摘要 |
To provide a method for enabling faster, accurate ascertainment of status of an information system through use of inquiries submitted to members of an organization and an approach other than the inquiries. In step S1-1, inquiries are submitted to members of an organization, and answers to the inquiries are obtained. In step S1-2, the status of the information system is ascertained on the basis of the answers. In step S1-3, the information system is examined through use of an inspection tool through use of a network analyzer, thereby ascertaining the status of the information system. In step S1-4, the status of the information system ascertained in step S1-2 and the status of the information system ascertained in step S1-3 are merged. In step S1-5, on the basis of the thus-merged status of the information system, a security policy is established. The status of the information system is ascertained by utilization of inquiries and the result of inspection performed by use of the tool. Hence, the status of the information system can be ascertained accurately. <IMAGE> |