摘要 |
PROBLEM TO BE SOLVED: To provide a security management device, a security management method and a security management program for performing proper risk evaluation by considering a time elapsed from the detection of a security risk which is inherent in a computer system until the security risk is addressed. SOLUTION: This security management device 3 is provided with: a security management DB35 which stores history information related to security management; a fragility testing part 31 which tests the fragility of a computer 1; a work flow managing part 32 which manages a work flow related to the test of fragility; a risk level calculating part 34 which calculates a risk level value for each computer 1 from the history information related to the fragility and illegal access stored in the security management DB 35; and an access control part 13 which controls a fire wall 3 on the basis of the calculated risk level value of the computer 1. COPYRIGHT: (C)2005,JPO&NCIPI |