摘要 |
<p><P>PROBLEM TO BE SOLVED: To evaluate a risk of the information leakage of a document file based on setting circumstances or the configuration information of actual measures. <P>SOLUTION: A path risk evaluation means 103 evaluates the risk of a path for performing access from a path model expressing a path through which information flows to a document from actual setting information, and an integral risk evaluation means 202 evaluates a risk of the information leakage of the document as an integral risk to the document from the value and path risk of the document. A correction candidate proposing means 301 generates the plan of measures for reducing a risk, and a cost evaluation means 302 calculates the cost of each of the plans of measures from the path to be interrupted in the case of executing measures. Thus, risk evaluation on which circumstances of the actual measures are reflected can be performed to find out the measures to be given priority. <P>COPYRIGHT: (C)2007,JPO&INPIT</p> |