摘要 |
<p>A risk model correction system allows the presentation of the information in which whether or not a calculated risk is correct can be judged and the presentation of the portions in which a parameter such as a weight associated with a threat, vulnerability, and a countermeasure included in a risk model should be changed, and the calculation of the risk value tailored to the state or environment of a system to be analyzed. The risk model correction system comprises a risk model storage means for storing the risk model having the parameter including the relation of the threat and the countermeasure which is the criterion of a risk analysis and their weights, an information collecting means for collecting the information on the system to be analyzed, an effect degree calculating means for calculating the degree of effect on the calculation of the risk value from the risk model, a risk analysis means for analyzing the risk of the system to be analyzed, and a reason presenting means for presenting the reason why the risk calculation is performed by presenting the result of the risk analysis by the risk analysis means and the effect degree calculated by the effect degree calculating means.</p> |