摘要 |
The present invention relates to security-measure training in an enterprise network. A security-measure training system for executing computer security-measure training comprises: a scenario execution unit which, in accordance with a prescribed training scenario, sends a training e-mail containing a training program to a terminal which is the subject of the training; an observation unit which observes the behavior of the terminal with respect to the training e-mail containing the training program that has penetrated into the terminal on the basis of information indicating vulnerabilities; an analysis unit which determines, on the basis of the observation results, the terminal into which the training program has penetrated; a determination unit which determines an action to be taken with regard to the terminal into which the training program has penetrated; an execution unit which executes the determined action with respect to the terminal; and a feedback unit which feeds back to the terminal and to each unit the results of the training executed on the basis of the training scenario. |