摘要 |
<p><P>PROBLEM TO BE SOLVED: To raise the extraction precision of a security threat existing in a system and device for design and that of a countermeasure means to this security threat. Ž<P>SOLUTION: When a person concerned definition table and a protection asset definition table as the personal information of an analysis object system are input, an authority setting information generation part 13 generates an authority setting table in which operations which are available about analysis object assets are defined by using an asset/operation correspondence table as system common information as the input information. The authority presence/absence information of the person concerned about each operation in the authority setting table is set by an input operation to an input part 11 by an analyzer who has referred to the authority setting table. A thereat extraction part 14 extracts a threat and countermeasures to the pertinent threat from an authority setting table in which authority presence/absence information is set and a threat/countermeasure correspondence table as system common information. Ž<P>COPYRIGHT: (C)2010,JPO&INPIT Ž</p> |