摘要 |
<P>PROBLEM TO BE SOLVED: To provide an IT risk management system for maximizing the efficiency of consultation. <P>SOLUTION: An IT risk management system comprises: a control master database section that decomposes a control policy including a plurality of control items, a plurality of control actions, a performer and observant of each control into control elements, and stores each data associating with each other; a policy management section that displays the data; a risk scenario management section that extracts a vulnerable point from the data included in the control element and displays the vulnerable point associating with the control element, an information asset and a threat; a level management section that, on the basis of a PDCA cycle, displays existence of each control action, maturity of the control action, and a level of control compliance of each performer to the set compliance control; a risk countermeasure section that displays decision-making support data using the control compliance level; and a control operation management section that displays data contributing to a control operation instruction and management on the basis of the control compliance level. <P>COPYRIGHT: (C)2013,JPO&INPIT |