
- TOP
- ã¿ã°äžèЧ
- ã²ãŒã
ã²ãŒã
ã€ãã³ã
ãã¬ãžã³
æè¡ããã°
æ¬ããã°ã¯ 2026 幎 5 æ 19 æ¥ã«å
¬éããã AWS Blogãâ CIRT insights: How to help prevent unauthorized account removals from AWS Organizations â ã翻蚳ãããã®ã§ãã AWS Customer Incident Response Team (CIRT) ã¯ãã客æ§ãã¢ã¯ãã£ããªã»ãã¥ãªãã£ã€ã³ã·ãã³ããã埩æ§ããããã®ãæ¯æŽãè¡ã£ãŠããŸãããã®æŽ»åã®äžã§ãç¹å®ã® ã客æ§ã®æ§æãèšèš ãæªçšãããæ°ãããŸãã¯æµè¡ããŠããæ»ææå£ãçºèŠããããšããã°ãã°ãããŸãã ãããã®æå£ãçè§£ããããšã¯ãã¢ãŒããã¯ãã£äžã®æææ±ºå®ãžã®åæ ã察å¿èšç»ã®æ¹åããããŠå®éã«ãã®ãããªç¶æ³ãçºçããå Žåã®æ€åºã«åœ¹ç«ã¡ãŸãã æ¬æçš¿ã§ã¯ãæ»æè
ãã客æ§ã¢ã«ãŠã³ãã®å¶åŸ¡ã奪åããåŸã«åãæ°ããã¢ãããŒããåãäžããŸããå
·äœçã«ã¯ãã客æ§ã® AWS Organizations å®è£
ãã該åœã¢ã«ãŠã³ããé¢è±ããããã®æ§é ãæäŸããããªã·ãŒãä¿è·ãåé¿ããæå£ã§ãã æ¬èšäºã§èª¬æããæå£ã¯ãAWS ãµãŒãã¹ã®è匱æ§ãå©çšãããã®ã§ã¯ãããŸããã代ããã«ãç¹å®ã®æ§æãèšèšã«ãã£ãŠçããäºæããªãæ©äŒãæªçšããAWS ã¢ã«ãŠã³ãå
ã®ãªãœãŒã¹ãäžæ£ã«äœ¿çšãããã®ã§ãã äœãèµ·ããŠããã®ã ãã®ã¢ãããŒãã¯ãæ»æè
ã organizations:LeaveOrganization æš©éã®ä»äžãæã€ã¯ã¬ãã³ã·ã£ã«ã䜿çšãããšããããå§ãŸããŸãããã®æš©é㯠LeaveOrganization API ã³ãŒã« ãžã®ã¢ã¯ã»ã¹ãæäŸããã¡ã³ããŒã¢ã«ãŠã³ãããåŒã³åºããããšããã®ã¢ã«ãŠã³ãã Organization ããé¢è±ãããããšããŸãã éèŠãªç¹ãšããŠããã®ã¢ãããŒãã§ã¯äŸµå®³ãããã«ãŒãã¯ã¬ãã³ã·ã£ã«ã䜿ãããå ŽåããããŸãããæ»æè
ã¯ä»ã®ææ®µã§ã¢ã¯ã»ã¹æš©ãææ Œãããå¿
èŠãªæš©éãååŸãããããã®æš©éãæã€ããŒã«ãåŒãåããèœåãç²åŸããããçŸåšã®ã¯ã¬ãã³ã·ã£ã«ã«ãã®æš©éãä»äžããèœåãç²åŸãããããããšãã§ããŸããããããèªå¯ã«å¯Ÿã㊠æå°æš©éã®ã¢ãããŒã ãåãããšããã客æ§ã®ç°å¢ãä¿è·ããäžã§æ¥µããŠéèŠã§ããçç±ã§ãã詳现ã«ã€ããŠã¯ã AWS Identity and Access Management (IAM) ããã¥ã¡ã³ã ãšã çµç¹åäœ (OU) èšèšããã³ ãµãŒãã¹ã³ã³ãããŒã«ããªã·ãŒ (SCP) å®è£
ã«é¢ãã AWS Organizations ã®ã¬ã€ãã³ã¹ãã芧ãã ããã ã客æ§ã®ç°å¢ãžã®åœ±é¿ ã¢ã«ãŠã³ãã Organization ããé¢è±ããããããšããã® Organization ã®äžéšãšããŠç¶æ¿ãããŠããå¶é (ç Žå£çãªã¢ã¯ã·ã§ã³ã鲿¢ããŠãã SCPãå©çšå¯èœãª AWS ãªãŒãžã§ã³ãå¶éããŠãããã®ãç¹å®ã® API ã³ãŒã«ããããã¯ããŠãããã®ç) ãé©çšãããªããªããŸãããŸããåœè©²ã¢ã«ãŠã³ãã¯äžæ¬è«æ± (Consolidated Billing) ã®å¯Ÿè±¡å€ãšãªããããOrganization ã®è«æ±ã¢ã©ãŒããã³ã¹ãç°åžžæ€ç¥ã該åœã¢ã«ãŠã³ãã®æŽ»åãã«ããŒããªããªããŸãã AWS CloudTrail ã®çµç¹ãã¬ã€ã«ã¯é¢è±ããã¢ã«ãŠã³ãããã®ã€ãã³ãååŸã忢ããå§ä»»ç®¡çè
ãä»ããŠç®¡çãããŠãã Amazon GuardDuty ã®æ€åºçµæãäžå€®ã®ã»ãã¥ãªãã£ã¢ã«ãŠã³ããžæµããªããªããŸãã ãã®çµæãã°ãã°çºçããã®ã¯ãOrganization ãåœè©²ã¢ã«ãŠã³ããžã®å¯èŠæ§ã倱ãäžæ¹ã§ããã®ã¢ã«ãŠã³ãå
ã«ã¯åŒãç¶ã Organization ã®ãªãœãŒã¹ãæ®ããšããç¶æ³ã§ããé¢é£ãã Threat Technique Catalog ã®ãšã³ããªã以äžã«ç€ºããŸãã T1078.A002: Account Root User : 䟵害ãããã«ãŒãã¯ã¬ãã³ã·ã£ã«ãå©çšããåæã¢ã¯ã»ã¹ T1078.004: Cloud Accounts : 䟵害ããã IAM ã¯ã¬ãã³ã·ã£ã«ãå©çšããåæã¢ã¯ã»ã¹ T1098: Account Manipulation : å¶åŸ¡ãç¶æããããã®æš©éææ Œãšã¢ã«ãŠã³ãèšå®ã®å€æŽ T1666.A002: Leave AWS Organization : SCP ãã¬ããã³ã¹ã³ã³ãããŒã«ãåé¿ãããããã¡ã³ããŒã¢ã«ãŠã³ãã Organization ããé¢è±ããã T1562.008: Disable Cloud Logs : Organization ããã®é¢è±åŸãäžå€®éçŽåãã®ã³ã°ã®å¯èŠæ§ã倱ããã ãã®æå£ã®æ€ç¥ ã¢ã«ãŠã³ãã Organization ããã®é¢è±ã詊ã¿ããšãCloudTrail ã«ã¯å°ãªããšã 2 ã€ã® API ã³ãŒã«ãèšé²ãããŸãã organizations:AcceptHandshake ãš organizations:LeaveOrganization ã§ããäžå€®éçŽåã®ãã®ã³ã°ãæ§æããŠããå Žåããããã®ã€ãã³ãã䟵害ã¢ã«ãŠã³ããã芳枬ãããæåŸã®ã€ãã³ããšãªãå¯èœæ§ããããŸããOrganization ããã®é¢è±åŸãããã©ã«ãã§ã¯ã¢ã«ãŠã³ãå
ã®ã€ãã³ãã¯èªèº«ã® CloudTrail ãã°ã«èšé²ãããããšã«ãªããŸããã¢ã«ãŠã³ãã Organization ã«åå ãŸãã¯é¢è±ããéã«é¢é£ãã CloudTrail ã€ãã³ãã以äžã«ç€ºããŸãããããã®ã€ãã³ãã¯ãAWS Organizations ã管çããããã«ããŒã ãå©çšããæ¿èªæžã¿ã®éçšã¯ãŒã¯ãããŒã®äžéšã§ãªãéãã調æ»ãå¿
èŠã§ãã CloudTrail ã€ãã³ã æå³ LeaveOrganization ã¡ã³ããŒã¢ã«ãŠã³ãã Organization ããé¢è±ããããšããŠãã AcceptHandshake ã¢ã«ãŠã³ããå¥ã® Organization ãžã®åå æåŸ
ãæ¿è«ŸããŠãã InviteAccountToOrganization Organization ãã¢ã«ãŠã³ããæåŸ
ããŠãã RemoveAccountFromOrganization 管çã¢ã«ãŠã³ããã¡ã³ããŒã¢ã«ãŠã³ããåé€ããŠãã (ã¡ã³ããŒèªããé¢è±ããå Žåãšã¯ç°ãªã) ãã®æå£ãé²ãããã®æšå¥šã¹ããã organizations:LeaveOrganization ã¢ã¯ã·ã§ã³ãæåŠãã SCP ãå®è£
ããŠãã ãããAWS Organizations 㯠ãã®å¶åŸ¡ã®å®è£
ã«é¢ãã詳现ãªã¬ã€ãã³ã¹ ãæäŸããŠãããå
·äœç㪠SCP ããªã·ãŒ JSON ããæ¬çªç°å¢ããã³éçºç°å¢ã®ã¢ã«ãŠã³ãã«ã¯ä¿è·ãç¶æãã€ã€æ£åœãªã¢ã«ãŠã³ãç§»è¡ã蚱容ã§ãã OU æ§é ã®èšèšã«é¢ããã¢ããã€ã¹ãå«ãŸããŠããŸãã SCP ã¯ãã¡ã³ããŒã¢ã«ãŠã³ãå
ã§ IAM ããªã·ãŒãèš±å¯ã§ããç¯å²ãå¶éããã¬ãŒãã¬ãŒã«ãšããŠæ©èœããŸããAWS Organizations ããå©çšã®ãã¹ãŠã®ã客æ§ã«ã¯ããã® SCP ãçŸåšé
眮ãããŠãããã確èªããé
眮ãããŠããªãå Žåã«ã¯å®è£
ã«åããæé ãèžãããšãåŒ·ãæšå¥šããããŸãããã® SCP ã¯è¿
éã«ãããã€ã§ããéçšäžã®åœ±é¿ãæå°éã§ããã¡ã³ããŒã¢ã«ãŠã³ãã Organization ããåé¢ããããšãæ
éã«ç®¡çã»æ€èšããããã®ããã»ã¹ãæäŸããŸãã ãã®ã¢ã¯ã·ã§ã³ã¯ãã«ãŒãã ãã§ãªã organizations:LeaveOrganization æš©éãæã€ãããã䟵害ããã IAM ããªã³ã·ãã«ããçºçãåŸããããIAM æš©éã®æå°æš©éååã¯éèŠãªè£å®çãªå¶åŸ¡ãšãªããŸãããŠãŒã¶ãŒãããŒã«ãããªã·ãŒã®è¿œå ã»åé€ã»å€æŽãè¡ã£ãããå¥ã®ããŒã«ãåŒãåããããèªèº«ã®æš©éã倿Žãããã§ããç¯å²ãå¶éããããšã§ãäžæ£ãªæš©é倿Žãè¡ãããçµè·¯ãæžããããšãã§ããŸããIAM ããªã·ãŒã宿çã«ã¬ãã¥ãŒããé床ã«åºç¯ãªæš©é (ç¹ã« iam:AttachRolePolicy ã iam:AttachUserPolicy ã iam:PutRolePolicy ãããã³åºç¯ãªä¿¡é Œããªã·ãŒã䌎ã sts:AssumeRole ) ã確èªããããšã¯ã䟵害ãããããªã³ã·ãã«ãå®è¡ã§ããç¯å²ãå¶éããã®ã«åœ¹ç«ã¡ãŸãã ã«ãŒãã¢ã«ãŠã³ãã®ã»ãã¥ãªãã£ã¯åŒãç¶ãéèŠã§ããã«ãŒãã®äŸµå®³ããã®ãã¿ãŒã³ã®äžè¬çãªäŸµå
¥çµè·¯ãšãªãããã§ãããã¹ãŠã®ã«ãŒããŠãŒã¶ãŒã«å¯ŸããŠå€èŠçŽ èªèšŒ (MFA) ãæå¹åããã«ãŒãã¢ã¯ã»ã¹ããŒãåé€ããã¡ã³ããŒã¢ã«ãŠã³ãããã«ãŒãã¯ã¬ãã³ã·ã£ã«ãå®å
šã«åãé€ã ã«ãŒãã¢ã¯ã»ã¹ã®äžå
管ç ãæ¡çšããããšã§ããªã¹ã¯ã®è»œæžã«ã€ãªãããŸãã ä»åŸã«ã€ããŠ æ¬æå£ã¯ãç§ãã¡ãæ§ã
ãªãšã³ã²ãŒãžã¡ã³ããéããŠç®ã«ããŠãããããåºç¯ãªããŒããæµ®ã圫ãã«ããŠããŸããæ»æè
㯠AWS ã®ã¬ããã³ã¹ã³ã³ãããŒã«ãã©ã®ããã«æ©èœãããããŸããŸãèªèããŠãããOrganization ãæäŸããå¶åŸ¡ããã¢ã«ãŠã³ããåãé¢ãããã®æå³çãªææ®µãåã£ãŠããŸããAWS CloudTrail ãç¡å¹åãããAmazon GuardDuty ãã£ãã¯ã¿ãŒãåé€ãããOrganization ããã¢ã«ãŠã³ããé¢è±ããããšãã£ãè¡çºã¯ãããããåãæŠç¥ã®æŽŸç圢ã«ããããŸããããªãã¡ãæ¬æ¥ã§ããã°æ»æè
ã®æŽ»åãå¶çŽããã客æ§ã«ãã察å¿ãæ¯æŽããã¯ãã®ã¬ãŒãã¬ãŒã«ãšå¯èŠæ§ãããã客æ§ã®ã¢ã«ãŠã³ããåãé¢ããšãããã®ã§ãã ãããé²ãããã®å¶åŸ¡ã¯æ¬æ¥æç¹ã§å©çšå¯èœã§ãããå®è£
ãç°¡åã§ãã AWS Organizations ãµãŒãã¹ããŒã ã®ã¬ã€ãã³ã¹ ããå§ãã DenyLeaveOrganizationSCP ãå®è£
ããããšããå§ãããŸããæ¬æå£ã«å¯ŸããŠãæã广ã倧ããããã€æãåŽåã®å°ãªãå¶åŸ¡ã§ãããã以å€ã«ããOU æ§é å
šäœã§ã® SCP ã®ã«ãã¬ããžãèŠçŽãããšããã¹ãŠã®ã¡ã³ããŒã¢ã«ãŠã³ãã§ã«ãŒãã¯ã¬ãã³ã·ã£ã«ãš IAM æš©éãé©åã«ä¿è·ãããŠããããšã確èªããããšãæ€ç¥ã»å¯Ÿå¿ããã»ã¹ãæ¬æå£ãèæ
®ã«å
¥ããŠããããšã確ãããããšãããã匷åºãªã»ãã¥ãªãã£æ
å¢ã«è²¢ç®ããŸãã Threat Technique Catalog for AWS ã«ã¯ãæ ¹åºã«ããæå£ã®æ€ç¥ã¬ã€ãã³ã¹ãå«ãŸããŠããŸãã é¢é£ãªãœãŒã¹ Threat Technique Catalog for AWS â Matrix T1078.A002: Account Root User T1078.004: Cloud Accounts T1098: Account Manipulation T1666.A002: Leave AWS Organization AWS Organizations ã«ãããäžæ£ãªã¢ã«ãŠã³ãé¢è±ã鲿¢ããããã®éèŠãªã»ãã¥ãªãã£ã³ã³ãããŒã« ã¡ã³ããŒã¢ã«ãŠã³ãã®ã«ãŒãã¢ã¯ã»ã¹ãäžå
管çãã AWS Organizations ãµãŒãã¹ã³ã³ãããŒã«ããªã·ãŒ Amazon GuardDuty AWS CloudTrail ãŠãŒã¶ãŒã¬ã€ã æ¬æçš¿ã«é¢ãããã£ãŒãããã¯ããããŸããããäžã®ã³ã¡ã³ãã»ã¯ã·ã§ã³ã«ãæçš¿ãã ããã èè
ã«ã€ã㊠Shannon Brazil Shannon 㯠AWS Customer Incident Response Team (CIRT) ã®ã»ãã¥ãªãã£ãšã³ãžãã¢ã§ãããããžã¿ã«ãã©ã¬ã³ãžãã¯ãšã¯ã©ãŠãã»ãã¥ãªãã£èª¿æ»ãå°éãšããŠããŸããã³ãã¥ããã£ã§ã¯ 4n6lady ãšããŠç¥ãããã»ãã¥ãªãã£æè²ã𿬡äžä»£ã®é²åŸ¡è
ã®è²æã«æ
ç±ã泚ãã§ããŸãã Derek Ramirez Derek 㯠AWS Customer Incident Response Team (CIRT) ã®ã»ãã¥ãªãã£ãšã³ãžãã¢ã§ãããµã€ããŒã»ãã¥ãªãã£ãšãå°é£ãªã€ã³ã·ãã³ãã¬ã¹ãã³ã¹ã®èª²é¡ãžã®å¯ŸåŠãæ¯æŽãã AI ããŒã«ã®æ§ç¯ãšãããèªèº«ãæ
ç±ã泚ã 2 ã€ã®ããšãçµã¿åãããŠåãçµãã§ããŸãããªãŒã¹ãã£ã³ã®ããŠã³ã¿ãŠã³ãèµ°ã£ããããŽã«ãã®ã·ã§ãŒãã²ãŒã ã«åãçµãã ããDallas Cowboys ãç±å¿ã«å¿æŽãããããŠããŸãã Richard Billington Richard 㯠AWS Customer Incident Response Team (ã¢ã¯ãã£ããªã»ãã¥ãªãã£ã€ãã³ãäžã« AWS ã®ã客æ§ããµããŒãããããŒã ) ã®ã¢ãžã¢å€ªå¹³æŽå°åã«ããã Sr. Security Engineer ã§ãã 翻蚳㯠Security Solutions Architect ã® æŸåŽ åæ ãæ
åœããŸããã
ããã«ã¡ã¯ãQAã³ã³ãµã«ã¿ã³ãã®ã€ããã§ãã ãããæãã®ã·ã¹ãã ãããããïŒã ãšã³ãžãã¢ããããã¯ããããŒãžã£ãŒã®çããã顧客ãããããªé¢šã«ããã¯ããšããèŠæãåããŠå°ã£ãçµéšã¯ãããŸãããïŒ è¯ãããšæã£ãŠäœã£ãã®ã«ããªããéããã ããªâŠããšèšãããŠããŸã£ããã ããããæ²ããããéããé²ãã顧客ã®çã®ããŒãºãåŒãåºããŠãããžã§ã¯ããæåã«å°ãããã®åŒ·åãªæŠåšããããžãã¹ã¢ããªã·ã¹ã®ç¥èäœç³» BABOK® (Business Analysis Body of Knowledge) ã§ãã ä»åã¯ããã®BABOKã®èãæ¹ã䜿ãããã飲é£åºã®ãæŒ ç¶ãšããæ³ãããå
·äœçãªã·ã¹ãã èŠæ±ã«èœãšã蟌ãã§ããããã»ã¹ããã±ãŒã¹ã¹ã¿ãã£åœ¢åŒã§ã玹ä»ããŸãã BABOKãšPMBOKïŒãããžã§ã¯ãæåã®äž¡èŒª BABOKïŒãããã¯ãšèªã¿ãŸãïŒã¯ãããžãã¹ã¢ããªã·ã¹ã®å°éæ©é¢ã§ããIIBA®ãçå®ããããã¹ããã©ã¯ãã£ã¹ãäœç³»çã«ãŸãšãããç¥èã®å°å³ãã®ãããªãã®ã§ãã ãã®è©±ããããšããããžã§ã¯ããããžã¡ã³ãã®ç¥èäœç³»ã§ãã PMBOK® (Project Management Body of Knowledge) ãšã©ãéãã®ãããšãã質åãããåããŸãããã®äºã€ã®éããçè§£ããããšã¯ããããžã§ã¯ãå
šäœãæåãããäžã§éåžžã«éèŠã§ãã äžèšã§èšããšããã®ç®çãç°ãªããŸãã BABOK® (ããžãã¹ã¢ããªã·ã¹) PMBOK® (ãããžã§ã¯ããããžã¡ã³ã) ç®ç æ£ãããããã¯ããäœã (Do the right thing ) ãããã¯ããæ£ããäœã (Do the thing right ) çŠç¹ What (äœãäœãã), Why (ãªãäœãã) How (ã©ãäœãã), When (ãã€ãŸã§ã«) åœ¹å² ããžãã¹ããŒãºã®çºèŠãèŠæ±ã®å®çŸ© èšç»ã®ç«æ¡ããªãœãŒã¹ã»é²æã®ç®¡ç BABOKããããããäœãäœãã¹ããïŒããšããäžæµå·¥çšãæ
ã ã®ã«å¯Ÿãã PMBOKã¯ãäœããšæ±ºãŸã£ããã®ããããã«èšç»éãã«å®æããããïŒããšããå®è¡å·¥çšãæ
ããŸãã äŸãããªããBABOKããç®çå°ïŒïŒããžãã¹ãŽãŒã«ïŒãå®ãããããžè³ãããã®èªæµ·å³ãæãã圹å²ãPMBOKã¯ããã®èªæµ·å³ã«åºã¥ããè¹ïŒïŒãããžã§ã¯ãïŒãå®å
šãã€å¹ççã«éèªããèªæµ·è¡ããšèšããã§ãããã äž¡è
ã¯å¯Ÿç«ãããã®ã§ã¯ãªãããããžã§ã¯ããšããè¹ãæåã«å°ãããã®ã䞡茪ããªã®ã§ããããžãã¹ã¢ããªã¹ããšãããžã§ã¯ããããŒãžã£ãŒãååãåãããšã§ãåããŠã䟡å€ãããã®ããèšç»éãã«ãå±ããããšãã§ããŸãã ã¡ãªã¿ã«ãBABOKã«ã¯ãã®ç¥èã¬ãã«ã蚌æããåœéè³æ ŒãšããŠã CBAP® (Certified Business Analysis Professional) ãªã©ãå®åçµéšã«å¿ããèªå®è³æ Œå¶åºŠïŒECBA , CCBA®, CBAP®ïŒããããŸãã ããŠãä»åã®ã±ãŒã¹ã¹ã¿ãã£ã§ã¯ãç¹ã«BABOKãæ
ã ãäœãäœãã¹ããããå®çŸ©ããéšå ã«çŠç¹ãåœãŠãŠèŠãŠãããŸãããã ã±ãŒã¹ã¹ã¿ãã£ïŒããã¬ã¹ãã©ã³ãªãŒããŒã®æ©ã¿ ã¯ã©ã€ã¢ã³ã: å°åã§äººæ°ã®ã€ã¿ãªã¢ã³ã¬ã¹ãã©ã³ã®ãªãŒã㌠çžè«å
容: ãæè¿ããããã§æ³šæãäºçŽã§ããªãã®ïŒãã£ãŠããèããããã ãé»è©±å¯Ÿå¿ã倧å€ã ãããã€ã¯ã¢ãŠãã匷åããããã€ãã§ã«äººæ°ã¡ãã¥ãŒãåæã§ãããæé«ã ããã ããããã®ãæ³ãããBABOKã®6ã€ã®ã¹ãããã§å
·äœåããŠãããŸãã å®è·µïŒBABOKæµã»èŠæ±å
·äœåã®6ã¹ããã Step 1: èšç»ãšã¢ãã¿ãªã³ã° (ã©ãé²ãããæ±ºãã) ãããªãæ©èœã®è©±ãããã®ã§ã¯ãªãããŸããããžã§ã¯ãã®é²ãæ¹ã決ããŸãã ããããš: é¢ä¿è
ã¯èª°ããã©ããã£ãŠæ
å ±ãå
±æããããã©ããªé²ãæ¹ãããããèšç»ããŸãã å
·äœäŸ: é¢ä¿è
: ãªãŒããŒãããŒã«ã»ãããã³ã¹ã¿ãããåžžé£å®¢ãªã© é²ãæ¹: é±1ã§ãªãŒããŒãšäŒè°ãç°¡åãªè©Šäœåãè§Šã£ãŠããããªããé²ããïŒã¢ãžã£ã€ã«çã¢ãããŒãïŒã æ
å ±å
±æ: è°äºé²ãè³æã¯Google Driveã§å
±æããã Step 2: åŒãåºããšã³ã©ãã¬ãŒã·ã§ã³ (æ¬é³ãšèª²é¡ãèãåºã) é¢ä¿è
ãããèšèã®è£ã«ããæ¬é³ãçŸç¶ã®èª²é¡ãåŒãåºããŸãã ããããš: ã€ã³ã¿ãã¥ãŒãæ¥å芳å¯ãéããŠãé¢ä¿è
ã®ããŒãºãåé¡ç¹ãæ·±ãçè§£ããŸãã å
·äœäŸ: ã¹ã¿ããã«çŸç¶ã®é»è©±äºçŽæ¥åã®èª²é¡ïŒèãééããäºçŽã®éè€ãªã©ïŒããã¢ãªã³ã°ã åºèã®ããŒã¯ã¿ã€ã ã®æ§åã芳å¯ããæ¥åã®ããã«ããã¯ãçºèŠããã ãã¢ãªã³ã°çµæãç°¡åãªå³ãæç« ã«ãŸãšãããããããããšã§åã£ãŠãŸããïŒããšèªèãåãããã Step 3: æŠç¥ã¢ããªã·ã¹ (ããžãã¹ã®ããªãããæãäžãã) ããã¯ããããžã§ã¯ãã®å¿èéšãšãèšããéåžžã«éèŠãªã¹ãããã§ããåã«çŸç¶ã®èª²é¡ãæŽãåºãã ãã§ãªãã ãããããããã®ãããžã§ã¯ããéããŠããžãã¹ãšããŠäœãéæãããã®ãïŒããšããæ ¹æ¬çãªåãïŒããžãã¹ããŒãºïŒ ãå®çŸ©ããŸãã ãã®ã¹ããããé£ã°ããšãããã髿©èœãªã·ã¹ãã ãäœã£ãŠããã§ãçµå±ããžãã¹ã®äœãè¯ããªã£ããã ã£ãïŒããšããç¶æ
ã«é¥ããã¡ã§ããæŠç¥ã¢ããªã·ã¹ã§ã¯ãäž»ã«ä»¥äžã®4ã€ã®èŠç¹ã§èããŸãã çŸç¶ã®åæ (Analyze Current State): æã
ã¯ä»ã©ãã«ããã®ãïŒ ãªãå€åãå¿
èŠãªã®ãïŒ å°æ¥ç¶æ
ã®å®çŸ© (Define Future State): ã©ããžåããããã®ãïŒ æåããç¶æ
ãšã¯ã©ããªç¶æ
ãïŒ ãªã¹ã¯ã®ã¢ã»ã¹ã¡ã³ã (Assess Risks): ãã®éã®ãã«ã©ããªé害ç©ïŒäžç¢ºå®æ§ïŒããããïŒ å€é©æŠç¥ã®å®çŸ© (Define Change Strategy): ã©ããã£ãŠãŽãŒã«ãŸã§ãã©ãçããïŒ æé©ãªã«ãŒãã¯ïŒ ããããèžãŸããäžã§ãä»åã®ã¬ã¹ãã©ã³ã®ã±ãŒã¹ã§ã¯ä»¥äžã®ããã«èããŸãã å
·äœäŸ: çŸç¶(As-Is): é»è©±å¯Ÿå¿ã«è¿œãããæ©äŒæå€±ã顧客æºè¶³åºŠã®äœäžãèµ·ããŠããã売äžããŒã¿ãå±äººçã§æŽ»çšã§ããŠããªãã å°æ¥ç¶æ
(To-Be): ãªã³ã©ã€ã³ãã£ãã«ããã®å£²äžã30%åäžããã¹ã¿ããã¯ããä»å 䟡å€ã®é«ãæ¥å®¢ã«éäžã§ããŠãããããŒã¿ã«åºã¥ããã¡ãã¥ãŒéçºãå¯èœã«ãªã£ãŠããã ãªã¹ã¯: ã¹ã¿ãããã·ã¹ãã ã䜿ãããªããªããå°å
¥ã³ã¹ããæ³å®ä»¥äžã«ãããã å€é©æŠç¥: ãŸãã¯ãªã¹ã¯ã®å°ãªããã€ã¯ã¢ãŠãæ©èœããã¹ã¢ãŒã«ã¹ã¿ãŒãããã¹ã¿ãããšé¡§å®¢ã®åå¿ãèŠãªããäºçŽæ©èœãªã©ã段éçã«å°å
¥ããã Step 4: èŠæ±ã¢ããªã·ã¹ãšãã¶ã€ã³å®çŸ© (ã¢ã€ãã¢ãèšèšå³ã«ãã) çæ³ã®å§¿ãå®çŸããããã®å
·äœçãªæ©èœïŒïŒèŠæ±ïŒãæŽãåºããèšèšã«èœãšã蟌ã¿ãŸãã ããããš: èŠæ±ãæ©èœïŒäŸ: æ±ºæžæ©èœïŒãšéæ©èœïŒäŸ: 䜿ããããïŒã«åé¡ããã·ã¹ãã ã®ç»é¢ã€ã¡ãŒãžãªã©ãäœæããŸãã å
·äœäŸ: æ©èœèŠæ±: ã¡ãã¥ãŒè¡šç€ºããªã³ã©ã€ã³æ±ºæžãäºçŽã«ã¬ã³ããŒ éæ©èœèŠæ±: ã¹ããã§äœ¿ãããããã¶ã€ã³ã3ç§ä»¥å
ã®ç»é¢è¡šç€º ææžãã®ã©ããªç»é¢ã€ã¡ãŒãžïŒã¯ã€ã€ãŒãã¬ãŒã ïŒãæããŠããªãŒããŒãšããããªæãã§ããïŒããšããåãããã Step 5: èŠæ±ã©ã€ããµã€ã¯ã«ã»ãããžã¡ã³ã (å€åã«åŒ·ãããã¬ãªã軞ãæã€) ãããžã§ã¯ããé²ããäžã§çºçããèŠæ±ã®å€æŽã远å ã«ãããŸã察åŠããŸãã ããããš: æ©èœã«åªå
é äœãã€ãã远å èŠæãåºãéã®åœ±é¿ãè©äŸ¡ãã察å¿ã倿ããŸãã å
·äœäŸ: åªå
é äœä»ã: ããªã³ã©ã€ã³æ±ºæžãã¯å¿
é ïŒMustïŒããã¯ãŒãã³æ©èœãã¯ã§ããã°ïŒCouldïŒã®ããã«æŽçããã 倿Žç®¡ç: ãããªããªãŒæ©èœã欲ããããšãã远å èŠæã«å¯Ÿããéçºæéãšã³ã¹ããžã®åœ±é¿ãæç€ºããå°å
¥ãããã©ããããªãŒããŒãšåæããã Step 6: ãœãªã¥ãŒã·ã§ã³è©äŸ¡ (äœã£ãŠçµãããããªãã䟡å€ã枬ã) 宿ããã·ã¹ãã ããæ¬åœã«åœåã®ç®çãæãããŠãããã確èªããŸãã ããããš: ã·ã¹ãã å°å
¥åŸã®å¹æãããŒã¿ã§æž¬å®ãããããªãæ¹åç¹ãèŠã€ããŸãã å
·äœäŸ: å°å
¥åã«ç«ãŠãç®æšïŒKPIïŒã§ãããé»è©±å¯Ÿå¿æéã50%åæžãããªã³ã©ã€ã³å£²äž30%UPããéæã§ãããèšæž¬ããã ãã¡ãã¥ãŒã®æŽæ°ãå°ãé¢åããšãã£ãã¹ã¿ããããã®æèŠãåéããæ¬¡ã®æ¹åã¢ã¯ã·ã§ã³ïŒäŸ: 管çç»é¢ã®æ¹ä¿®ïŒãææ¡ããã ãŸãšã ãããã§ãããïŒ BABOKã®ãã¬ãŒã ã¯ãŒã¯ã«æ²¿ã£ãŠé²ããããšã§ããªãŒããŒã® ãããæãã«ãããã ãšããæŒ ç¶ãšããæ³ããã äœã: ãã€ã¯ã¢ãŠããšäºçŽã®ãªã³ã©ã€ã³ã·ã¹ãã ãªã: æ¥åå¹çåãšå£²äžåäžã®ãã ã©ããªãã°æåã: ãªã³ã©ã€ã³å£²äž30%UP ãšãã£ãã 誰ãèŠãŠãæç¢ºã§ã枬å®å¯èœãªãŽãŒã«ãæã€ãããžã§ã¯ã ã«å€ãããŸããã æ¥ã
ã®éçºæ¥åã§ããããäœã®ããã«äœã£ãŠããã ã£ãïŒããšæãããšãããã®6ã€ã®ã¹ããããå°ãã ãæèããŠã¿ãŠã¯ãããã§ããããããã£ãšãããªãã®ãããžã§ã¯ããæåã«å°ããã³ããèŠã€ããã¯ãã§ãã The post è±ã»äŒèšã²ãŒã ïŒBABOKã®ç¥èã§é¡§å®¢ã®æ³ããã«ã¿ãã«ããæ¹æ³ã飲é£åºã®DXäºäŸã first appeared on Sqripts .
ããã«ã¡ã¯ãiOSãšã³ãžãã¢ã®yamakenã§ãã2026幎4æ12æ¥ïŒæ¥ïŒãã14æ¥ïŒç«ïŒã®3æ¥éã«ãããéå¬ããããtry! Swift Tokyo 2026ã«ãLINEã€ããŒæ ªåŒäŒç€Ÿã¯GOLDã¹...


























