摘要 |
With a plurality of computer apparatuses connected to a network, operation log information, including an operation type and an output destination of a file, and acquisition source information indicating an acquisition source of the file are recorded based on a user's input/output operation; the acquisition source information is managed by relating it with an access authority over the acquisition source of the file; when the operation log information for the user's output operation exists in the operation log information, a range of the access authority over the acquisition source of an output target file, which is a target of the user's output operation, and an addressee user who can access an output destination of the output target file are specified; whether or not the addressee user belongs to the range of the access authority over the acquisition source of the output target file is judged; and if a negative judgment result is obtained, risk information indicating that the user's output operation is an output outside the range of the access authority.
|