868\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"O_oznameni_zainteresovanym_stranam\"><\/span>O ozn\u00e1men\u00ed zainteresovan\u00fdm stran\u00e1m<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Ozn\u00e1men\u00ed student\u016fm a zam\u011bstnanc\u016fm Keio SFC bylo provedeno formou e-mailu s obchodn\u00edmi sd\u011blen\u00edmi, jak je uvedeno n\u00ed\u017ee, a prvn\u00ed e-mail, kter\u00fd se t\u00fdkal \u00faniku osobn\u00edch \u00fadaj\u016f, byl pravd\u011bpodobn\u011b odesl\u00e1n 30. z\u00e1\u0159\u00ed.<\/p>\n\n\n\n<p>29. z\u00e1\u0159\u00ed bylo ozn\u00e1meno zam\u011bstnanc\u016fm Keio SFC, \u017ee do\u0161lo k &#8220;v\u00e1\u017en\u00e9mu probl\u00e9mu&#8221; a \u017ee syst\u00e9m SFC-SFS bude zastaven.<\/p>\n\n\n\n<p>30. z\u00e1\u0159\u00ed bylo v\u0161em u\u017eivatel\u016fm SFC-SFS po\u017eadov\u00e1no zm\u011bnit heslo, proto\u017ee &#8220;informace o \u00fa\u010dtu u\u017eivatele&#8221; mohly uniknout v d\u016fsledku tohoto probl\u00e9mu.<\/p>\n\n\n\n<p>Zam\u011bstnanc\u016fm bylo tak\u00e9 ozn\u00e1meno, \u017ee v d\u016fsledku zastaven\u00ed SFC-SFS nebude mo\u017en\u00e9 prov\u00e9st v\u00fdb\u011br student\u016f a komunikaci se studenty podle pl\u00e1nu, a \u017ee budou muset p\u0159eru\u0161it v\u00fduku na ur\u010ditou dobu.<br>\n<br>\nTuto informaci zachytila zpravodajsk\u00e1 slu\u017eba J-CAST News a ve stejn\u00fd den publikovala \u010dl\u00e1nek s n\u00e1zvem &#8220;V\u00e1\u017en\u00fd probl\u00e9m se syst\u00e9mem pro v\u00fduku na Keio SFC, za\u010d\u00e1tek podzimn\u00edho semestru se o t\u00fdden zpozdil&#8221;, ve kter\u00e9m se stalo ve\u0159ejn\u011b zn\u00e1m\u00fdm, \u017ee &#8220;informace o \u00fa\u010dtu u\u017eivatele&#8221; unikly.<\/p>\n\n\n\n<p>1. \u0159\u00edjna bylo na webov\u00fdch str\u00e1nk\u00e1ch Keio SFC ozn\u00e1meno student\u016fm, \u017ee syst\u00e9m SFC-SFS byl zastaven 29. z\u00e1\u0159\u00ed kv\u016fli mo\u017en\u00e9mu neopr\u00e1vn\u011bn\u00e9mu p\u0159\u00edstupu a \u017ee v d\u016fsledku tohoto dopadu budou od 1. do 7. \u0159\u00edjna p\u0159edn\u00e1\u0161ky zru\u0161eny. (Pozn\u00e1mka: Nebylo zm\u00edn\u011bno o \u00faniku osobn\u00edch \u00fadaj\u016f)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Tiskova_zprava_po_odhaleni_uniku_informaci\"><\/span>Tiskov\u00e1 zpr\u00e1va po odhalen\u00ed \u00faniku informac\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Prvn\u00ed ve\u0159ejn\u00e9 ozn\u00e1men\u00ed o \u00faniku osobn\u00edch \u00fadaj\u016f zp\u016fsoben\u00e9m neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem bylo u\u010din\u011bno 10. listopadu na webov\u00fdch str\u00e1nk\u00e1ch.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Bylo zji\u0161t\u011bno, \u017ee v informa\u010dn\u00edm s\u00ed\u0165ov\u00e9m syst\u00e9mu Shonan Fujisawa Campus (SFC-CNS) a v syst\u00e9mu podpory v\u00fduky (SFC-SFS) byly ukradeny ID a hesla 19 u\u017eivatel\u016f (u\u010ditel\u016f a zam\u011bstnanc\u016f) n\u011bjak\u00fdm zp\u016fsobem, a byl proveden neopr\u00e1vn\u011bn\u00fd p\u0159\u00edstup z vn\u011bj\u0161ku a \u00fatok vyu\u017e\u00edvaj\u00edc\u00ed zranitelnosti syst\u00e9mu podpory v\u00fduky (SFC-SFS), co\u017e mohlo v\u00e9st k \u00faniku osobn\u00edch \u00fadaj\u016f u\u017eivatel\u016f z tohoto syst\u00e9mu. Omlouv\u00e1me se za zp\u016fsoben\u00e9 nep\u0159\u00edjemnosti a obavy v\u0161em z\u00fa\u010dastn\u011bn\u00fdm. K dne\u0161n\u00edmu dni nebyly potvrzeny \u017e\u00e1dn\u00e9 sekund\u00e1rn\u00ed \u0161kody.<\/p>\n<\/blockquote>\n\n\n\n<p><a href=\"https:\/\/www.sfc.keio.ac.jp\/news\/015056.html\" target=\"_blank\" rel=\"noreferrer noopener\">Keio University &#8220;O \u00faniku osobn\u00edch \u00fadaj\u016f zp\u016fsoben\u00e9m neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem do SFC-CNS a SFC-SFS&#8221;[ja]<\/a><\/p>\n\n\n\n<p>Tato tiskov\u00e1 zpr\u00e1va tak\u00e9 obsahovala podrobn\u00e9 informace o n\u00e1sleduj\u00edc\u00edch t\u00e9matech:<\/p>\n\n\n\n<ul>\n<li>Obsah osobn\u00edch \u00fadaj\u016f, kter\u00e9 mohly uniknout<\/li>\n\n\n\n<li>Okolnosti, za kter\u00fdch byl \u00fanik odhalen<\/li>\n\n\n\n<li>P\u0159\u00ed\u010dina \u00faniku<\/li>\n\n\n\n<li>Reakce po odhalen\u00ed<\/li>\n\n\n\n<li>Aktu\u00e1ln\u00ed situace<\/li>\n\n\n\n<li>Opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed<\/li>\n<\/ul>\n\n\n\n<p>V\u00fd\u0161e uveden\u00e9 body t\u00e9m\u011b\u0159 kompletn\u011b pokr\u00fdvaj\u00ed polo\u017eky, kter\u00e9 jsou pot\u0159ebn\u00e9 pro ve\u0159ejn\u00e9 ozn\u00e1men\u00ed o \u00faniku informac\u00ed.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"O_tiskove_zprave_Keio_SFC\"><\/span>O tiskov\u00e9 zpr\u00e1v\u011b Keio SFC<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Casovani_tiskove_zpravy\"><\/span>\u010casov\u00e1n\u00ed tiskov\u00e9 zpr\u00e1vy<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Keio SFC m\u011bla ve skute\u010dnosti ozn\u00e1mit \u00fanik informac\u00ed jako prvn\u00ed, ale skute\u010dnost, \u017ee to bylo ozn\u00e1meno 41 dn\u00ed po zpr\u00e1v\u011b J-CAST News, nelze ozna\u010dit za nic jin\u00e9ho ne\u017e zpo\u017ed\u011bn\u00ed.<\/p>\n\n\n\n<p>To proto, \u017ee v p\u0159\u00edpad\u011b \u00faniku osobn\u00edch \u00fadaj\u016f je nutn\u00e9 rychle informovat dot\u010den\u00e9 osoby o \u00faniku jejich \u00fadaj\u016f, aby se p\u0159ede\u0161lo sekund\u00e1rn\u00edm \u0161kod\u00e1m.<\/p>\n\n\n\n<p>Av\u0161ak pokud byly konkr\u00e9tn\u00ed informace o &#8220;\u00fa\u010dtov\u00fdch informac\u00edch u\u017eivatel\u016f&#8221; sd\u011bleny p\u0159i \u017e\u00e1dosti o zm\u011bnu hesla 30. z\u00e1\u0159\u00ed, nebylo by \u017e\u00e1dn\u00e9 probl\u00e9m.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Upozorneni_na_podvody_a_obtezovani\"><\/span>Upozorn\u011bn\u00ed na podvody a obt\u011b\u017eov\u00e1n\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>V tiskov\u00e9 zpr\u00e1v\u011b po odhalen\u00ed \u00faniku informac\u00ed je nutn\u00e9 ozn\u00e1mit \u00fanik informac\u00ed, informovat a omluvit se dot\u010den\u00fdm osob\u00e1m, pokud do\u0161lo k \u00faniku jejich osobn\u00edch \u00fadaj\u016f, a upozornit je, aby se vyhnuly podvod\u016fm a obt\u011b\u017eov\u00e1n\u00ed.<\/p>\n\n\n\n<p>Pokud se informace z uzav\u0159en\u00e9ho kampusu dostanou do vn\u011bj\u0161\u00edho sv\u011bta, mohou b\u00fdt zneu\u017eity, a v tomto p\u0159\u00edpad\u011b je tak\u00e9 nutn\u00e9 upozornit na podvody a obt\u011b\u017eov\u00e1n\u00ed.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/93d4de660cab62321b1d83fe184426b6.jpg\" alt=\"\" class=\"wp-image-35872\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ridici_tym_jako_stredobod_krizoveho_rizeni\"><\/span>\u0158\u00edd\u00edc\u00ed t\u00fdm jako st\u0159edobod krizov\u00e9ho \u0159\u00edzen\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Keio SFC popisuje sv\u016fj \u0159\u00edd\u00edc\u00ed t\u00fdm v r\u00e1mci &#8220;opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed&#8221; ve sv\u00e9 tiskov\u00e9 zpr\u00e1v\u011b n\u00e1sledovn\u011b:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Keio University, v reakci na tento p\u0159\u00edpad neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu, se rychle zam\u011b\u0159\u00ed na opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed, jako je kontrola a zlep\u0161en\u00ed bezpe\u010dnosti webov\u00fdch aplikac\u00ed a syst\u00e9m\u016f na cel\u00e9 \u0161kole, revize zp\u016fsobu zach\u00e1zen\u00ed s osobn\u00edmi \u00fadaji atd. Krom\u011b toho, od 1. listopadu 2020 (Gregori\u00e1nsk\u00fd kalend\u00e1\u0159) jsme na \u0161kole z\u0159\u00eddili CSIRT (T\u00fdm pro \u0159e\u0161en\u00ed incident\u016f v oblasti informa\u010dn\u00ed bezpe\u010dnosti) a budeme se sna\u017eit pos\u00edlit bezpe\u010dnost na cel\u00e9 \u0161kole, zat\u00edmco budeme budovat organizaci, kter\u00e1 m\u016f\u017ee reagovat komplexn\u011b na kybernetickou bezpe\u010dnost a spolupracovat s extern\u00edmi odborn\u00fdmi institucemi.<\/p>\n<\/blockquote>\n\n\n\n<p><a href=\"https:\/\/www.sfc.keio.ac.jp\/doc\/df8e80e0da5060b204d0ae01f6e9695989fd9059.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Keio University &#8220;O \u00faniku osobn\u00edch \u00fadaj\u016f v d\u016fsledku neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu k SFC-CNS a SFC-SFS&#8221;[ja]<\/a><\/p>\n\n\n\n<p>Zd\u00e1 se, \u017ee vnit\u0159n\u00ed organizace Keio SFC p\u0159evzala roli \u0159\u00edd\u00edc\u00edho t\u00fdmu v po\u010d\u00e1te\u010dn\u00ed reakci na tento p\u0159\u00edpad, ale &#8220;CSIRT&#8221;, kter\u00fd byl z\u0159\u00edzen 1. listopadu 2020 (Gregori\u00e1nsk\u00fd kalend\u00e1\u0159), je organizace, kter\u00e1 odpov\u00edd\u00e1 \u0159\u00edd\u00edc\u00edmu t\u00fdmu, kter\u00fd se stane st\u0159edobodem krizov\u00e9ho \u0159\u00edzen\u00ed v p\u0159\u00edpad\u011b pos\u00edlen\u00ed bezpe\u010dnosti a budouc\u00edch incident\u016f.<\/p>\n\n\n\n<p>Slo\u017een\u00ed \u010dlen\u016f CSIRT nen\u00ed zn\u00e1mo, ale krom\u011b opat\u0159en\u00ed pro zabezpe\u010den\u00ed syst\u00e9mu je t\u0159eba prov\u00e1d\u011bt sou\u010dasn\u011b tak\u00e9 komunikaci s c\u00edlov\u00fdmi u\u017eivateli, hl\u00e1\u0161en\u00ed dozor\u010d\u00edm org\u00e1n\u016fm a policii, komunikaci s m\u00e9dii, posouzen\u00ed pr\u00e1vn\u00ed odpov\u011bdnosti atd. Obecn\u011b je tedy pot\u0159eba \u00fa\u010dast n\u00e1sleduj\u00edc\u00edch extern\u00edch t\u0159et\u00edch stran a odborn\u00edk\u016f:<\/p>\n\n\n\n<ul>\n<li>Velk\u00e9 softwarov\u00e9 spole\u010dnosti<\/li>\n\n\n\n<li>Velk\u00e9 specializovan\u00e9 bezpe\u010dnostn\u00ed firmy<\/li>\n\n\n\n<li>Extern\u00ed pr\u00e1vn\u00edci s hlubok\u00fdmi znalostmi v oblasti kybernetick\u00e9 bezpe\u010dnosti<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti\"><\/span>Shrnut\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>I v p\u0159\u00edpad\u011b, jako je tento, kdy do\u0161lo k \u00faniku osobn\u00edch \u00fadaj\u016f v oblasti vzd\u011bl\u00e1v\u00e1n\u00ed, je d\u016fle\u017eit\u00e1 vhodn\u00e1 &#8220;prvotn\u00ed reakce&#8221; a &#8220;ozn\u00e1men\u00ed, hl\u00e1\u0161en\u00ed a zve\u0159ejn\u011bn\u00ed&#8221; zam\u011b\u0159en\u00e9 na krizov\u00fd \u0161t\u00e1b, stejn\u011b jako n\u00e1sledn\u00e1 &#8220;bezpe\u010dnostn\u00ed opat\u0159en\u00ed&#8221;.<\/p>\n\n\n\n<p>Obzvl\u00e1\u0161t\u011b rychlost je vy\u017eadov\u00e1na nejen p\u0159i prvotn\u00ed reakci, ale tak\u00e9 p\u0159i ozn\u00e1men\u00ed a hl\u00e1\u0161en\u00ed policii a p\u0159\u00edslu\u0161n\u00fdm ministerstv\u016fm, ozn\u00e1men\u00ed (omlouv\u00e1n\u00ed se) dot\u010den\u00e9 osob\u011b a zve\u0159ejn\u011bn\u00ed v p\u0159\u00edhodn\u00e9m okam\u017eiku.<\/p>\n\n\n\n<p>Av\u0161ak pokud se pokaz\u00ed postup nebo zp\u016fsob \u0159e\u0161en\u00ed, m\u016f\u017ee doj\u00edt k odpov\u011bdnosti za n\u00e1hradu \u0161kody, tak\u017ee doporu\u010dujeme konzultovat s pr\u00e1vn\u00edkem s bohat\u00fdmi znalostmi a zku\u0161enostmi v oblasti kybernetick\u00e9 bezpe\u010dnosti, m\u00edsto abyste se rozhodovali sami.<\/p>\n\n\n\n<p>Pokud m\u00e1te z\u00e1jem o krizov\u00fd management p\u0159i \u00faniku informac\u00ed zp\u016fsoben\u00e9m malwarem spole\u010dnosti Capcom, pod\u00edvejte se na n\u00e1\u0161 \u010dl\u00e1nek, kde je to podrobn\u011b pops\u00e1no.<\/p>\n\n\n\n<p><a href=\"https:\/\/monolith.law\/corporate\/capcom-information-leakage-crisis-management\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/monolith.law\/corporate\/capcom-information-leakage-crisis-management[ja]<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Predstaveni_opatreni_nasi_kancelare\"><\/span>P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Pr\u00e1vnick\u00e1 kancel\u00e1\u0159 Monolis je pr\u00e1vnick\u00e1 kancel\u00e1\u0159 s vysokou odbornost\u00ed v oblasti IT, zejm\u00e9na internetu a pr\u00e1va. Na\u0161e kancel\u00e1\u0159 prov\u00e1d\u00ed pr\u00e1vn\u00ed kontroly pro r\u016fzn\u00e9 p\u0159\u00edpady, od spole\u010dnost\u00ed k\u00f3tovan\u00fdch na Tokyo Stock Exchange Prime a\u017e po startupy. Pros\u00edm, viz n\u00ed\u017ee uveden\u00fd \u010dl\u00e1nek.<\/p>\n\n\n\n<p><a href=\"https:\/\/monolith.law\/contractcreation\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/monolith.law\/contractcreation[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00daniky informac\u00ed zp\u016fsoben\u00e9 neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem se vyskytuj\u00ed nejen v podnic\u00edch, ale tak\u00e9 v oblasti vzd\u011bl\u00e1v\u00e1n\u00ed, av\u0161ak zd\u00e1 se, \u017ee reakce na n\u011b se v t\u011bchto dvou prost\u0159ed\u00edch m\u00edrn\u011b li\u0161\u00ed. Obzvl\u00e1\u0161t\u011b v p\u0159\u00edpa [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":63954,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61573"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=61573"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61573\/revisions"}],"predecessor-version":[{"id":63955,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61573\/revisions\/63955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/63954"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=61573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=61573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=61573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}