{"id":61733,"date":"2023-12-04T11:22:59","date_gmt":"2023-12-04T02:22:59","guid":{"rendered":"https:\/\/monolith.law\/tr\/?p=61733"},"modified":"2024-01-15T15:40:16","modified_gmt":"2024-01-15T06:40:16","slug":"keio-univ-information-leak","status":"publish","type":"post","link":"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak","title":{"rendered":"Keio \u00dcniversitesi'nin Bilgi S\u0131z\u0131nt\u0131s\u0131ndan \u00d6\u011frenilen Kriz Y\u00f6netimi ve Avukat\u0131n Rol\u00fc"},"content":{"rendered":"\n<p>Yasad\u0131\u015f\u0131 eri\u015fimler sonucu bilgi s\u0131z\u0131nt\u0131lar\u0131 sadece \u015firketlerle s\u0131n\u0131rl\u0131 olmay\u0131p e\u011fitim alan\u0131nda da meydana gelmektedir, ancak bu durumla ba\u015fa \u00e7\u0131kma y\u00f6ntemleri \u015firketlerden biraz farkl\u0131 g\u00f6r\u00fcnmektedir.<\/p>\n\n\n\n<p>\u00d6zellikle ki\u015fisel bilgiler s\u00f6z konusu oldu\u011funda, \u00f6\u011frenciler ve \u00f6\u011fretim g\u00f6revlileri gibi gruplar merkezde bulunur, bu nedenle bir bilgi s\u0131z\u0131nt\u0131 olay\u0131 meydana geldi\u011finde bilgi payla\u015f\u0131m\u0131 genellikle s\u0131n\u0131rl\u0131 bir kapsamda ger\u00e7ekle\u015fir.<\/p>\n\n\n\n<p>Ancak, ki\u015fisel bilgilerin korunmas\u0131 s\u00f6z konusu oldu\u011funda, ne \u015firketlerin ne de okullar\u0131n yakla\u015f\u0131m\u0131 de\u011fi\u015fmez, bilgi s\u0131z\u0131nt\u0131lar\u0131na kar\u015f\u0131 kriz y\u00f6netiminin temeli ayn\u0131d\u0131r.<\/p>\n\n\n\n<p>Bu nedenle, bu sefer, yasad\u0131\u015f\u0131 eri\u015fimler sonucu ki\u015fisel bilgilerin s\u0131zd\u0131r\u0131lmas\u0131 gibi bir olaya kar\u015f\u0131 kriz y\u00f6netiminin y\u00f6nlerinden, Keio \u00dcniversitesi Shonan Fujisawa Kamp\u00fcs\u00fc&#8217;n\u00fcn (bundan b\u00f6yle, Keio SFC olarak an\u0131lacakt\u0131r) bilgi s\u0131z\u0131nt\u0131 olay\u0131na verdi\u011fi yan\u0131t\u0131 temel alarak kriz y\u00f6netim sisteminin ana noktalar\u0131n\u0131 a\u00e7\u0131kl\u0131yoruz.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Keio_SFC%E2%80%99nin_Bilgi_Sizinti_Olayinin_Ozeti\" title=\"Keio SFC&#8217;nin Bilgi S\u0131z\u0131nt\u0131 Olay\u0131n\u0131n \u00d6zeti\">Keio SFC&#8217;nin Bilgi S\u0131z\u0131nt\u0131 Olay\u0131n\u0131n \u00d6zeti<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Yasadisi_Erisimin_Ortaya_Cikisi_ve_Ilk_Tepki\" title=\"Yasad\u0131\u015f\u0131 Eri\u015fimin Ortaya \u00c7\u0131k\u0131\u015f\u0131 ve \u0130lk Tepki\">Yasad\u0131\u015f\u0131 Eri\u015fimin Ortaya \u00c7\u0131k\u0131\u015f\u0131 ve \u0130lk Tepki<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Keio_SFC%E2%80%99nin_Ilk_Tepkisi_Hakkinda\" title=\"Keio SFC&#8217;nin \u0130lk Tepkisi Hakk\u0131nda\">Keio SFC&#8217;nin \u0130lk Tepkisi Hakk\u0131nda<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Ilgili_Kisilere_Bildirim_Hakkinda\" title=\"\u0130lgili Ki\u015filere Bildirim Hakk\u0131nda\">\u0130lgili Ki\u015filere Bildirim Hakk\u0131nda<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Bilgi_Sizintisinin_Ardindan_Yapilan_Basin_Aciklamasi\" title=\"Bilgi S\u0131z\u0131nt\u0131s\u0131n\u0131n Ard\u0131ndan Yap\u0131lan Bas\u0131n A\u00e7\u0131klamas\u0131\">Bilgi S\u0131z\u0131nt\u0131s\u0131n\u0131n Ard\u0131ndan Yap\u0131lan Bas\u0131n A\u00e7\u0131klamas\u0131<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Keio_SFC%E2%80%99nin_Basin_Aciklamasi_Hakkinda\" title=\"Keio SFC&#8217;nin Bas\u0131n A\u00e7\u0131klamas\u0131 Hakk\u0131nda\">Keio SFC&#8217;nin Bas\u0131n A\u00e7\u0131klamas\u0131 Hakk\u0131nda<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Basin_Aciklamasinin_Zamanlamasi\" title=\"Bas\u0131n A\u00e7\u0131klamas\u0131n\u0131n Zamanlamas\u0131\">Bas\u0131n A\u00e7\u0131klamas\u0131n\u0131n Zamanlamas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Dolandiricilik_ve_Rahatsiz_Edici_Davranislara_Karsi_Uyari\" title=\"Doland\u0131r\u0131c\u0131l\u0131k ve Rahats\u0131z Edici Davran\u0131\u015flara Kar\u015f\u0131 Uyar\u0131\">Doland\u0131r\u0131c\u0131l\u0131k ve Rahats\u0131z Edici Davran\u0131\u015flara Kar\u015f\u0131 Uyar\u0131<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Kriz_Yonetiminin_Merkezi_Tedbirler_Merkezi\" title=\"Kriz Y\u00f6netiminin Merkezi: Tedbirler Merkezi\">Kriz Y\u00f6netiminin Merkezi: Tedbirler Merkezi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Ozet\" title=\"\u00d6zet\">\u00d6zet<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/tr\/general-corporate\/keio-univ-information-leak\/#Buromuz_Tarafindan_Alinan_Onlemler\" title=\"B\u00fcromuz Taraf\u0131ndan Al\u0131nan \u00d6nlemler\">B\u00fcromuz Taraf\u0131ndan Al\u0131nan \u00d6nlemler<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Keio_SFC%E2%80%99nin_Bilgi_Sizinti_Olayinin_Ozeti\"><\/span>Keio SFC&#8217;nin Bilgi S\u0131z\u0131nt\u0131 Olay\u0131n\u0131n \u00d6zeti<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Keio SFC&#8217;de meydana gelen, yetkisiz eri\u015fim sonucu bilgi s\u0131z\u0131nt\u0131s\u0131 ile ilgili ana konular a\u015fa\u011f\u0131daki gibidir:<\/p>\n\n\n\n<ul>\n<li>S\u0131z\u0131nt\u0131n\u0131n Ortaya \u00c7\u0131k\u0131\u015f\u0131: 2020 y\u0131l\u0131n\u0131n 29 Eyl\u00fcl&#8217;\u00fcnde (Japon takvimine g\u00f6re Reiwa 2 y\u0131l\u0131), ders destek sistemi (SFC-SFS)\u203b&#8217;ye yetkisiz eri\u015fim sonucu bilgi s\u0131z\u0131nt\u0131s\u0131 olas\u0131l\u0131\u011f\u0131 belirlendi. <br>\u203bSFC-SFS, t\u00fcm \u00f6\u011frencilere e-posta g\u00f6nderme, \u00f6\u011frenci listesini indirme, rapor ve g\u00f6rev kayd\u0131, teslim alma, not (yorum) kayd\u0131, ders ara\u015ft\u0131rmas\u0131 yorumlar\u0131 giri\u015fi ve g\u00f6r\u00fcnt\u00fcleme gibi i\u015flevlere sahip bir sistemdir.<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n Nedeni: 19 sistem kullan\u0131c\u0131s\u0131n\u0131n ID ve \u015fifreleri \u00e7al\u0131nd\u0131 ve bu bilgiler \u00fc\u00e7\u00fcnc\u00fc bir taraf taraf\u0131ndan yetkisiz bir \u015fekilde kullan\u0131larak sisteme girildi. SFC-SFS&#8217;nin zay\u0131fl\u0131\u011f\u0131 ana neden olarak d\u00fc\u015f\u00fcn\u00fclmektedir.<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n Kapsam\u0131: Shonan Fujisawa Kamp\u00fcs\u00fc&#8217;n\u00fcn y\u00f6netti\u011fi \u00f6\u011frenci ve \u00f6\u011fretim g\u00f6revlileri vb. ki\u015fisel bilgiler<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n \u0130\u00e7eri\u011fi: &#8220;Ad&#8221;, &#8220;Adres&#8221;, &#8220;Hesap Ad\u0131&#8221;, &#8220;E-posta Adresi&#8221; yan\u0131 s\u0131ra \u00f6\u011frenciler i\u00e7in &#8220;Y\u00fcz Foto\u011fraf\u0131&#8221;, &#8220;\u00d6\u011frenci Numaras\u0131&#8221;, &#8220;Kredi Bilgileri&#8221;, &#8220;Giri\u015f Tarihi&#8221; vb., \u00f6\u011fretim g\u00f6revlileri i\u00e7in ise &#8220;\u00d6\u011fretim G\u00f6revlisi Numaras\u0131&#8221;, &#8220;Pozisyon&#8221;, &#8220;Profil&#8221;, &#8220;Ki\u015fisel E-posta Verileri&#8221; vb. bilgiler dahildir.<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131 Say\u0131s\u0131: Bilgi s\u0131z\u0131nt\u0131s\u0131 olas\u0131l\u0131\u011f\u0131 olan durumlar yakla\u015f\u0131k 33.000&#8217;dir.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/keio-univ-information-leak-3.jpg\" alt=\"\" class=\"wp-image-36576\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Yasadisi_Erisimin_Ortaya_Cikisi_ve_Ilk_Tepki\"><\/span>Yasad\u0131\u015f\u0131 Eri\u015fimin Ortaya \u00c7\u0131k\u0131\u015f\u0131 ve \u0130lk Tepki<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>15 Eyl\u00fcl saat 17:45 civar\u0131nda, Keio SFC&#8217;nin IT b\u00f6l\u00fcm\u00fc, SFC-SFS&#8217;ye y\u00f6nelik zafiyet taramas\u0131n\u0131n aral\u0131kl\u0131 olarak ger\u00e7ekle\u015ftirildi\u011fini tespit etti.<\/p>\n\n\n\n<p>Ayr\u0131ca, 28 Eyl\u00fcl gecesi, SFC-SFS sistemine y\u00f6nelik \u015f\u00fcpheli bir eri\u015fim tespit edildi ve yap\u0131lan inceleme sonucunda, 29 Eyl\u00fcl erken saatlerinde yasad\u0131\u015f\u0131 eri\u015fim sonucu bilgi s\u0131z\u0131nt\u0131s\u0131 olabilece\u011fi anla\u015f\u0131ld\u0131.<\/p>\n\n\n\n<p>Keio SFC, zafiyet taramas\u0131n\u0131 tespit ettikten sonraki g\u00fcn itibariyle a\u015fa\u011f\u0131daki ilk tepki \u00f6nlemlerini ba\u015flatt\u0131:<\/p>\n\n\n\n<ul>\n<li>T\u00fcm kullan\u0131c\u0131lardan \u015fifrelerini de\u011fi\u015ftirmelerini istemek (16 Eyl\u00fcl, 30 Eyl\u00fcl) <\/li>\n\n\n\n<li>T\u00fcm kimlik do\u011frulama noktalar\u0131n\u0131 ve kimlik do\u011frulama kay\u0131tlar\u0131n\u0131 s\u00fcrekli olarak izlemek (16 Eyl\u00fcl&#8217;den itibaren s\u00fcrekli) <\/li>\n\n\n\n<li>Ortak hesaplama sunucusuna d\u0131\u015far\u0131dan yap\u0131lan giri\u015fleri sadece halka a\u00e7\u0131k anahtar do\u011frulamas\u0131 ile s\u0131n\u0131rlamak (16 Eyl\u00fcl) <\/li>\n\n\n\n<li>Zafiyetin tespit edildi\u011fi web hizmetlerini durdurmak ve zafiyetli alanlar\u0131 d\u00fczeltmek\u3010Devam ediyor\u3011(16 Eyl\u00fcl&#8217;den itibaren s\u0131rayla, SFC-SFS 29 Eyl\u00fcl)<\/li>\n\n\n\n<li>SFC-SFS sistemini durdurmak (29 Eyl\u00fcl)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Keio_SFC%E2%80%99nin_Ilk_Tepkisi_Hakkinda\"><\/span>Keio SFC&#8217;nin \u0130lk Tepkisi Hakk\u0131nda<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Yasad\u0131\u015f\u0131 eri\u015fim tespit edildi\u011finde, genellikle bir kriz y\u00f6netimi merkezi kurulur ve ilk tepki bu merkez taraf\u0131ndan verilir. Ancak bu durumda, Keio \u00dcniversitesi&#8217;nin daimi y\u00f6netim kurulu \u00fcyesi ve en \u00fcst d\u00fczey bilgi sorumlusu ve en \u00fcst d\u00fczey bilgi g\u00fcvenli\u011fi sorumlusu olan Kunio Kunio&#8217;nun liderli\u011findeki IT b\u00f6l\u00fcm\u00fc, kriz y\u00f6netimi merkezi olarak g\u00f6rev yapm\u0131\u015f gibi g\u00f6r\u00fcn\u00fcyor.<\/p>\n\n\n\n<p>\u0130lk tepkinin \u00f6nemli oldu\u011fu nokta, &#8220;bilgi izolasyonu&#8221;, &#8220;a\u011f kesintisi&#8221; ve &#8220;hizmet durdurma&#8221; gibi \u00f6nlemlerle zarar\u0131n geni\u015flemesini ve ikincil zarar\u0131n olu\u015fmas\u0131n\u0131 \u00f6nlemektir. Ancak, Keio SFC durumunda, sistem kullan\u0131c\u0131lar\u0131 genel halk yerine \u00f6\u011frenciler ve \u00f6\u011fretim \u00fcyeleri ile s\u0131n\u0131rl\u0131 oldu\u011fu i\u00e7in, \u015fifre de\u011fi\u015fikli\u011fi ve giri\u015f y\u00f6nteminin s\u0131n\u0131rlanmas\u0131 gibi \u00f6nlemler \u00f6nceliklidir.<\/p>\n\n\n\n<p>Ancak, yasad\u0131\u015f\u0131 eri\u015fimin belirtisini tespit ettikten hemen sonra harekete ge\u00e7ti ve ayr\u0131ca bilgi s\u0131z\u0131nt\u0131s\u0131 olas\u0131l\u0131\u011f\u0131n\u0131n 29 Eyl\u00fcl&#8217;de anla\u015f\u0131ld\u0131\u011f\u0131nda SFC-SFS sistemini durdurdu. Bu, uygun bir kriz y\u00f6netimi yan\u0131t\u0131 olarak kabul edilebilir.<\/p>\n\n\n\n<p>Keio SFC&#8217;nin ilk tepkisi hakk\u0131nda merak edilen bir nokta, yasad\u0131\u015f\u0131 eri\u015fim su\u00e7u kar\u015f\u0131s\u0131nda delil koruma \u00f6nlemlerini al\u0131p almad\u0131\u011f\u0131 ve denetleyici kurumlar veya polise bildirimde bulunup bulunmad\u0131\u011f\u0131d\u0131r. Ancak, bas\u0131n b\u00fcltenlerinde veya medya raporlar\u0131nda bu konuda bir a\u00e7\u0131klama bulunmad\u0131\u011f\u0131 i\u00e7in bu konuda bir bilgiye ula\u015f\u0131lamam\u0131\u015ft\u0131r.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/dad0f120d841b7eb2043aae31cc35910.jpg\" alt=\"\" class=\"wp-image-35868\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ilgili_Kisilere_Bildirim_Hakkinda\"><\/span>\u0130lgili Ki\u015filere Bildirim Hakk\u0131nda<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Keio SFC&#8217;nin \u00f6\u011frenci ve \u00f6\u011fretim \u00fcyelerine yapt\u0131\u011f\u0131 bildirimler, a\u015fa\u011f\u0131daki gibi i\u015fle ilgili e-postalar \u015feklinde ger\u00e7ekle\u015ftirildi ve ki\u015fisel bilgilerin s\u0131zd\u0131\u011f\u0131na ilk kez 30 Eyl\u00fcl&#8217;deki e-postada de\u011finildi.<\/p>\n\n\n\n<p>29 Eyl\u00fcl&#8217;de, Keio SFC&#8217;nin personeline, &#8220;ciddi bir sorun&#8221; nedeniyle SFC-SFS&#8217;yi durduracaklar\u0131n\u0131 bildirdi.<\/p>\n\n\n\n<p>30 Eyl\u00fcl&#8217;de, bu sorun nedeniyle &#8220;kullan\u0131c\u0131 hesap bilgileri&#8221;nin s\u0131zd\u0131\u011f\u0131 olas\u0131l\u0131\u011f\u0131na kar\u015f\u0131, SFC-SFS&#8217;nin t\u00fcm kullan\u0131c\u0131lar\u0131na \u015fifrelerini de\u011fi\u015ftirmelerini istedi.<\/p>\n\n\n\n<p>Ayr\u0131ca, personeline, SFC-SFS&#8217;nin durdurulmas\u0131 nedeniyle ders se\u00e7imi ve \u00f6\u011frencilere yap\u0131lan bildirimlerin planland\u0131\u011f\u0131 gibi ger\u00e7ekle\u015ftirilemeyece\u011fi i\u00e7in belirli bir s\u00fcre derslerin iptal edilece\u011fini bildirdi.<br>\n<br>\nBu bilgiyi duyan J-CAST News, ayn\u0131 g\u00fcn &#8220;Keio SFC&#8217;de ders sisteminde ciddi bir sorun, sonbahar d\u00f6nemi ba\u015flang\u0131c\u0131 bir hafta gecikti&#8221; ba\u015fl\u0131kl\u0131 bir makale yay\u0131nlad\u0131 ve &#8220;kullan\u0131c\u0131 hesap bilgileri&#8221;nin s\u0131zd\u0131\u011f\u0131 halka a\u00e7\u0131kland\u0131.<\/p>\n\n\n\n<p>1 Ekim&#8217;de, Keio SFC&#8217;nin web sitesinde \u00f6\u011frencilere, yasad\u0131\u015f\u0131 eri\u015fim olas\u0131l\u0131\u011f\u0131 nedeniyle 29 Eyl\u00fcl&#8217;de SFC-SFS&#8217;yi durdurduklar\u0131n\u0131 ve bu etkiden dolay\u0131 1 Ekim&#8217;den 7 Ekim&#8217;e kadar derslerin iptal edilece\u011fini bildirdi. (\u203b Ki\u015fisel bilgi s\u0131z\u0131nt\u0131s\u0131 hakk\u0131nda bir a\u00e7\u0131klama yok)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bilgi_Sizintisinin_Ardindan_Yapilan_Basin_Aciklamasi\"><\/span>Bilgi S\u0131z\u0131nt\u0131s\u0131n\u0131n Ard\u0131ndan Yap\u0131lan Bas\u0131n A\u00e7\u0131klamas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>\u0130lk olarak, 10 Kas\u0131m&#8217;da web sitesi \u00fczerinden, izinsiz eri\u015fim sonucu ki\u015fisel bilgilerin s\u0131zd\u0131r\u0131ld\u0131\u011f\u0131na dair bir a\u00e7\u0131klama yap\u0131ld\u0131.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Bu sefer, Shonan Fujisawa Kamp\u00fcs\u00fc Bilgi A\u011f\u0131 Sistemi (SFC-CNS) ve Ders Destek Sistemi (SFC-SFS) kullan\u0131c\u0131lar\u0131n\u0131n 19 ki\u015filik (\u00f6\u011fretim g\u00f6revlisi) ID ve \u015fifrelerinin bir \u015fekilde \u00e7al\u0131nd\u0131\u011f\u0131 ve bu bilgilerin kullan\u0131larak d\u0131\u015far\u0131dan izinsiz eri\u015fim ve Ders Destek Sistemi (SFC-SFS) zafiyetlerinin hedef al\u0131nd\u0131\u011f\u0131 bir sald\u0131r\u0131 sonucu, bu sistemlerden kullan\u0131c\u0131lar\u0131n ki\u015fisel bilgilerinin s\u0131zd\u0131r\u0131lm\u0131\u015f olabilece\u011fi anla\u015f\u0131ld\u0131. Bu durumun meydana gelmesi ve ilgili t\u00fcm ki\u015filere rahats\u0131zl\u0131k ve endi\u015fe vermi\u015f olmam\u0131zdan dolay\u0131 \u00f6z\u00fcr dileriz. \u015eu anda ikincil zararlar\u0131n oldu\u011funa dair bir kan\u0131t bulunmamaktad\u0131r.<\/p>\n<\/blockquote>\n\n\n\n<p><a href=\"https:\/\/www.sfc.keio.ac.jp\/news\/015056.html\" target=\"_blank\" rel=\"noreferrer noopener\">Keio \u00dcniversitesi &#8220;SFC-CNS ve SFC-SFS&#8217;ye Yap\u0131lan \u0130zinsiz Eri\u015fim Sonucu Ki\u015fisel Bilgi S\u0131z\u0131nt\u0131s\u0131 Hakk\u0131nda&#8221; [ja]<\/a><\/p>\n\n\n\n<p>Bu bas\u0131n a\u00e7\u0131klamas\u0131nda a\u015fa\u011f\u0131daki konular hakk\u0131nda detayl\u0131 bilgiler de verilmi\u015ftir:<\/p>\n\n\n\n<ul>\n<li>S\u0131zd\u0131r\u0131lm\u0131\u015f olabilecek ki\u015fisel bilgilerin i\u00e7eri\u011fi<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n nas\u0131l ortaya \u00e7\u0131kt\u0131\u011f\u0131<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n neden oldu\u011fu<\/li>\n\n\n\n<li>S\u0131z\u0131nt\u0131n\u0131n ortaya \u00e7\u0131kmas\u0131n\u0131n ard\u0131ndan yap\u0131lanlar<\/li>\n\n\n\n<li>Mevcut durum<\/li>\n\n\n\n<li>Yeniden olu\u015fmas\u0131n\u0131 \u00f6nleme \u00f6nlemleri<\/li>\n<\/ul>\n\n\n\n<p>Yukar\u0131daki bilgiler, bilgi s\u0131z\u0131nt\u0131s\u0131 hakk\u0131nda kamuoyuna a\u00e7\u0131klanmas\u0131 gereken konular\u0131 neredeyse tamamen kapsamaktad\u0131r.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Keio_SFC%E2%80%99nin_Basin_Aciklamasi_Hakkinda\"><\/span>Keio SFC&#8217;nin Bas\u0131n A\u00e7\u0131klamas\u0131 Hakk\u0131nda<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Basin_Aciklamasinin_Zamanlamasi\"><\/span>Bas\u0131n A\u00e7\u0131klamas\u0131n\u0131n Zamanlamas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Asl\u0131nda, Keio SFC&#8217;nin ilk olarak kendisinin a\u00e7\u0131klama yapmas\u0131 gereken bir durumda, J-CAST News&#8217;in raporundan 41 g\u00fcn sonra a\u00e7\u0131klama yapmas\u0131 gecikmi\u015f bir durum olarak de\u011ferlendirilebilir.<\/p>\n\n\n\n<p>\u00c7\u00fcnk\u00fc, ki\u015fisel bilgilerin s\u0131zd\u0131r\u0131lmas\u0131 durumunda, ikincil zararlar\u0131 \u00f6nlemek i\u00e7in s\u0131zd\u0131r\u0131lan ki\u015fisel bilgilerin sahibine bildirimde bulunmak acil bir durumdur.<\/p>\n\n\n\n<p>Ancak, 30 Eyl\u00fcl&#8217;deki \u015fifre de\u011fi\u015ftirme talebinde &#8220;kullan\u0131c\u0131 hesap bilgileri&#8221;nin somut i\u00e7eri\u011fini bildiriyorsa, bir sorun yoktur.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Dolandiricilik_ve_Rahatsiz_Edici_Davranislara_Karsi_Uyari\"><\/span>Doland\u0131r\u0131c\u0131l\u0131k ve Rahats\u0131z Edici Davran\u0131\u015flara Kar\u015f\u0131 Uyar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Bilgi s\u0131z\u0131nt\u0131s\u0131n\u0131n ortaya \u00e7\u0131kmas\u0131n\u0131n ard\u0131ndan yap\u0131lan bas\u0131n a\u00e7\u0131klamas\u0131nda, meydana gelen bilgi s\u0131z\u0131nt\u0131s\u0131n\u0131 kamuoyuna duyurmak, ki\u015fisel bilgiler s\u0131zd\u0131r\u0131ld\u0131\u011f\u0131nda, bu durumu ki\u015fiye bildirip \u00f6z\u00fcr dilemek ve doland\u0131r\u0131c\u0131l\u0131k ve rahats\u0131z edici davran\u0131\u015flar gibi zararlardan ka\u00e7\u0131nmak i\u00e7in uyar\u0131da bulunmak gereklidir.<\/p>\n\n\n\n<p>Kapal\u0131 bir kamp\u00fcs i\u00e7indeki bilgiler bile d\u0131\u015f d\u00fcnyaya s\u0131zarsa, k\u00f6t\u00fcye kullan\u0131labilir ve bu durumda da doland\u0131r\u0131c\u0131l\u0131k ve rahats\u0131z edici davran\u0131\u015flara kar\u015f\u0131 uyar\u0131 yap\u0131lmas\u0131 gereklidir.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2021\/08\/93d4de660cab62321b1d83fe184426b6.jpg\" alt=\"\" class=\"wp-image-35872\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kriz_Yonetiminin_Merkezi_Tedbirler_Merkezi\"><\/span>Kriz Y\u00f6netiminin Merkezi: Tedbirler Merkezi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Keio SFC, bas\u0131n b\u00fcltenindeki &#8220;tekrarlanan olaylar\u0131n \u00f6nlenmesi&#8221; b\u00f6l\u00fcm\u00fcnde tedbirler merkezini \u015fu \u015fekilde tan\u0131mlamaktad\u0131r:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>Keio \u00dcniversitesi olarak, bu son haks\u0131z eri\u015fim olay\u0131n\u0131 g\u00f6z \u00f6n\u00fcnde bulundurarak, t\u00fcm okul genelinde web uygulamalar\u0131 ve sistemlerin g\u00fcvenlik kontrol\u00fc ve iyile\u015ftirmesi, ki\u015fisel bilgilerin korunmas\u0131 i\u00e7in uygulamalar\u0131n g\u00f6zden ge\u00e7irilmesi gibi tekrarlanan olaylar\u0131n \u00f6nlenmesi i\u00e7in tedbirler almay\u0131 h\u0131zla s\u00fcrd\u00fcrece\u011fiz. Ayr\u0131ca, 1 Kas\u0131m 2020 tarihinde (2020) okul i\u00e7inde bir CSIRT (Bilgi G\u00fcvenli\u011fi Olaylar\u0131na Kar\u015f\u0131 Tedbirler Ekibi) kurduk ve kapsaml\u0131 bir siber g\u00fcvenlik yan\u0131t\u0131 sa\u011flayabilecek bir organizasyon olu\u015fturmay\u0131 ve d\u0131\u015f uzman kurulu\u015flarla i\u015fbirli\u011fi yaparak t\u00fcm okul genelinde daha fazla g\u00fcvenlik sa\u011flamay\u0131 hedefliyoruz.<\/p>\n<\/blockquote>\n\n\n\n<p><a href=\"https:\/\/www.sfc.keio.ac.jp\/doc\/df8e80e0da5060b204d0ae01f6e9695989fd9059.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Keio \u00dcniversitesi &#8220;SFC-CNS ve SFC-SFS&#8217;ye Yasa D\u0131\u015f\u0131 Eri\u015fim Sonucu Ki\u015fisel Bilgi S\u0131z\u0131nt\u0131s\u0131 Hakk\u0131nda&#8221; [ja]<\/a><\/p>\n\n\n\n<p>Bu konudaki ilk tepki, Keio SFC&#8217;nin i\u00e7 organizasyonunun do\u011frudan tedbirler merkezi rol\u00fcn\u00fc \u00fcstlendi\u011fi gibi g\u00f6r\u00fcn\u00fcyor, ancak 1 Kas\u0131m 2020&#8217;de (2020) kurulan &#8220;CSIRT&#8221;, g\u00fcvenlik g\u00fc\u00e7lendirme ve gelecekte bir olay meydana geldi\u011finde kriz y\u00f6netiminin merkezi olacak tedbirler merkezi olarak kabul edilen bir organizasyondur.<\/p>\n\n\n\n<p>CSIRT&#8217;nin \u00fcye yap\u0131s\u0131 belirsiz olsa da, sistem g\u00fcvenli\u011fi \u00f6nlemlerinin yan\u0131 s\u0131ra, hedef kullan\u0131c\u0131lara ileti\u015fim, denetim kurumlar\u0131na ve polise bildirim, medya yan\u0131tlar\u0131, hukuki sorumluluklar\u0131n de\u011ferlendirilmesi gibi i\u015flemlerin e\u015f zamanl\u0131 olarak y\u00fcr\u00fct\u00fclmesi gerekti\u011fi i\u00e7in, genellikle a\u015fa\u011f\u0131daki gibi d\u0131\u015f \u00fc\u00e7\u00fcnc\u00fc taraf kurulu\u015flar\u0131n ve uzmanlar\u0131n kat\u0131l\u0131m\u0131 gereklidir:<\/p>\n\n\n\n<ul>\n<li>B\u00fcy\u00fck yaz\u0131l\u0131m \u015firketleri<\/li>\n\n\n\n<li>B\u00fcy\u00fck g\u00fcvenlik uzman\u0131 sat\u0131c\u0131lar<\/li>\n\n\n\n<li>Siber g\u00fcvenlik konusunda derin bilgiye sahip d\u0131\u015f avukatlar<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ozet\"><\/span>\u00d6zet<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Bu sefer oldu\u011fu gibi, e\u011fitim alan\u0131nda ki\u015fisel bilgilerin s\u0131zd\u0131\u011f\u0131 durumlarda bile, uygun bir &#8220;ilk tepki&#8221; ve \u00f6nlemler merkezli &#8220;bildirim, raporlama ve yay\u0131nlama&#8221; ve sonraki &#8220;g\u00fcvenlik \u00f6nlemleri&#8221; \u00f6nemlidir.<\/p>\n\n\n\n<p>\u00d6zellikle h\u0131z\u0131n gerekti\u011fi yerler, sadece ilk tepki de\u011fil, ayn\u0131 zamanda polise ve ilgili bakanl\u0131klara bildirim ve raporlama, ki\u015fiye bildirim (\u00f6z\u00fcr) ve uygun zamanlamada yay\u0131nlamad\u0131r.<\/p>\n\n\n\n<p>Ancak, prosed\u00fcrleri veya \u00e7\u00f6z\u00fcmleri yanl\u0131\u015f anlad\u0131\u011f\u0131n\u0131zda, tazminat sorumlulu\u011fu gibi sorunlarla kar\u015f\u0131la\u015fma olas\u0131l\u0131\u011f\u0131n\u0131z da vard\u0131r, bu y\u00fczden kendi ba\u015f\u0131n\u0131za karar vermek yerine, siber g\u00fcvenlik konusunda bilgili ve deneyimli bir avukata \u00f6nceden dan\u0131\u015fman\u0131z\u0131 \u00f6neririz.<\/p>\n\n\n\n<p>Capcom&#8217;un k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 nedeniyle bilgi s\u0131z\u0131nt\u0131s\u0131 s\u0131ras\u0131ndaki kriz y\u00f6netimi hakk\u0131nda ilgisi olanlar, detaylar\u0131 makalede anlat\u0131yoruz, l\u00fctfen bir g\u00f6z at\u0131n.<\/p>\n\n\n\n<p><a href=\"https:\/\/monolith.law\/corporate\/capcom-information-leakage-crisis-management\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/monolith.law\/corporate\/capcom-information-leakage-crisis-management [ja]<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Buromuz_Tarafindan_Alinan_Onlemler\"><\/span>B\u00fcromuz Taraf\u0131ndan Al\u0131nan \u00d6nlemler<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Monolit Hukuk B\u00fcrosu, \u00f6zellikle IT ve hukuk alanlar\u0131nda y\u00fcksek uzmanl\u0131\u011fa sahip bir hukuk b\u00fcrosudur. B\u00fcromuz, Tokyo Borsas\u0131 Prime listesindeki \u015firketlerden giri\u015fimlere kadar \u00e7e\u015fitli durumlar i\u00e7in hukuki kontroller ger\u00e7ekle\u015ftirmektedir. L\u00fctfen a\u015fa\u011f\u0131daki makaleye bak\u0131n\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yasad\u0131\u015f\u0131 eri\u015fimler sonucu bilgi s\u0131z\u0131nt\u0131lar\u0131 sadece \u015firketlerle s\u0131n\u0131rl\u0131 olmay\u0131p e\u011fitim alan\u0131nda da meydana gelmektedir, ancak bu durumla ba\u015fa \u00e7\u0131kma y\u00f6ntemleri \u015firketlerden biraz farkl\u0131 g\u00f6r\u00fcnmektedir. \u00d6 [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":62688,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/posts\/61733"}],"collection":[{"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/comments?post=61733"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/posts\/61733\/revisions"}],"predecessor-version":[{"id":62690,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/posts\/61733\/revisions\/62690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/media\/62688"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/media?parent=61733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/categories?post=61733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/tr\/wp-json\/wp\/v2\/tags?post=61733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}