摘要 |
[Problem] To enable improvement of the accuracy of determining information security risks in a business system by accommodating changes in the operational validity tendency, which can vary depending on business conditions. [Solution] A business system monitoring device (100) is provided with a calculation device (104) which performs processing to: receive, from a business system (50), verification information including information about the current or last user operations and information about the progress of business processes in the business system (50); compare the verification information (125) with characteristic information (129) to determine the degree of coincidence between each user operation and the corresponding user operation indicated by the characteristic information (129) and the degree of coincidence between the business process in which each user operation is performed and the corresponding business process indicated by the characteristic information (129); compare combinations of these determined degrees of coincidence with a predetermined criterion (127) to determine an information security risk, which increases as the degrees of coincidence decrease; and output the determination result to an output device (106) or a communication device (107). |