摘要 |
Provided are a threat risk scoring assistance device and method whereby it is possible, without depending on the skill of an analyst, to compute a threat risk value. A model definition assistance unit carries out an input assistance according to a selected risk scoring technique and stores, obtained from a design specification, a number of externally connected devices, path information, a number of authentications among subsystems, a protected asset confidentiality impact, and an ASIL which is set in the subsystems, in subsystem detail information, externally connected device information, internally connected device information, and protected asset information, of a risk scoring dependent information storage unit. A threat extraction unit and a threat risk value calculation unit carry out a threat extraction and a threat risk value computation using the selected risk scoring technique, on the basis of information stored in a risk scoring independent information storage unit and the risk scoring dependent information storage unit which this threat risk scoring assistance device retains in advance. |