WO2024166288A1 - Information processing device, risk visualization method, and computer readable medium - Google Patents

Information processing device, risk visualization method, and computer readable medium Download PDF

Info

Publication number
WO2024166288A1
WO2024166288A1 PCT/JP2023/004353 JP2023004353W WO2024166288A1 WO 2024166288 A1 WO2024166288 A1 WO 2024166288A1 JP 2023004353 W JP2023004353 W JP 2023004353W WO 2024166288 A1 WO2024166288 A1 WO 2024166288A1
Authority
WO
WIPO (PCT)
Prior art keywords
attack
risk
systems
risk analysis
information
Prior art date
Application number
PCT/JP2023/004353
Other languages
French (fr)
Japanese (ja)
Inventor
諒 水島
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2023/004353 priority Critical patent/WO2024166288A1/en
Publication of WO2024166288A1 publication Critical patent/WO2024166288A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Definitions

  • the present disclosure relates to an information processing device, a risk visualization method, and a computer-readable medium.
  • Patent Document 1 discloses a security design support system.
  • a security officer distributes a security status confirmation checklist to an industrial cluster made up of multiple organizations.
  • Each of the multiple organizations has its own system, such as a design support system, a production planning system, or a manufacturing system.
  • An organization officer is assigned to each of the multiple organizations, and the organization officer of each organization creates a response to the checklist and sends the created response and system configuration information data to the security officer.
  • the response includes the security status of the system of the organization he or she is responsible for.
  • the security officer receives responses and system configuration information data from each of the multiple organization officers.
  • the security officer inputs the received responses and system configuration information data into the security design support device.
  • the security design support device uses the input responses and system configuration information data to output security-related countermeasure information.
  • the countermeasure information includes cluster-common baseline requirements list data, organization-specific requirements list data, and inter-organizational collaboration requirements list data.
  • the cluster-common baseline requirements list data is data that indicates the security requirements and countermeasures that are common to the cluster of systems of each organization in the industrial cluster.
  • the organization-specific requirements list data is data that indicates the individual security requirements and countermeasures of each organization's system.
  • the inter-organizational collaboration requirements list data is data that indicates the security requirements and countermeasures when the systems of each organization in the industrial cluster collaborate.
  • Patent Document 1 an administrator can determine whether each system satisfies the cluster common baseline requirements, organization-specific requirements, and inter-organization collaboration requirements. However, in Patent Document 1, the analysis results are obtained individually for each system. For this reason, in Patent Document 1, for multiple systems, each operator must understand the risks for each individual system that he or she is responsible for, understand the countermeasures, and determine the priority of the countermeasures.
  • the present disclosure aims to provide an information processing device, a risk visualization method, and a computer-readable medium that enable a system administrator who manages multiple systems to easily grasp the risks in the multiple systems.
  • the present disclosure provides, as a first aspect, an information processing device.
  • the information processing device includes an analysis result acquisition unit that acquires multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, an aggregation unit that aggregates the multiple risk analysis results using a predetermined evaluation index, and a visualization unit that presents information on the aggregated risk analysis results to a user.
  • the present disclosure provides a risk visualization method.
  • the risk visualization method includes acquiring multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, aggregating the acquired multiple risk analysis results using a predetermined evaluation index, and presenting information on the aggregated risk analysis results to a user.
  • the present disclosure provides a computer-readable medium.
  • the computer-readable medium stores a program for causing a computer to execute a process including acquiring multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, aggregating the acquired multiple risk analysis results using a predetermined evaluation index, and presenting information on the aggregated risk analysis results to a user.
  • the information processing device, risk visualization method, and computer-readable medium disclosed herein can enable a system administrator who manages multiple systems to easily understand the risks in the multiple systems.
  • FIG. 1 is a block diagram showing a schematic configuration of an information processing device according to the present disclosure.
  • FIG. 1 is a block diagram showing an information processing apparatus according to a first embodiment of the present disclosure.
  • 1 is a schematic diagram showing the relationship between a plurality of systems, individual system administrators, and an overall system administrator.
  • FIG. 11 is a diagram showing an example of visualization in the first specific example.
  • FIG. 13 is a diagram showing an example of a notification sent to an individual system administrator.
  • FIG. 13 is a diagram showing an example of visualization in the second specific example.
  • FIG. 13 is a diagram showing an example of visualization in the third specific example.
  • FIG. 13 is a diagram showing an example of a notification sent to an individual system administrator.
  • FIG. 13 is a diagram showing an example of visualization in the fourth specific example.
  • FIG. 13 is a diagram showing an example of visualization in the fifth specific example.
  • FIG. 13 is a diagram showing an example of visualization in the sixth specific example.
  • FIG. 13 is a diagram showing an example of visualization in the seventh specific example.
  • FIG. 23 is a diagram showing an example of visualization in the eighth specific example.
  • 4 is a flowchart showing an operation procedure of the information processing device.
  • FIG. 11 is a block diagram showing an information processing apparatus according to a second embodiment of the present disclosure.
  • FIG. 13 is a diagram showing an example of information stored in a countermeasure cost DB.
  • 1A to 1C are diagrams showing specific examples of visualization in the present embodiment.
  • FIG. 1 is a block diagram showing an example of the configuration of a computer device.
  • FIG. 1 shows a schematic configuration of an information processing device according to the present disclosure.
  • the information processing device 10 has an analysis result acquisition unit 11, an aggregation unit 12, and a visualization unit 13.
  • the analysis result acquisition unit 11 acquires multiple risk analysis results 20 for each of multiple systems to be analyzed.
  • the aggregation unit 12 aggregates the acquired multiple risk analysis results 20 using a predetermined evaluation index.
  • the visualization unit 13 presents the aggregated risk analysis results to a user, such as a system administrator who manages multiple systems.
  • the aggregation unit 12 aggregates multiple risk analysis results using a predetermined evaluation index.
  • the visualization unit 13 presents the aggregated risk analysis results to the user.
  • the user can understand to some extent the risks in multiple systems without having to examine the individual risk analysis results in detail. Therefore, a system administrator who manages multiple systems can easily understand the risks in multiple systems.
  • FIG. 2 shows an information processing device according to the first embodiment of the present disclosure.
  • the information processing device 100 has a collection unit 101, a common information aggregation unit 102, a risk visualization unit 103, an attack information DB (database) 120, a countermeasure compromise DB 130, and an aggregated information DB 140.
  • the information processing device 100 is configured as a device having, for example, one or more processors and one or more memories. At least a part of the function of each unit in the information processing device 100 can be realized by the processor executing instructions read from the memory.
  • the information processing device 100 corresponds to the information processing device 10 shown in FIG. 1.
  • the information processing device 100 may also be called a risk visualization device.
  • the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 only need to be accessible from the information processing device 100, and these DBs do not necessarily need to be part of the information processing device 100.
  • at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 may be located on the cloud.
  • the information processing device 100 may access at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 via a network.
  • the collection unit 101 collects multiple risk analysis results 201 performed on each of multiple systems.
  • the risk analysis results 201 include, for example, a risk value when an attack is carried out on each system, and information on vulnerabilities used in the attack.
  • the risk analysis results 201 may be the result of a business damage-based risk analysis performed on the system being analyzed (hereinafter also referred to as a business damage-based risk analysis result).
  • Business damage-based risk analysis includes, for example, creating a virtual model from configuration information of a system in a real environment, inputting information on the attack scenario to be analyzed, generating an attack route in accordance with the attack scenario, and calculating a risk value for the generated attack route.
  • the results of the business damage-based risk analysis indicate the results of an assessment of the risk when an attack is carried out along an attack route from an entry point included in the system being analyzed to the target of the attack.
  • the attack route includes one or more attack steps.
  • An attack step is the smallest unit of an attack route, and includes an attack source, an attack destination, and an attack method.
  • the attack method indicates the attack type of the attack step.
  • the attack method is also called an attack pattern.
  • the attack information may include information on vulnerabilities used in the attack pattern.
  • the results of the business damage-based risk analysis include a risk value that evaluates the risk of the attack steps and the entire attack route when an attack is carried out along the attack route. The risk value is assessed on a five-level scale, for example, from A to E.
  • the risk analysis result 201 may be the result of performing an asset-based risk analysis on the system being analyzed (hereinafter, also referred to as the asset-based risk analysis result).
  • the asset-based risk analysis includes, for example, evaluating the risk of each of the assets constituting the system being analyzed using three evaluation indicators: its importance (value), the likelihood of the occurrence of a predicted threat, and its vulnerability to the threat.
  • the asset-based risk analysis result indicates the result of risk assessment for the assets that constitute the system being analyzed.
  • the asset-based risk analysis result includes a risk value that evaluates the risk when an attack is carried out against an asset using one or more assumed attack patterns.
  • the risk value is evaluated on a five-level scale, for example, from A to E.
  • the risk analysis result 201 may include a business damage-based risk analysis result and an asset-based risk analysis result for one system.
  • the collection unit 101 corresponds to the analysis result acquisition unit 11 shown in FIG. 1.
  • Figure 3 shows the relationship between multiple systems to be analyzed, individual system administrators who manage each system, and an overall system administrator who manages the entire system. For example, assume that a system is constructed for each of multiple departments in a company.
  • Systems 200-1 to 200-N shown in Figure 3 are systems for which risk analysis is performed. By performing risk analysis individually on each of systems 200-1 to 200-N, multiple risk analysis results 201 are obtained.
  • the multiple individual system administrators are each responsible for one of the multiple systems 200-1 to 200-N, and are the administrators who manage the systems they are responsible for.
  • the individual system administrators manage the asset information, vulnerability information, and system risks of the systems they are responsible for.
  • the number of systems an individual system administrator is responsible for is not limited to one, and one individual system administrator may be in charge of multiple systems.
  • the overall system administrator is the administrator who manages the multiple systems 200-1 to 200-N as a whole.
  • the overall system administrator manages the system risks and vulnerabilities of all the systems. In general, the overall system administrator often does not have a full grasp of the asset details of each system.
  • the attack information DB 120 stores the attack steps, attack patterns, vulnerability information used in the attack patterns, and risk values for each attack route.
  • the countermeasure information DB 130 stores vulnerability information and countermeasure information.
  • the collection unit 101 registers various information contained in the collected multiple risk analysis results 201 in the attack information DB 120.
  • the collection unit 101 also collects vulnerability information for each asset against attacks in each of the systems to be analyzed. Specifically, the collection unit 101 collects information such as vulnerability identification information and attack patterns that may be used for vulnerabilities possessed by the assets to be attacked.
  • CVE Common Vulnerabilities and Exposures
  • the collection unit 101 also acquires information such as the Common Vulnerability Scoring System (CVSS) score, the presence or absence of a PoC (Proof of Concept) code, and the presence or absence of damage cases.
  • CVSS score, the presence or absence of a PoC code, and the presence or absence of a damage case can be obtained from an external server or the like via a network such as the Internet.
  • the collection unit 101 registers the collected vulnerability information in the vulnerability information DB 130.
  • the common information aggregation unit 102 aggregates risk analysis results 201 of multiple systems 200-1 to 200-N (see FIG. 3) using a predetermined evaluation index, using information stored in the attack information DB 120 and information stored in the countermeasure information DB 130.
  • the common information aggregation unit 102 aggregates multiple risk analysis results, for example, by counting the number of systems, the number of attack routes, the number of attack patterns, or the number of vulnerabilities according to predetermined conditions.
  • the common information aggregation unit 102 registers the aggregated information in the aggregated information DB 140.
  • the common information aggregation unit 102 corresponds to the aggregation unit 12 shown in FIG. 1.
  • the risk visualization unit 103 presents the risk analysis results aggregated by the common information aggregation unit 102 to the user.
  • the risk visualization unit 103 uses information stored in the countermeasure information DB 130 and the risk information DB 140 to display information such as what risks the system as a whole contains on the screen of a display device. By looking at the display screen, the overall system administrator can know information such as what risks the system as a whole contains.
  • the risk visualization unit 103 corresponds to the visualization unit 13 shown in FIG. 1.
  • the common information aggregation unit 102 aggregates risk analysis results of multiple systems by counting the number of systems that meet predetermined conditions based on the risk value and the vulnerabilities used in the attack. For example, the common information aggregation unit 102 counts the number of systems that have attack routes related to a certain number of vulnerabilities with high risk levels. The common information aggregation unit 102 may classify the attack routes related to the vulnerabilities by their risk values and count the number of systems for each risk value. In addition, the common information aggregation unit 102 may count the number of systems depending on whether the attack route exploiting the vulnerability has been addressed, is being addressed, or has not been addressed.
  • FIG. 4 shows an example of visualization in the first specific example.
  • the common information aggregation unit 102 identifies the risk level for each of multiple vulnerabilities exploited in a predetermined number or more systems.
  • the common information aggregation unit 102 selects a predetermined number of vulnerabilities as dangerous vulnerabilities from among the multiple vulnerabilities in order of increasing risk according to the risk level.
  • the common information aggregation unit 102 selects, for example, the top five vulnerabilities exploited in two or more systems and with the highest CVSS scores as dangerous vulnerabilities.
  • the common information aggregation unit 102 counts the number of systems having attack routes related to the vulnerabilities selected as dangerous vulnerabilities for each risk value.
  • the common information aggregation unit 102 classifies each attack route into whether it has been addressed, is being addressed, or has not been addressed, and counts the number of systems for each classification.
  • the common information aggregation unit 102 registers the number of systems counted for each vulnerability and risk value in the aggregated information DB 140.
  • the risk visualization unit 103 acquires information from the aggregated information DB 140 and displays the table shown in FIG. 4. In displaying the table shown in FIG. 4, the risk visualization unit 103 may change the color of the vulnerability column according to the risk of the vulnerability. For example, the risk visualization unit 103 may classify the CVSS score of each vulnerability into a plurality of levels and display the vulnerability column in a color according to the classified level. By referring to the table, the overall system administrator can know that for the combination of "CVE-XXX0" with the highest risk level and risk value "A", the number of systems that have been dealt with, i.e., systems for which measures have already been implemented against the attack route, is "0".
  • the overall system administrator can know that for that combination, the number of systems that are being dealt with, i.e., systems for which measures are being taken, is "5", and the number of systems that have not been dealt with is "10". Furthermore, the overall system administrator can know that for the combination of "CVE-XXX0" with the second highest risk level and risk value "B", the number of systems that have not been dealt with is "1".
  • the responsible operator such as the individual system administrator shown in FIG. 3, will need to address vulnerabilities on a system-by-system basis. Furthermore, if costs are limited, the overall system administrator will need to interview the individual system administrators about the status of each system and consider the priority of the measures. In contrast, in the first specific example, the overall system administrator can plan to implement measures in order, starting with systems that have attack routes related to vulnerabilities that are highly dangerous and have a high risk value if attacked. In this way, by referring to the table shown in FIG. 4, the system administrator can understand the order of measures to be taken for dangerous vulnerabilities when reducing risk to the entire system.
  • the overall system administrator can select a combination of vulnerability and risk value for which the number of systems is counted in the table displayed in FIG. 4.
  • the risk visualization unit 103 may identify systems related to the selected combination and send a notification to the individual system administrator in charge of the identified system. For example, the risk visualization unit 103 may identify a system corresponding to "Unaddressed" in the table shown in FIG. 4 as a system related to the selected combination.
  • the risk visualization unit 103 sends a notification to the individual system administrator in charge of the identified system. For example, if a combination of "CVE-XXX0" and risk value "A" is selected in the table shown in FIG. 4, the risk visualization unit 103 may send a notification to the individual system administrator in charge of each of the 10 unaddressed systems.
  • FIG. 5 shows an example of a notification sent to an individual system administrator.
  • the notification shown in FIG. 5 includes vulnerability information, related system information, and countermeasure information.
  • the vulnerability information includes the CVSS score of the vulnerability, the presence or absence of a PoC code, and information on the presence or absence of damage cases.
  • the related system information includes information identifying an asset having a vulnerability in the system managed by the individual system administrator, such as the asset name, and the number of related attack routes. The related system information may differ for each individual system administrator to whom the notification is sent.
  • the countermeasure information is information indicating a general countermeasure against a vulnerability.
  • the countermeasure information includes countermeasure A, which is a permanent measure, and countermeasure B, which is a mitigation measure.
  • the risk visualization unit 103 may periodically send a notification to the individual system administrator for each combination.
  • FIG. 6 shows an example of visualization in the second specific example.
  • the common information aggregation unit 102 selects a predetermined number of vulnerabilities as dangerous vulnerabilities from among the multiple vulnerabilities in order of decreasing risk, as in the first specific example. Furthermore, the common information aggregation unit 102 selects a predetermined number of systems as high-risk systems from among the multiple systems in order of decreasing system risk value based on the system risk value of each system.
  • the system risk value may be, for example, the maximum value of risk values for multiple attack routes or multiple assets in each system. For example, the common information aggregation unit 102 selects five vulnerabilities as dangerous vulnerabilities and five systems as high-risk systems.
  • the common information aggregation unit 102 counts the number of assets that have the vulnerability for each selected vulnerability and for each selected system.
  • the common information aggregation unit 102 also counts the number of assets that have the selected vulnerability that are used in attacks.
  • the risk visualization unit 103 displays the ratio of assets that are used in attacks to assets that have dangerous vulnerabilities. For example, if the number of assets that have the vulnerability "CVE-XXX0" in system 1 is "10" and the number of assets that are used in attacks is "3," the risk visualization unit 103 displays "3/10" for the combination of vulnerability "CVE-XXX0" and system 1. Instead of displaying the ratio, the risk visualization unit 103 may simply display the number of assets that are used in attacks.
  • the common information aggregation unit 102 may count the number of attack routes related to the vulnerability for each selected vulnerability and for each selected system. The common information aggregation unit 102 may also count the total number of attack routes for each system. In this case, the risk visualization unit 103 may display the ratio of the number of attack routes using dangerous vulnerabilities to the total number of attack routes for each system. Instead of displaying the ratio, the risk visualization unit 103 may simply display the number of attack routes using dangerous vulnerabilities. The risk visualization unit 103 may display the counted numerical value in a color corresponding to the maximum value of the risk value of the asset having a dangerous vulnerability or the maximum value of the risk value of the attack route using a dangerous vulnerability. The risk visualization unit 103 may also change the color of the vulnerability column in the display of the table shown in FIG. 6 according to the risk level of the vulnerability.
  • the overall system administrator can select a combination of a vulnerability and a system in the table displayed in FIG. 6.
  • the risk visualization unit 103 may send a notification including information about the selected vulnerability to the individual system administrator in charge of the selected system.
  • the risk visualization unit 103 sends a notification similar to the notification shown in FIG. 5 to the individual system administrator in charge of the selected system.
  • the related system information in the sent notification may include, for example, the number of attack routes that go through host A and the number of attack routes that go through host A and use the selected vulnerability.
  • the risk visualization unit 103 may periodically send a notification to the individual system administrator for each combination.
  • the overall system administrator can refer to the table shown in FIG. 6 to plan to implement measures in order of systems that have high-risk vulnerabilities and that pose the highest risk.
  • measures are implemented for a high-risk system
  • the risk value of the system for which measures have been implemented decreases, and as a result, the ranking of the high-risk systems changes.
  • the overall system administrator can again plan to implement measures in order of systems that have high-risk vulnerabilities and that pose the highest risk.
  • FIG. 7 shows an example of visualization in the third specific example.
  • the common information aggregation unit 102 identifies high-risk systems and counts the number of attack routes for each risk value of the attack route and for each high-risk system.
  • the method of identifying high-risk systems may be similar to the method of identifying high-risk systems in the second specific example.
  • the common information aggregation unit 102 counts the number of attack routes with risk value "A”, the number of attack routes with risk value "B”, the number of attack routes with risk value "C”, the number of attack routes with risk value "D”, and the number of attack routes with risk value "E” for system 1.
  • the common information aggregation unit 102 also counts the number of attack routes for each risk value for other systems.
  • the risk visualization unit 103 displays the number of attack routes for each risk value of the attack route and for each high-risk system.
  • the risk visualization unit 103 may display the average number of attack routes in high-risk systems for each risk value of the attack route. Furthermore, when the number of attack routes in each system is equal to or greater than the average number of attack routes, the risk visualization unit 103 may highlight the number of attack routes. For example, the risk visualization unit 103 may display the number of attack routes equal to or greater than the average in a predetermined color such as red, or in a predetermined background color. Instead of using the average value of the risk value, a predetermined threshold value for the risk value may be used.
  • the overall system administrator can grasp the number of attack routes in a list for each high-risk system and for each risk value. Therefore, the overall system administrator can easily compare the number of attack routes between systems and for each risk value. Therefore, even if the overall system administrator does not have knowledge about individual systems, he or she can easily grasp which systems among all the systems are at risk and for which countermeasures need to be implemented.
  • the risk visualization unit 103 may visualize the number of attack routes counted for each risk value and for each high-risk system using a bar graph or radar chart.
  • the overall system administrator can select a combination of risk value and system in the table displayed in FIG. 7.
  • the risk visualization unit 103 may send a notification including information regarding the attack route of the selected risk value to the individual system administrator in charge of the selected system. For example, if a combination of risk value "A" and system 1 is selected in the table shown in FIG. 7, the risk visualization unit 103 may send a notification including information regarding the attack route of risk value "A" to the individual system person in charge of system 1.
  • FIG. 8 shows an example of a notification sent to an individual system administrator.
  • the notification shown in FIG. 8 includes attack route information and information on the vulnerability used.
  • the attack route information includes the asset that is the starting point of the attack, the asset that is the final target of the attack, the assets along the way from the starting point to the final target, and information on the attack pattern used in the attack.
  • the vulnerability information includes the asset having the vulnerability, information identifying the vulnerability, and the number of related attack routes.
  • the notification sent to the individual system administrator may include countermeasure information, i.e., information indicating a general countermeasure against the vulnerability.
  • the risk visualization unit 103 may also periodically send notifications to the individual system administrator for each combination, instead of or in addition to sending a notification when the overall system administrator selects a combination.
  • FIG. 9 shows an example of visualization in the fourth specific example.
  • a bar graph is used to visualize the number of attack routes.
  • the common information aggregation unit 102 counts the number of attack routes for each risk value of the attack route and for each high-risk system. Furthermore, in the fourth specific example, the common information aggregation unit 102 checks the countermeasure multiplicity for each attack route. The countermeasure multiplicity indicates the number of countermeasures implemented for one attack route. For each risk value, the common information aggregation unit 102 counts the number of attack routes with a countermeasure multiplicity equal to or greater than a predetermined number, and the number of attack routes with a countermeasure multiplicity less than a predetermined number.
  • the common information aggregation unit 102 counts the number of attack routes with a countermeasure multiplicity of 3 or more and the number of attack routes with a countermeasure multiplicity of 2 or less for each risk value.
  • the risk visualization unit 103 visualizes the number of attack routes for systems A-C in a bar graph according to the risk value of the attack route and the number of countermeasure multiplicities.
  • “A3-” represents an attack route with a risk value of "A” and a countermeasure multiplicity of 3 or more.
  • A-2 represents an attack route with a risk value of "A” and a countermeasure multiplicity of 2 or less.
  • the risk visualization unit 103 may display the average number of attack routes in a bar graph.
  • the overall system administrator can recognize a system in which the number of attack routes exceeds the average value as a high-risk system, and can prioritize planning countermeasures for that system.
  • the risk visualization unit 103 may weight the number of attack routes with a weight according to the risk value, and change the length of each block in the bar graph according to the weight. For example, the higher the risk value, the longer the length of the block per "1" attack route. In this case, the higher the number of attack routes with a high risk value, the higher the height of the bar graph.
  • FIG. 10 shows an example of visualization in the fifth specific example.
  • a radar chart is used to visualize the number of attack routes.
  • the common information aggregation unit 102 counts the number of attack routes for each risk value of the attack route and for each high-risk system.
  • the risk visualization unit 103 visualizes the number of attack routes for systems 1-3 in a radar chart according to the risk value of the attack route.
  • the risk visualization unit 103 may display the average number of attack routes for each risk value in a radar chart. In this case, the risk visualization unit 103 may highlight the number of attack routes that exceed the average value in red, for example.
  • the overall system administrator can recognize a system in which the number of attack routes exceeds the average value as a high-risk system, and can prioritize planning countermeasures for that system.
  • the risk visualization unit 103 may also weight the number of attack routes with a weight according to the risk value.
  • FIG. 11 shows an example of visualization in the sixth specific example.
  • the common information aggregation unit 102 extracts the attack patterns used in the attack routes from the risk analysis results of all systems.
  • the common information aggregation unit 102 identifies the vulnerability most used by each of the extracted attack patterns from the risk analysis results.
  • the common information aggregation unit 102 counts the number of exploits of each attack pattern, i.e., the number of times each attack pattern was used, in the attack routes of all systems. If the risk analysis results include the amount of damage, the common information aggregation unit 102 obtains the maximum amount of damage from the risk analysis results. Instead of or in addition to the amount of damage, the common information aggregation unit 102 may obtain the number of news articles, the number of cases, or the number of PoCs related to the vulnerability.
  • the risk visualization unit 103 displays the attack patterns used in the attack routes, the vulnerabilities used, the number of exploits in the attack routes, and the amount of damage. In the number of exploits in the attack route field, the number in parentheses indicates the total number of attack patterns.
  • the risk visualization unit 103 may sort the attack patterns, for example, by the number of exploits in the attack route, and display the attack patterns with the most exploits in the attack routes at the top. By referring to the table shown in FIG. 11, the overall system administrator can know which attack patterns should be countered across multiple systems. When countermeasures are implemented for attack patterns with a high number of exploits in the attack routes, countermeasures are implemented for many attack routes. This allows the overall system administrator to plan efficient countermeasures.
  • the overall system administrator can select an attack pattern in the table displayed in FIG. 11.
  • the risk visualization unit 103 may identify systems in which the selected attack pattern is used in the attack route, and send a notification including information about the attack pattern to the individual system administrator in charge of the identified system.
  • the information about the attack pattern includes, for example, information about vulnerabilities used by the selected attack pattern, and countermeasure information.
  • the vulnerability information may be the same as the vulnerability information included in the notification shown in FIG. 5.
  • the countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
  • FIG. 12 shows an example of visualization in the seventh specific example.
  • the common information aggregation unit 102 extracts the attack patterns used in the attack routes from the risk analysis results of all systems.
  • the common information aggregation unit 102 identifies attack routes related to the attack patterns and counts the number of identified attack routes.
  • the common information aggregation unit 102 also obtains risk values for the identified attack routes, and obtains a maximum risk value and an average risk value.
  • the common information aggregation unit 102 also obtains countermeasures against the attack patterns.
  • the risk visualization unit 103 displays the attack patterns used in the attack routes, the number of associated attack routes, the maximum risk value, the average risk value, and the countermeasures.
  • the risk visualization unit 103 may sort the attack patterns, for example, by the number of attack routes, and display the attack patterns with the largest number of associated attack routes at the top. Alternatively, the risk visualization unit 103 may display a ranking of countermeasures that are effective for the entire system at the top.
  • the risk visualization unit 103 may allow the overall system administrator to select a countermeasure from a pull-down menu, and display information about the attack patterns related to the selected countermeasure.
  • the overall system administrator can understand attack patterns that have a large number of associated attack routes across multiple systems and will have a large impact if exploited. This allows the overall system administrator to efficiently consider countermeasures for the entire system. In other words, when there are vulnerabilities in various systems, the overall system administrator can efficiently consider what countermeasures should be implemented overall to reduce risk.
  • the overall system administrator can select an attack pattern in the table displayed in FIG. 12.
  • the risk visualization unit 103 may identify systems in which the selected attack pattern is used in an attack route, and send a notification including information about the attack pattern to the individual system administrator in charge of the identified system.
  • the information about the attack pattern includes, for example, information about the attack route related to the selected attack pattern, information about vulnerabilities used, and countermeasure information.
  • the attack route information may be the same as the attack route information included in the notification shown in FIG. 8.
  • the vulnerability information may be the same as the vulnerability information included in the notification shown in FIG. 8.
  • the countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
  • FIG. 13 shows an example of visualization in the eighth specific example.
  • the common information aggregation unit 102 extracts vulnerabilities that can be exploited in attacks from the risk analysis results of all systems.
  • the common information aggregation unit 102 identifies attack routes in which vulnerabilities appear, i.e., attack routes in which vulnerabilities are exploited, and counts the number of identified attack routes.
  • the common information aggregation unit 102 also obtains the maximum risk value of the identified attack routes.
  • the common information aggregation unit 102 obtains the presence or absence of exploitation cases, the presence or absence of attack code, the presence or absence of verification code, and the CVSS score.
  • These various pieces of information on vulnerabilities may be obtainable from an external server, for example, via the Internet.
  • the risk visualization unit 103 displays the vulnerability to be exploited, whether or not the vulnerability has been exploited, the maximum risk value in the attack route, whether or not there is attack code, whether or not there is verification code, the CVSS score, and the number of times the vulnerability appears in the attack route.
  • the overall system administrator can grasp the vulnerabilities that are at high risk of being exploited across multiple systems. This allows the overall system administrator to efficiently consider countermeasures for the entire system.
  • the overall system administrator can select a vulnerability in the table displayed in FIG. 13.
  • the risk visualization unit 103 may identify a system having an attack route in which the selected vulnerability appears, and send a notification including information about the vulnerability to the individual system administrator in charge of the identified system.
  • the information about the vulnerability includes, for example, information about the related system and countermeasure information.
  • the information about the related system may be the same as the information about the related system shown in FIG. 5.
  • the countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
  • Figure 14 shows the operation procedure of the information processing device 100.
  • the operation procedure of the information processing device 100 is also called a risk visualization method.
  • the collection unit 101 collects multiple risk analysis results 201 performed on multiple systems 200-1 to 200-N (see Figure 3) (step S1).
  • the collection unit 101 registers information about attacks obtained from the multiple risk analysis results 201 in the attack information DB 120.
  • the collection unit 101 also registers information about countermeasures obtained from the risk analysis results 201 in the countermeasure information DB 130.
  • the common information aggregation unit 102 aggregates multiple risk analysis results, for example by aggregating information common to multiple systems, based on the information on attacks registered in the attack information DB 120 and the information on countermeasures registered in the countermeasure information DB 130 (step S2).
  • the common information aggregation unit 102 aggregates multiple risk analysis results, for example, from the perspective of systems, attack routes, attack steps, or vulnerabilities.
  • the common information aggregation unit 102 registers the aggregated information in the aggregated information DB 140.
  • the risk visualization unit 103 reads the registered information from the aggregated information DB 140 and visualizes the risks present in the multiple systems based on the read information (step S3).
  • the risk visualization unit 103 visualizes the risks contained in the multiple systems as a whole, for example, using the visualization methods of the first to eighth specific examples described above.
  • the common information aggregation unit 102 aggregates multiple risk analysis results from a predetermined perspective, and the risk visualization unit 103 displays the aggregated risk analysis results. For example, the common information aggregation unit 102 aggregates multiple risk analysis results to count the number of systems related to a specific vulnerability, the number of assets related to a specific vulnerability in multiple systems, or the number of attack routes, or the number of attack routes for each risk value.
  • the risk visualization unit 103 provides the information aggregated across multiple systems to the overall system administrator. By using the information provided by the risk visualization unit 103, the overall system administrator can easily grasp the risk of multiple systems as a whole. In addition, the overall system administrator can consider the priority order of countermeasures, etc.
  • the risk visualization unit 103 can send a notification related to the selected information to the individual system administrator.
  • the individual system administrator can analyze threats contained in the system for which he is responsible by referring to the information contained in the notification. Furthermore, the individual system administrator can plan countermeasures against threats.
  • FIG. 15 shows an information processing device according to the second embodiment of the present disclosure.
  • the information processing device 100a according to this embodiment has a countermeasure cost DB 150 in addition to the configuration of the information processing device 100 described in the first embodiment shown in FIG. 2.
  • the countermeasure cost DB 150 stores the cost or expense when a countermeasure is introduced for each of a plurality of countermeasures that can be introduced into a plurality of systems.
  • the countermeasure cost DB 150 is also called a countermeasure cost information storage unit.
  • FIG. 16 shows an example of information stored in countermeasure cost DB 150.
  • countermeasure cost DB 150 stores countermeasure costs of "10k" and "1M" for countermeasure 0 and countermeasure 1, respectively.
  • the unit of countermeasure cost may be a currency unit, such as Japanese yen.
  • countermeasure cost DB 150 may further store the discount rate and the number of units to which the discount is reflected.
  • countermeasure cost DB 150 stores information indicating that a 10% discount is applied to countermeasure 1 when 20 units are introduced at once.
  • the common information aggregation unit 102 aggregates information about multiple systems for each countermeasure that may be introduced based on the risk analysis results for the multiple systems.
  • the risk visualization unit 103 visualizes the aggregated countermeasure information. In visualizing the aggregated countermeasure information, the risk visualization unit 103 obtains the countermeasure cost from the countermeasure cost DB 150 and displays the cost if the countermeasure is introduced. In addition to the countermeasure cost, the risk visualization unit 103 may also display the number to which a volume discount is applied and the discount rate.
  • FIG. 17 shows a specific example of visualization in this embodiment.
  • the common information aggregation unit 102 aggregates, for example, for each countermeasure that can be introduced, the number of attack patterns that can be countered, the number of systems to which the countermeasure will be introduced, and the number of countermeasure locations.
  • the risk visualization unit 103 displays the number of attack patterns that can be countered, the number of systems to which the countermeasure will be introduced, and the number of countermeasure locations.
  • the risk visualization unit 103 obtains the countermeasure cost of each countermeasure from the countermeasure cost DB 150, and displays the obtained countermeasure cost of each countermeasure.
  • the risk visualization unit 103 provides the overall system administrator with information on the number of attack patterns that can be countered, the number of systems to which the countermeasures will be introduced, the number of countermeasure locations, and the cost of the countermeasures.
  • the overall system administrator can know information such as how much the countermeasures will cost when countermeasures are introduced, how many attack patterns the countermeasures can be applied to, and how many systems the countermeasures can be applied to. Therefore, the overall system administrator can prioritize highly efficient countermeasures, taking into consideration the countermeasures cost, the number of attack patterns that can be countered, and the number of systems.
  • the overall system administrator can know the number of items to which the volume discount is applied and the discount rate, and can use such information when planning countermeasures.
  • FIG. 18 shows an example configuration of a computer device that can be used as the information processing device 100.
  • the computer device 500 has a control unit (CPU: Central Processing Unit) 510, a storage unit 520, a ROM (Read Only Memory) 530, a RAM (Random Access Memory) 540, a communication interface (IF: Interface) 550, and a user interface 560.
  • the control unit 501 is also called a processor.
  • the communication interface 550 is an interface for connecting the computer device 500 to a communication network via a wired communication means or a wireless communication means.
  • the user interface 560 includes a display unit such as a display.
  • the user interface 560 also includes an input unit such as a keyboard, a mouse, and a touch panel.
  • the storage unit 520 is an auxiliary storage device that can hold various types of data.
  • the storage unit 520 does not necessarily have to be a part of the computer device 500, and may be an external storage device or cloud storage connected to the computer device 500 via a network.
  • the storage unit 520 may be used, for example, as at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 shown in FIG. 2.
  • ROM 530 is a non-volatile storage device.
  • a semiconductor storage device with a relatively small capacity, such as a flash memory, is used for ROM 530.
  • Programs executed by CPU 510 can be stored in storage unit 520 or ROM 530.
  • Storage unit 520 or ROM 530 stores various programs for implementing the functions of each unit in information processing device 100, for example.
  • the program includes instructions (or software code) that, when loaded into a computer, causes the computer to perform one or more functions described in the embodiments.
  • the program may be stored on a non-transitory computer-readable medium or a tangible storage medium.
  • computer-readable media or tangible storage media include RAM, ROM, flash memory, solid-state drive (SSD) or other memory technology, Compact Disc (CD), digital versatile disc (DVD), Blu-ray (registered trademark) disc or other optical disk storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices.
  • the program may be transmitted on a transitory computer-readable medium or a communication medium.
  • transitory computer-readable media or communication media include electrical, optical, acoustic, or other forms of propagated signals.
  • RAM 540 is a volatile storage device. Various semiconductor memory devices such as DRAM (Dynamic Random Access Memory) or SRAM (Static Random Access Memory) are used for RAM 540. RAM 540 can be used as an internal buffer for temporarily storing data, etc.
  • CPU 510 deploys a program stored in storage unit 520 or ROM 530 into RAM 540 and executes it. The functions of each part of information processing device 100 can be realized by CPU 510 executing a program.
  • CPU 510 may have an internal buffer in which data, etc. can be temporarily stored.
  • Appendix 1 an analysis result acquisition unit that acquires a plurality of risk analysis results that are results of risk analysis performed on each of the plurality of systems; an aggregation unit that aggregates a plurality of risk analysis results using a predetermined evaluation index; and a visualization unit that presents the aggregated risk analysis result information to a user.
  • the predetermined evaluation index is the number of the systems;
  • the aggregation unit counts, for each of a predetermined number of vulnerabilities, the number of systems in which the vulnerability is used in an attack;
  • the information processing device according to claim 2, wherein the visualization unit displays the number of systems counted for each of the predetermined number of vulnerabilities.
  • the risk analysis result includes a risk analysis result that evaluates a risk when an attack is carried out on the assets of the analysis target system using one or more assumed attack patterns, the predetermined evaluation index is the number of assets included in the system;
  • the aggregation unit counts, for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems, the number of assets in the systems that are used in attacks by the vulnerabilities;
  • the information processing device displays the number of assets counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
  • the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route; the predetermined evaluation index is the number of attack routes; The aggregation unit counts the number of attack routes associated with the vulnerabilities for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems; The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
  • the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route; the predetermined evaluation index is the number of attack routes; The aggregation unit counts the number of attack routes for each risk value of the attack route and for each predetermined number of systems; The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each risk value of the attack route and for each of a predetermined number of systems.
  • Appendix 8 The information processing device according to claim 7, wherein the visualization unit displays the number of attack routes counted for each risk value of the attack route and for each predetermined number of systems using a table, a bar graph, or a radar chart.
  • the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern; the predetermined evaluation index is the number of attack routes;
  • the aggregation unit identifies vulnerabilities used in each of a plurality of attack patterns, and counts the number of attack routes related to the identified vulnerabilities; 3.
  • the visualization unit displays the identified vulnerabilities and the number of counted attack routes for each of the multiple attack patterns.
  • the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route; the predetermined evaluation index is the number of attack routes; The aggregation unit counts, for each vulnerability used in an attack on the plurality of systems, a number of attack routes associated with the vulnerability; The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each vulnerability.
  • the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern; the predetermined evaluation index is the number of attack routes;
  • the aggregation unit identifies an attack pattern used in the attack route, and counts the number of attack routes related to the identified attack pattern; 3.
  • the visualization unit displays the identified attack pattern and the number of the counted attack routes.
  • the aggregation unit further aggregates the plurality of risk analysis results for each countermeasure against an attack on the system, 12.
  • the information processing device according to any one of claims 1 to 11, wherein the visualization unit further displays information of risk analysis results aggregated for each of the countermeasures.
  • the aggregation unit counts the number of systems to which the countermeasures can be introduced and the number of locations to which the countermeasures can be introduced; 13.
  • the information processing device according to claim 12, wherein the visualization unit displays, for each of the countermeasures, the number of systems in which the countermeasure can be introduced and the number of locations where the countermeasure can be introduced.
  • Appendix 14 The information processing device according to claim 12 or 13, wherein the visualization unit acquires the countermeasure costs from a countermeasure cost information storage unit that stores countermeasure costs indicating the cost when the countermeasure is implemented, and displays the countermeasure costs for each of the countermeasures.
  • the countermeasure cost information storage unit further stores the number of items to be discounted and a discount rate;
  • the information processing device according to claim 14, wherein the visualization unit further displays, for each of the measures, the number of the discounts to be implemented and a discount rate.
  • Appendix 16 obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems; aggregating the acquired multiple risk analysis results using a predetermined evaluation index; A risk visualization method comprising presenting information of the aggregated risk analysis results to a user.
  • Appendix 17 obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems; aggregating the acquired multiple risk analysis results using a predetermined evaluation index;
  • a non-transitory computer-readable medium storing a program for causing a computer to execute a process including presenting information of the aggregated risk analysis results to a user.

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention enables a system administrator managing a plurality of systems to easily grasp risks across the plurality of systems. An analysis result acquisition unit (11) acquires a plurality of risk analysis results, each of which is a result of risk analysis conducted for each of the plurality of systems. An aggregation unit (12) aggregates the plurality of risk analysis results by a predetermined evaluation indicator. A visualization unit (13) presents information on the risk analysis results aggregated by the aggregation unit (12) to a user.

Description

情報処理装置、リスク可視化方法、及びコンピュータ可読媒体Information processing device, risk visualization method, and computer-readable medium
 本開示は、情報処理装置、リスク可視化方法、及びコンピュータ可読媒体に関する。 The present disclosure relates to an information processing device, a risk visualization method, and a computer-readable medium.
 近年、サイバー攻撃の脅威は、ICT(Information and Communication Technology)分野にとどまらず、制御システムやIoT(Internet of Things)の分野でも被害事例が発生している。特に、制御システムにおいては、電力システムや工場の停止など、重要インフラの稼働を脅かす事案も起こっている。サイバー攻撃の脅威に対しては、システムが持つセキュリティリスクを明確化し、対策を実施し、リスクを下げることが重要である。 In recent years, the threat of cyber attacks has not been limited to the field of ICT (Information and Communication Technology), with cases of damage also occurring in the fields of control systems and IoT (Internet of Things). In particular, there have been cases of control systems threatening the operation of critical infrastructure, such as the shutdown of power systems and factories. To combat the threat of cyber attacks, it is important to clarify the security risks posed by systems, implement measures, and reduce those risks.
 関連技術として、特許文献1は、セキュリティ設計支援システムを開示する。特許文献1に記載のセキュリティ設計支援システムにおいて、セキュリティ担当者は、セキュリティ状況確認チェックリストを、複数の組織で構成される産業クラスタへ配布する。複数の組織は、それぞれ、設計支援システム、生産計画システム、又は製造システムなどの固有のシステムを有する。複数の組織のそれぞれには組織担当者が割り当てられており、各組織の組織担当者は、チェックリストに対する回答を作成し、作成した回答と、システム構成情報データとを、セキュリティ担当者に送信する。回答は、担当する組織のシステムにおけるセキュリティ状況を含む。 As a related technique, Patent Document 1 discloses a security design support system. In the security design support system described in Patent Document 1, a security officer distributes a security status confirmation checklist to an industrial cluster made up of multiple organizations. Each of the multiple organizations has its own system, such as a design support system, a production planning system, or a manufacturing system. An organization officer is assigned to each of the multiple organizations, and the organization officer of each organization creates a response to the checklist and sends the created response and system configuration information data to the security officer. The response includes the security status of the system of the organization he or she is responsible for.
 セキュリティ担当者は、複数の組織担当者のそれぞれから、回答、及びシステム構成情報データを受信する。セキュリティ担当者は、受信した回答、及びシステム構成情報データを、セキュリティ設計支援装置に入力する。セキュリティ設計支援装置は、入力された回答及びシステム構成情報データを用いて、セキュリティに関する対策情報を出力する。対策情報は、クラスタ共通ベースライン要件一覧データ、組織個別要件一覧データ、及び組織間連携要件一覧データを含む。クラスタ共通ベースライン要件一覧データは、産業クラスタにおける各組織のシステムのクラスタ共通となるセキュリティ要件とその対策を示すデータである。組織個別要件一覧データは、各組織のシステムの個別のセキュリティ要件とその対策を示すデータである。組織間連携要件一覧データは、産業クラスタにおける各組織のシステムが連携する際のセキュリティ要件とその対策を示すデータである。 The security officer receives responses and system configuration information data from each of the multiple organization officers. The security officer inputs the received responses and system configuration information data into the security design support device. The security design support device uses the input responses and system configuration information data to output security-related countermeasure information. The countermeasure information includes cluster-common baseline requirements list data, organization-specific requirements list data, and inter-organizational collaboration requirements list data. The cluster-common baseline requirements list data is data that indicates the security requirements and countermeasures that are common to the cluster of systems of each organization in the industrial cluster. The organization-specific requirements list data is data that indicates the individual security requirements and countermeasures of each organization's system. The inter-organizational collaboration requirements list data is data that indicates the security requirements and countermeasures when the systems of each organization in the industrial cluster collaborate.
特開2019-021161号公報JP 2019-021161 A
 昨今、リスク分析は、その結果の可視化が重要視されており、全工場や全部署のセキュリティリスクをダッシュボード的に可視化するニーズが高まっている。また、コンサルタントの観点では、分析結果の他業界との比較、又は同業界との比較を行いたいというニーズも高まっている。しかしながら、全工場又は全部署のセキュリティリスクを把握し,対策の優先度やどの対策ができているかを監視するかを判断することは困難である。複数のシステムの全体を管理する管理者は、全体としてのリスクや、対策を導入すべきか否かを知りたいものの、各システムにおける詳細な攻撃ルートや脆弱性情報を理解することが難しい。 In recent years, the visualization of risk analysis results has become important, and there is a growing need to visualize the security risks of all factories and departments in a dashboard format. Furthermore, from the perspective of consultants, there is also a growing need to compare analysis results with other industries or with the same industry. However, it is difficult to grasp the security risks of all factories or departments and determine the priority of countermeasures and whether or not to monitor which countermeasures have been implemented. Administrators who manage multiple systems as a whole want to know the overall risks and whether or not countermeasures should be introduced, but find it difficult to understand detailed attack routes and vulnerability information for each system.
 特許文献1では、管理者は、各システムが、クラスタ共通ベースライン要件、組織個別要件、及び組織間連携要件を満たしているか否かを判断できる。しかしながら、特許文献1では、分析結果はシステムごとに個別に得られる。このため、特許文献1では、複数のシステムについて、それぞれの運用者が、担当する個々のシステムに対してリスクを把握し、対策を理解し、対策の優先順位を決定しなければならない。 In Patent Document 1, an administrator can determine whether each system satisfies the cluster common baseline requirements, organization-specific requirements, and inter-organization collaboration requirements. However, in Patent Document 1, the analysis results are obtained individually for each system. For this reason, in Patent Document 1, for multiple systems, each operator must understand the risks for each individual system that he or she is responsible for, understand the countermeasures, and determine the priority of the countermeasures.
 本開示は、上記事情に鑑み、複数のシステムを管理するシステム管理者が複数のシステムにおけるリスクを容易に把握することを可能にするための情報処理装置、リスク可視化方法、及びコンピュータ可読媒体を提供することを目的とする。 In view of the above circumstances, the present disclosure aims to provide an information processing device, a risk visualization method, and a computer-readable medium that enable a system administrator who manages multiple systems to easily grasp the risks in the multiple systems.
 上記目的を達成するために、本開示は、第1の態様として、情報処理装置を提供する。情報処理装置は、複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得する分析結果取得部と、複数のリスク分析結果を、所定の評価指標で集約する集約部と、前記集約されたリスク分析結果の情報を、ユーザに提示する可視化部とを含む。 In order to achieve the above object, the present disclosure provides, as a first aspect, an information processing device. The information processing device includes an analysis result acquisition unit that acquires multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, an aggregation unit that aggregates the multiple risk analysis results using a predetermined evaluation index, and a visualization unit that presents information on the aggregated risk analysis results to a user.
 本開示は、第2の態様として、リスク可視化方法を提供する。リスク可視化方法は、複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、前記取得した複数のリスク分析結果を、所定の評価指標で集約し、前記集約されたリスク分析結果の情報を、ユーザに提示することを含む。 In a second aspect, the present disclosure provides a risk visualization method. The risk visualization method includes acquiring multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, aggregating the acquired multiple risk analysis results using a predetermined evaluation index, and presenting information on the aggregated risk analysis results to a user.
 本開示は、第3の態様として、コンピュータ可読媒体を提供する。コンピュータ可読媒体は、複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、前記取得した複数のリスク分析結果を、所定の評価指標で集約し、前記集約されたリスク分析結果の情報を、ユーザに提示することを含む処理をコンピュータに実行させるためのプログラムを記憶する。 As a third aspect, the present disclosure provides a computer-readable medium. The computer-readable medium stores a program for causing a computer to execute a process including acquiring multiple risk analysis results that are the results of risk analysis performed on each of multiple systems, aggregating the acquired multiple risk analysis results using a predetermined evaluation index, and presenting information on the aggregated risk analysis results to a user.
 本開示に係る情報処理装置、リスク可視化方法、及びコンピュータ可読媒体は、複数のシステムを管理するシステム管理者が複数のシステムにおけるリスクを容易に把握することを可能にすることができる。 The information processing device, risk visualization method, and computer-readable medium disclosed herein can enable a system administrator who manages multiple systems to easily understand the risks in the multiple systems.
本開示に係る情報処理装置の概略的な構成を示すブロック図。1 is a block diagram showing a schematic configuration of an information processing device according to the present disclosure. 本開示の第1実施形態に係る情報処理装置を示すブロック図。FIG. 1 is a block diagram showing an information processing apparatus according to a first embodiment of the present disclosure. 複数のシステムと、個別システム管理者と、全体システム管理者との関係を示す模式図。1 is a schematic diagram showing the relationship between a plurality of systems, individual system administrators, and an overall system administrator. 第1の具体例における可視化の例を示す図。FIG. 11 is a diagram showing an example of visualization in the first specific example. 個別システム管理者に送信される通知の一例を示す図。FIG. 13 is a diagram showing an example of a notification sent to an individual system administrator. 第2の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the second specific example. 第3の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the third specific example. 個別システム管理者に送信される通知の一例を示す図。FIG. 13 is a diagram showing an example of a notification sent to an individual system administrator. 第4の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the fourth specific example. 第5の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the fifth specific example. 第6の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the sixth specific example. 第7の具体例における可視化の例を示す図。FIG. 13 is a diagram showing an example of visualization in the seventh specific example. 第8の具体例における可視化の例を示す図。FIG. 23 is a diagram showing an example of visualization in the eighth specific example. 情報処理装置の動作手順を示すフローチャート。4 is a flowchart showing an operation procedure of the information processing device. 本開示の第2実施形態に係る情報処理装置を示すブロック図。FIG. 11 is a block diagram showing an information processing apparatus according to a second embodiment of the present disclosure. 対策コストDBに記憶される情報の例を示す図。FIG. 13 is a diagram showing an example of information stored in a countermeasure cost DB. 本実施形態における可視化の具体例を示す図。1A to 1C are diagrams showing specific examples of visualization in the present embodiment. コンピュータ装置の構成例を示すブロック図。FIG. 1 is a block diagram showing an example of the configuration of a computer device.
 本開示の実施の形態の説明に先立って、本開示の概要を説明する。図1は、本開示に係る情報処理装置の概略的な構成を示す。情報処理装置10は、分析結果取得部11、集約部12、及び可視化部13を有する。分析結果取得部11は、分析対象の複数のシステムのそれぞれに対して複数のリスク分析結果20を取得する。集約部12は、取得された複数のリスク分析結果20を、所定の評価指標で集約する。可視化部13は、集約されたリスク分析結果を、複数のシステムを管理するシステム管理者などのユーザに提示する。 Prior to describing the embodiments of the present disclosure, an overview of the present disclosure will be described. FIG. 1 shows a schematic configuration of an information processing device according to the present disclosure. The information processing device 10 has an analysis result acquisition unit 11, an aggregation unit 12, and a visualization unit 13. The analysis result acquisition unit 11 acquires multiple risk analysis results 20 for each of multiple systems to be analyzed. The aggregation unit 12 aggregates the acquired multiple risk analysis results 20 using a predetermined evaluation index. The visualization unit 13 presents the aggregated risk analysis results to a user, such as a system administrator who manages multiple systems.
 本開示では、集約部12は、複数のリスク分析結果を、所定の評価指標で集約する。可視化部13は、集約されたリスク分析結果をユーザに提示する。本開示において、ユーザは、集約されたリスク分析結果を見ることで、個別のリスク分析結果を詳細に検討しなくても、複数のシステムにおけるリスクをある程度把握できる。従って、複数のシステムを管理するシステム管理者は、複数のシステムにおけるリスクを容易に把握することができる。 In the present disclosure, the aggregation unit 12 aggregates multiple risk analysis results using a predetermined evaluation index. The visualization unit 13 presents the aggregated risk analysis results to the user. In the present disclosure, by looking at the aggregated risk analysis results, the user can understand to some extent the risks in multiple systems without having to examine the individual risk analysis results in detail. Therefore, a system administrator who manages multiple systems can easily understand the risks in multiple systems.
 以下、本開示の実施の形態を詳細に説明する。なお、以下の記載及び図面は、説明の明確化のため、適宜、省略及び簡略化がなされている。また、各図面において、同一の要素、及び同様な要素には同一の符号が付されており、必要に応じて重複説明は省略されている。 The following describes in detail the embodiments of the present disclosure. Note that the following description and drawings have been omitted or simplified as appropriate for clarity of explanation. In addition, in each drawing, the same elements and similar elements are given the same reference numerals, and duplicate explanations are omitted as necessary.
 図2は、本開示の第1実施形態に係る情報処理装置を示す。情報処理装置100は、収集部101、共通情報集約部102、リスク可視化部103、攻撃情報DB(database)120、対策譲歩DB130、及び集約情報DB140を有する。情報処理装置100は、例えば、1以上のプロセッサと、1以上のメモリとを有する装置として構成される。情報処理装置100内の各部の機能の少なくとも一部は、メモリから読み出された命令をプロセッサが実行することで実現され得る。情報処理装置100は、図1に示される情報処理装置10に対応する。情報処理装置100は、リスク可視化装置とも呼ばれ得る。 FIG. 2 shows an information processing device according to the first embodiment of the present disclosure. The information processing device 100 has a collection unit 101, a common information aggregation unit 102, a risk visualization unit 103, an attack information DB (database) 120, a countermeasure compromise DB 130, and an aggregated information DB 140. The information processing device 100 is configured as a device having, for example, one or more processors and one or more memories. At least a part of the function of each unit in the information processing device 100 can be realized by the processor executing instructions read from the memory. The information processing device 100 corresponds to the information processing device 10 shown in FIG. 1. The information processing device 100 may also be called a risk visualization device.
 なお、本実施形態において、攻撃情報DB120、対策情報DB130、及び集約情報DB140は、情報処理装置100からアクセス可能であればよく、これらDBは、必ずしも情報処理装置100の一部である必要はない。例えば、攻撃情報DB120、対策情報DB130、及び集約情報DB140の少なくとも1つはクラウド上に配置されていてもよい。その場合、情報処理装置100は、ネットワークを介して攻撃情報DB120、対策情報DB130、及び集約情報DB140の少なくとも1つにアクセスしてもよい。 In this embodiment, the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 only need to be accessible from the information processing device 100, and these DBs do not necessarily need to be part of the information processing device 100. For example, at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 may be located on the cloud. In that case, the information processing device 100 may access at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 via a network.
 収集部101は、複数のシステムのそれぞれに対して実施された、複数のリスク分析結果201を収集する。リスク分析結果201は、例えば、各システムにおいて攻撃が実施された場合のリスク値と、攻撃に使用される脆弱性の情報とを含む。リスク分析結果201は、分析対象のシステムに対して事業被害ベースのリスク分析を行った結果(以下、事業被害ベースリスク分析結果とも呼ぶ)であってもよい。事業被害ベースのリスク分析は、例えば、実環境におけるシステムの構成情報から仮想モデルを作成し、分析したい攻撃シナリオの情報を入力して攻撃シナリオに沿った攻撃ルートを生成し、生成した攻撃ルートに対してリスク値を算出することを含む。 The collection unit 101 collects multiple risk analysis results 201 performed on each of multiple systems. The risk analysis results 201 include, for example, a risk value when an attack is carried out on each system, and information on vulnerabilities used in the attack. The risk analysis results 201 may be the result of a business damage-based risk analysis performed on the system being analyzed (hereinafter also referred to as a business damage-based risk analysis result). Business damage-based risk analysis includes, for example, creating a virtual model from configuration information of a system in a real environment, inputting information on the attack scenario to be analyzed, generating an attack route in accordance with the attack scenario, and calculating a risk value for the generated attack route.
 上記事業被害ベースのリスク分析の結果は、分析対象のシステムに含まれる侵入口から攻撃対象までに経由する攻撃ルートに沿って攻撃が行われた場合のリスクの評価結果を示す。攻撃ルートは、1以上の攻撃ステップを含む。攻撃ステップは、攻撃ルートの最小単位であり、攻撃元と攻撃先と攻撃手法とを含む。攻撃手法は、攻撃ステップの攻撃種別を示す。攻撃手法は、攻撃パターンとも呼ばれる。攻撃情報は、攻撃パターンで使用される脆弱性の情報を含み得る。事業被害ベースリスク分析結果は、攻撃ルートに沿って攻撃が行われた場合における攻撃ステップ、及び攻撃ルート全体に対するリスクを評価したリスク値を含む。リスク値は、例えばAからEの5段階で評価される。 The results of the business damage-based risk analysis indicate the results of an assessment of the risk when an attack is carried out along an attack route from an entry point included in the system being analyzed to the target of the attack. The attack route includes one or more attack steps. An attack step is the smallest unit of an attack route, and includes an attack source, an attack destination, and an attack method. The attack method indicates the attack type of the attack step. The attack method is also called an attack pattern. The attack information may include information on vulnerabilities used in the attack pattern. The results of the business damage-based risk analysis include a risk value that evaluates the risk of the attack steps and the entire attack route when an attack is carried out along the attack route. The risk value is assessed on a five-level scale, for example, from A to E.
 あるいは、リスク分析結果201は、分析対象のシステムに対して資産ベースのリスク分析を行った結果(以下、資産ベースリスク分析結果とも呼ぶ)であってもよい。資産ベースのリスク分析は、例えば、分析対象のシステムを構成する資産のそれぞれについて、その重要度(価値)、想定される脅威の発生可能性、及び脅威に対する脆弱性の3つを評価指標としてリスクを評価することを含む。 Alternatively, the risk analysis result 201 may be the result of performing an asset-based risk analysis on the system being analyzed (hereinafter, also referred to as the asset-based risk analysis result). The asset-based risk analysis includes, for example, evaluating the risk of each of the assets constituting the system being analyzed using three evaluation indicators: its importance (value), the likelihood of the occurrence of a predicted threat, and its vulnerability to the threat.
 上記資産ベースリスク分析結果は、分析対象のシステムを構成する資産に対するリスクの評価結果を示す。資産ベースリスク分析結果は、資産に対して、想定される1以上の攻撃パターンで攻撃が行われた場合のリスクを評価したリスク値を含む。リスク値は、例えばAからEの5段階で評価される。リスク分析結果201は、1つのシステムに対して、事業被害ベースリスク分析結果と、資産ベースリスク分析結果とを含んでいてもよい。収集部101は、図1に示される分析結果取得部11に対応する。 The asset-based risk analysis result indicates the result of risk assessment for the assets that constitute the system being analyzed. The asset-based risk analysis result includes a risk value that evaluates the risk when an attack is carried out against an asset using one or more assumed attack patterns. The risk value is evaluated on a five-level scale, for example, from A to E. The risk analysis result 201 may include a business damage-based risk analysis result and an asset-based risk analysis result for one system. The collection unit 101 corresponds to the analysis result acquisition unit 11 shown in FIG. 1.
 図3は、分析される複数のシステムと、各システムを管理する個別システム管理者と、システム全体を管理する全体システム管理者との関係を示す。例えば、1つの会社において、複数の部署ごとに、システムが構築されているものとする。図3に示されるシステム200-1から200-Nは、リスク分析が実施されるシステムである。システム200-1から200-Nのそれぞれに対して個別にリスク分析を実施することで、複数のリスク分析結果201が得られる。 Figure 3 shows the relationship between multiple systems to be analyzed, individual system administrators who manage each system, and an overall system administrator who manages the entire system. For example, assume that a system is constructed for each of multiple departments in a company. Systems 200-1 to 200-N shown in Figure 3 are systems for which risk analysis is performed. By performing risk analysis individually on each of systems 200-1 to 200-N, multiple risk analysis results 201 are obtained.
 複数の個別システム管理者は、それぞれ複数のシステム200-1から200-Nの何れかのシステムを担当し、担当するシステムを管理する管理者である。個別システム管理者は、担当するシステムの資産情報、脆弱性情報、及びシステムリスクを管理する、個別システム管理者が担当するシステムの数は1つには限定されず、一人の個別システム管理者が、複数のシステムを担当することもあり得る。全体システム管理者は、複数のシステム200-1から200-Nの全体を管理する管理者である。全体システム管理者は、全システムのシステムリスク、及び脆弱性を管理する。一般に、全体システム管理者は、各システムの資産詳細まで把握しきれないことが多い。 The multiple individual system administrators are each responsible for one of the multiple systems 200-1 to 200-N, and are the administrators who manage the systems they are responsible for. The individual system administrators manage the asset information, vulnerability information, and system risks of the systems they are responsible for. The number of systems an individual system administrator is responsible for is not limited to one, and one individual system administrator may be in charge of multiple systems. The overall system administrator is the administrator who manages the multiple systems 200-1 to 200-N as a whole. The overall system administrator manages the system risks and vulnerabilities of all the systems. In general, the overall system administrator often does not have a full grasp of the asset details of each system.
 図2に戻り、攻撃情報DB120は、攻撃ルートのそれぞれについて、攻撃ステップ、攻撃パターン、攻撃パターンで使用される脆弱性の情報、及びリスク値を記憶する。対策情報DB130は、脆弱性情報と、対策情報とを記憶する。収集部101は、収集した複数のリスク分析結果201に含まれる各種情報を、攻撃情報DB120に登録する。また、収集部101は、分析対象のシステムのそれぞれにおける、攻撃に対する資産ごとの脆弱性情報を収集する。具体的には、収集部101は、攻撃対象の資産が有する脆弱性について、脆弱性の識別情報、及び使用されうる攻撃パターンなどの情報を収集する。ここで、脆弱性の識別情報には、CVE(Common Vulnerabilities and Exposures)を使用することができる。また、収集部101は、CVSS(Common Vulnerability Scoring System)スコア、PoC(Proof of Concept)コードの有無、及び被害事例の有無などの情報を取得する。CVSSスコア、PoCコードの有無、及び被害事例の有無は、インターネットなどのネットワークを通じて、外部サーバなどから取得可能である。収集部101は、収集した脆弱性情報を脆弱性情報DB130に登録する。 Returning to FIG. 2, the attack information DB 120 stores the attack steps, attack patterns, vulnerability information used in the attack patterns, and risk values for each attack route. The countermeasure information DB 130 stores vulnerability information and countermeasure information. The collection unit 101 registers various information contained in the collected multiple risk analysis results 201 in the attack information DB 120. The collection unit 101 also collects vulnerability information for each asset against attacks in each of the systems to be analyzed. Specifically, the collection unit 101 collects information such as vulnerability identification information and attack patterns that may be used for vulnerabilities possessed by the assets to be attacked. Here, CVE (Common Vulnerabilities and Exposures) can be used as the vulnerability identification information. The collection unit 101 also acquires information such as the Common Vulnerability Scoring System (CVSS) score, the presence or absence of a PoC (Proof of Concept) code, and the presence or absence of damage cases. The CVSS score, the presence or absence of a PoC code, and the presence or absence of a damage case can be obtained from an external server or the like via a network such as the Internet. The collection unit 101 registers the collected vulnerability information in the vulnerability information DB 130.
 共通情報集約部102は、攻撃情報DB120に記憶される情報と、対策情報DB130に記憶される情報とを用いて、所定の評価指標で、複数のシステム200-1から200-N(図3を参照)のリスク分析結果201を集約する。共通情報集約部102は、例えば、システムの数、攻撃ルートの数、攻撃パターンの数、又は脆弱性の数を、所定の条件に従ってカウントすることで、複数のリスク分析結果を集約する。共通情報集約部102は、集約した情報を、集約情報DB140に登録する。共通情報集約部102は、図1に示される集約部12に対応する。 The common information aggregation unit 102 aggregates risk analysis results 201 of multiple systems 200-1 to 200-N (see FIG. 3) using a predetermined evaluation index, using information stored in the attack information DB 120 and information stored in the countermeasure information DB 130. The common information aggregation unit 102 aggregates multiple risk analysis results, for example, by counting the number of systems, the number of attack routes, the number of attack patterns, or the number of vulnerabilities according to predetermined conditions. The common information aggregation unit 102 registers the aggregated information in the aggregated information DB 140. The common information aggregation unit 102 corresponds to the aggregation unit 12 shown in FIG. 1.
 リスク可視化部103は、共通情報集約部102で集約されたリスク分析結果をユーザに提示する。例えば、リスク可視化部103は、対策情報DB130及びリスク情報DB140に記憶される情報を使用して、システム全体としてシステムがどのようなリスクを含むかなどの情報を表示装置の画面上に表示する。全体システム管理者は、表示画面を見ることで、システム全体としてシステムがどのようなリスクを含むかなどの情報を知ることができる。リスク可視化部103は、図1に示される可視化部13に対応する。 The risk visualization unit 103 presents the risk analysis results aggregated by the common information aggregation unit 102 to the user. For example, the risk visualization unit 103 uses information stored in the countermeasure information DB 130 and the risk information DB 140 to display information such as what risks the system as a whole contains on the screen of a display device. By looking at the display screen, the overall system administrator can know information such as what risks the system as a whole contains. The risk visualization unit 103 corresponds to the visualization unit 13 shown in FIG. 1.
 以下、集約の具体的な例を用いて、共通情報集約部102及びリスク可視化部103の動作を説明する。可視化の第1の具体例において、共通情報集約部102は、リスク値、及び攻撃に使用される脆弱性に基づいて、所定の条件に合致するシステムの数をカウントすることで、複数のシステムのリスク分析結果を集約する。例えば、共通情報集約部102は、危険度が高い所定数の脆弱性について、それら脆弱性に関連する攻撃ルートを有するシステムの数をカウントする。共通情報集約部102は、脆弱性に関連する攻撃ルートをそのリスク値で分類し、リスク値ごとにシステムの数をカウントしてもよい。また、共通情報集約部102は、脆弱性が悪用される攻撃ルートが、対処済であるか、対処中であるか、又は未対処であるかに応じて、システムの数をカウントしてもよい。 Below, the operation of the common information aggregation unit 102 and the risk visualization unit 103 will be described using a specific example of aggregation. In a first specific example of visualization, the common information aggregation unit 102 aggregates risk analysis results of multiple systems by counting the number of systems that meet predetermined conditions based on the risk value and the vulnerabilities used in the attack. For example, the common information aggregation unit 102 counts the number of systems that have attack routes related to a certain number of vulnerabilities with high risk levels. The common information aggregation unit 102 may classify the attack routes related to the vulnerabilities by their risk values and count the number of systems for each risk value. In addition, the common information aggregation unit 102 may count the number of systems depending on whether the attack route exploiting the vulnerability has been addressed, is being addressed, or has not been addressed.
 図4は、第1の具体例における可視化の例を示す。共通情報集約部102は、例えば、所定数以上のシステムで悪用される複数の脆弱性のそれぞれについて危険度を特定する。共通情報集約部102は、危険度に応じて、複数の脆弱性のうち、危険度が高い順に、所定数の脆弱性を、危険な脆弱性として選択する。共通情報集約部102は、例えば、2以上のシステムで悪用され、かつCVSSスコアが高い上位5つの脆弱性を、危険な脆弱性として選択する。共通情報集約部102は、危険な脆弱性として選択した脆弱性に関連する攻撃ルートを有するシステムの数を、リスク値ごとにカウントする。また、共通情報集約部102は、各攻撃ルートを、対処済みか、対処中か、未対処であるかに分類し、分類ごとにシステムの数をカウントする。共通情報集約部102は、関弱性及びリスク値ごとにカウントしたシステムの数を、集約情報DB140に登録する。 FIG. 4 shows an example of visualization in the first specific example. The common information aggregation unit 102, for example, identifies the risk level for each of multiple vulnerabilities exploited in a predetermined number or more systems. The common information aggregation unit 102 selects a predetermined number of vulnerabilities as dangerous vulnerabilities from among the multiple vulnerabilities in order of increasing risk according to the risk level. The common information aggregation unit 102 selects, for example, the top five vulnerabilities exploited in two or more systems and with the highest CVSS scores as dangerous vulnerabilities. The common information aggregation unit 102 counts the number of systems having attack routes related to the vulnerabilities selected as dangerous vulnerabilities for each risk value. In addition, the common information aggregation unit 102 classifies each attack route into whether it has been addressed, is being addressed, or has not been addressed, and counts the number of systems for each classification. The common information aggregation unit 102 registers the number of systems counted for each vulnerability and risk value in the aggregated information DB 140.
 リスク可視化部103は、集約情報DB140から情報を取得し、図4に示される表を表示する。リスク可視化部103は、図4に示される表の表示では、脆弱性の列の色を、脆弱性の危険度に応じて変更してもよい。例えば、リスク可視化部103は、各脆弱性のCVSSスコアを複数のレベルに分類し、分類したレベルに応じた色で、脆弱性の列を表示してもよい。全体システム管理者は、表を参照することで、例えば危険度が最も高い「CVE-XXX0」、及びリスク値「A」の組み合わせについて、対処済み、すなわち攻撃ルートに対して対策が既に実施されているシステムの数が「0」であることを知ることができる。また、全体システム管理者は、その組み合わせについて、対処中のシステム、つまり対策を講じている最中のシステムの数が「5」であり、未対処のシステムの数が「10」であることを知ることができる。また、全体システム管理者は、危険度が2番目に高い「CVE-XXX0」、及びリスク値「B」の組み合わせについて、未対処のシステムの数が「1」であることを知ることができる。 The risk visualization unit 103 acquires information from the aggregated information DB 140 and displays the table shown in FIG. 4. In displaying the table shown in FIG. 4, the risk visualization unit 103 may change the color of the vulnerability column according to the risk of the vulnerability. For example, the risk visualization unit 103 may classify the CVSS score of each vulnerability into a plurality of levels and display the vulnerability column in a color according to the classified level. By referring to the table, the overall system administrator can know that for the combination of "CVE-XXX0" with the highest risk level and risk value "A", the number of systems that have been dealt with, i.e., systems for which measures have already been implemented against the attack route, is "0". Furthermore, the overall system administrator can know that for that combination, the number of systems that are being dealt with, i.e., systems for which measures are being taken, is "5", and the number of systems that have not been dealt with is "10". Furthermore, the overall system administrator can know that for the combination of "CVE-XXX0" with the second highest risk level and risk value "B", the number of systems that have not been dealt with is "1".
 仮に、複数のリスク分析結果が共通情報集約部102において集約されないとした場合、図3に示される個別システム管理者などの担当運用者は、システム単位で、脆弱性への対処を実施する必要がある。また、全体システム管理者は、コストが限られる場合、個別システム管理者に対して各システムの状況をヒアリングし、対処の優先順位を考える必要がある。これに対し、第1の具体例では、全体システム管理者は、危険度が高く、かつ攻撃された場合にリスク値が高い脆弱性に関連する攻撃ルートを有するシステムから順に、対策を実施していくことを計画することができる。このように、システム管理者は、図4に示される表を参照することで、システム全体として危険性を低減させる場合に、危険な脆弱性の対策順序の把握が可能である。 If multiple risk analysis results are not aggregated in the common information aggregation unit 102, the responsible operator, such as the individual system administrator shown in FIG. 3, will need to address vulnerabilities on a system-by-system basis. Furthermore, if costs are limited, the overall system administrator will need to interview the individual system administrators about the status of each system and consider the priority of the measures. In contrast, in the first specific example, the overall system administrator can plan to implement measures in order, starting with systems that have attack routes related to vulnerabilities that are highly dangerous and have a high risk value if attacked. In this way, by referring to the table shown in FIG. 4, the system administrator can understand the order of measures to be taken for dangerous vulnerabilities when reducing risk to the entire system.
 全体システム管理者は、図4に表示される表において、システム数がカウントされる、脆弱性とリスク値との組み合わせを選択することができる。リスク可視化部103は、選択された組み合わせに関連するシステムを特定し、特定したシステムを担当する個別システム管理者に、通知を送信してもよい。リスク可視化部103は、例えば、図4に示される表において、「未対処」に対応するシステムを、選択された組み合わせに関連するシステムとして特定してもよい。リスク可視化部103は、特定したシステムを担当する個別システム管理者に、通知を送信する。例えば、図4に示される表において、「CVE-XXX0」、及びリスク値「A」の組み合わせが選択された場合、リスク可視化部103は、未対処の10個のシステムそれぞれの個別システム担当者に、通知を送信してもよい。 The overall system administrator can select a combination of vulnerability and risk value for which the number of systems is counted in the table displayed in FIG. 4. The risk visualization unit 103 may identify systems related to the selected combination and send a notification to the individual system administrator in charge of the identified system. For example, the risk visualization unit 103 may identify a system corresponding to "Unaddressed" in the table shown in FIG. 4 as a system related to the selected combination. The risk visualization unit 103 sends a notification to the individual system administrator in charge of the identified system. For example, if a combination of "CVE-XXX0" and risk value "A" is selected in the table shown in FIG. 4, the risk visualization unit 103 may send a notification to the individual system administrator in charge of each of the 10 unaddressed systems.
 図5は、個別システム管理者に送信される通知の一例を示す。図5に示される通知は、脆弱性情報と、関連するシステム情報と、対策情報とを含む。脆弱性情報は、脆弱性のCVSSスコア、PoCコードの有無、及び被害事例の有無の情報を含む。関連するシステム情報は、資産名などの、個別システム管理者が担当するシステムにおける脆弱性を有する資産を識別する情報、及び関連する攻撃ルートの数を含む。関連するシステム情報は、通知先の個別システム管理者ごとに異なり得る。対策情報は、脆弱性に対する一般的な対応策を示す情報である。図5の例において、対策情報は、恒久策なる対策Aと、緩和策となる対策Bとを含む。リスク可視化部103は、全体システム管理者が組み合わせを選択した場合に通知を送信することに代えて、又はこれに加えて、各組み合わせについて、定期的に、個別システム管理者に通知を送信してもよい。 FIG. 5 shows an example of a notification sent to an individual system administrator. The notification shown in FIG. 5 includes vulnerability information, related system information, and countermeasure information. The vulnerability information includes the CVSS score of the vulnerability, the presence or absence of a PoC code, and information on the presence or absence of damage cases. The related system information includes information identifying an asset having a vulnerability in the system managed by the individual system administrator, such as the asset name, and the number of related attack routes. The related system information may differ for each individual system administrator to whom the notification is sent. The countermeasure information is information indicating a general countermeasure against a vulnerability. In the example of FIG. 5, the countermeasure information includes countermeasure A, which is a permanent measure, and countermeasure B, which is a mitigation measure. Instead of or in addition to sending a notification when the overall system administrator selects a combination, the risk visualization unit 103 may periodically send a notification to the individual system administrator for each combination.
 次に、可視化の第2の具体例を説明する。図6は、第2の具体例における可視化の例を示す。第2の具体例において、共通情報集約部102は、第1の具体例と同様に、複数の脆弱性のうち、危険度が高い順に、所定数の脆弱性を、危険な脆弱性として選択する。また、共通情報集約部102は、各システムのシステムリスク値に基づいて、複数のシステムのうち、システムリスク値が高い順に、所定数のシステムを、リスクが高いシステムとして選択する。システムリスク値は、例えば、各システムにおいて、複数の攻撃ルート又は複数の資産に対するリスク値の最大値であってもよい。共通情報集約部102は、例えば、5つの脆弱性を危険な脆弱性として選択し、5つのシステムをリスクが高いシステムとして選択する。 Next, a second specific example of visualization will be described. FIG. 6 shows an example of visualization in the second specific example. In the second specific example, the common information aggregation unit 102 selects a predetermined number of vulnerabilities as dangerous vulnerabilities from among the multiple vulnerabilities in order of decreasing risk, as in the first specific example. Furthermore, the common information aggregation unit 102 selects a predetermined number of systems as high-risk systems from among the multiple systems in order of decreasing system risk value based on the system risk value of each system. The system risk value may be, for example, the maximum value of risk values for multiple attack routes or multiple assets in each system. For example, the common information aggregation unit 102 selects five vulnerabilities as dangerous vulnerabilities and five systems as high-risk systems.
 共通情報集約部102は、選択した脆弱性ごと、及び選択したシステムごとに、その脆弱性を有する資産の数をカウントする。また、共通情報集約部102は、選択した脆弱性を有する資産のうち、攻撃に使用される資産の数をカウントする。リスク可視化部103は、危険な脆弱性を有する資産に対する、攻撃に使用される資産の割合を表示する。例えば、リスク可視化部103は、システム1において脆弱性「CVE-XXX0」を有する資産の数が「10」で、そのうち、攻撃に使用される資産の数が「3」である場合、脆弱性「CVE-XXX0」とシステム1との組み合わせについて、「3/10」を表示する。リスク可視化部103は、割合を表示するのに代えて、単に、攻撃に使用される資産の数を表示してもよい。 The common information aggregation unit 102 counts the number of assets that have the vulnerability for each selected vulnerability and for each selected system. The common information aggregation unit 102 also counts the number of assets that have the selected vulnerability that are used in attacks. The risk visualization unit 103 displays the ratio of assets that are used in attacks to assets that have dangerous vulnerabilities. For example, if the number of assets that have the vulnerability "CVE-XXX0" in system 1 is "10" and the number of assets that are used in attacks is "3," the risk visualization unit 103 displays "3/10" for the combination of vulnerability "CVE-XXX0" and system 1. Instead of displaying the ratio, the risk visualization unit 103 may simply display the number of assets that are used in attacks.
 共通情報集約部102は、選択した脆弱性ごと、及び選択したシステムごとに、脆弱性に関連する攻撃ルートの数をカウントしてもよい。また、共通情報集約部102は、システムごとに、攻撃ルートの総数をカウントしてもよい。その場合、リスク可視化部103は、システムごとに、攻撃ルートの総数に対する、危険な脆弱性が使用される攻撃ルートの数の割合を表示してもよい。リスク可視化部103は、割合を表示するのに代えて、単に、危険な脆弱性が使用される攻撃ルートの数を表示してもよい。リスク可視化部103は、カウントした数値を、危険な脆弱性を有する資産のリスク値の最大値、又は危険な脆弱性が使用される攻撃ルートのリスク値の最大値に応じた色で表示してもよい。また、リスク可視化部103は、図6に示される表の表示では、脆弱性の列の色を、脆弱性の危険度に応じて変更してもよい。 The common information aggregation unit 102 may count the number of attack routes related to the vulnerability for each selected vulnerability and for each selected system. The common information aggregation unit 102 may also count the total number of attack routes for each system. In this case, the risk visualization unit 103 may display the ratio of the number of attack routes using dangerous vulnerabilities to the total number of attack routes for each system. Instead of displaying the ratio, the risk visualization unit 103 may simply display the number of attack routes using dangerous vulnerabilities. The risk visualization unit 103 may display the counted numerical value in a color corresponding to the maximum value of the risk value of the asset having a dangerous vulnerability or the maximum value of the risk value of the attack route using a dangerous vulnerability. The risk visualization unit 103 may also change the color of the vulnerability column in the display of the table shown in FIG. 6 according to the risk level of the vulnerability.
 全体システム管理者は、図6に表示される表において、脆弱性とシステムとの組み合わせを選択することができる。リスク可視化部103は、選択されたシステムを担当する個別システム管理者に、選択された脆弱性に関する情報を含む通知を送信してもよい。リスク可視化部103は、例えば図5に示される通知と同様な通知を、選択されたシステムを担当する個別システム管理者に送信する。第2の具体例において、送信される通知における関連システム情報は、例えば、ホストAを経由する攻撃ルートの数と、ホストAを経由する、選択された脆弱性が使用される攻撃ルートの数とが含まれていてもよい。第2の具体例においても、リスク可視化部103は、全体システム管理者が組み合わせを選択した場合に通知を送信することに代えて、又はこれに加えて、各組み合わせについて、定期的に、個別システム管理者に通知を送信してもよい。 The overall system administrator can select a combination of a vulnerability and a system in the table displayed in FIG. 6. The risk visualization unit 103 may send a notification including information about the selected vulnerability to the individual system administrator in charge of the selected system. The risk visualization unit 103 sends a notification similar to the notification shown in FIG. 5 to the individual system administrator in charge of the selected system. In the second specific example, the related system information in the sent notification may include, for example, the number of attack routes that go through host A and the number of attack routes that go through host A and use the selected vulnerability. In the second specific example, instead of or in addition to sending a notification when the overall system administrator selects a combination, the risk visualization unit 103 may periodically send a notification to the individual system administrator for each combination.
 第2の具体例において、全体システム管理者は、図6に示される表を参照することで、危険度が高い脆弱性を有し、かつリスクが高いシステムから順に対策を実施していくことを計画することができる。リスクが高いシステムに対して対策が実施された場合、対策が実施されたシステムのリスク値が下がり、その結果、リスクが高いシステムのランキングが変化する。全体システム管理者は、ランキングの変化後に、危険度が高い脆弱性を有し、かつリスクが高いシステムから順に対策を実施していくことを、再度計画することができる。 In the second specific example, the overall system administrator can refer to the table shown in FIG. 6 to plan to implement measures in order of systems that have high-risk vulnerabilities and that pose the highest risk. When measures are implemented for a high-risk system, the risk value of the system for which measures have been implemented decreases, and as a result, the ranking of the high-risk systems changes. After the ranking changes, the overall system administrator can again plan to implement measures in order of systems that have high-risk vulnerabilities and that pose the highest risk.
 続いて可視化の第3の具体例を説明する。図7は、第3の具体例における可視化の例を示す。第3の具体例において、共通情報集約部102は、リスクが高いシステムを特定し、攻撃ルートのリスク値ごと、及びリスクが高いシステムごとに、攻撃ルートの数をカウントする。リスクが高いシステムの特定の仕方は、第2の具体例におけるリスクが高いシステムの特定の仕方と同様でよい。例えば、共通情報集約部102は、システム1について、リスク値「A」の攻撃ルートの数、リスク値「B」の攻撃ルートの数、リスク値「C」の攻撃ルートの数、リスク値「D」の攻撃ルートの数、及びリスク値「E」の攻撃ルートの数をカウントする。共通情報集約部102は、他のシステムについても、リスク値ごとに、攻撃ルートの数をカウントする。 Next, a third specific example of visualization will be described. FIG. 7 shows an example of visualization in the third specific example. In the third specific example, the common information aggregation unit 102 identifies high-risk systems and counts the number of attack routes for each risk value of the attack route and for each high-risk system. The method of identifying high-risk systems may be similar to the method of identifying high-risk systems in the second specific example. For example, the common information aggregation unit 102 counts the number of attack routes with risk value "A", the number of attack routes with risk value "B", the number of attack routes with risk value "C", the number of attack routes with risk value "D", and the number of attack routes with risk value "E" for system 1. The common information aggregation unit 102 also counts the number of attack routes for each risk value for other systems.
 リスク可視化部103は、攻撃ルートのリスク値ごと、及びリスクが高いシステムごとに、攻撃ルートの数を表示する。リスク可視化部103は、攻撃ルートのリスク値ごとに、リスクが高いシステムにおける攻撃ルートの数の平均値を表示してもよい。また、リスク可視化部103は、各システムの攻撃ルートの数が、攻撃ルートの数の平均値以上の場合、攻撃ルートの数を強調して表示してもよい。リスク可視化部103は、例えば、平均値以上の攻撃ルートの数を、赤色などの所定の色、又は所定の背景色で表示してもよい。リスク値の平均値を用いることに代えて、リスク値に対する所定のしきい値が用いられてもよい。 The risk visualization unit 103 displays the number of attack routes for each risk value of the attack route and for each high-risk system. The risk visualization unit 103 may display the average number of attack routes in high-risk systems for each risk value of the attack route. Furthermore, when the number of attack routes in each system is equal to or greater than the average number of attack routes, the risk visualization unit 103 may highlight the number of attack routes. For example, the risk visualization unit 103 may display the number of attack routes equal to or greater than the average in a predetermined color such as red, or in a predetermined background color. Instead of using the average value of the risk value, a predetermined threshold value for the risk value may be used.
 第3の具体例では、全体システム管理者は、リスクが高いシステムごと、及びリスク値ごとに、攻撃ルートの数を一覧で把握できる。このため、全体システム管理者は、システム間で、リスク値ごとに、攻撃ルートの数を容易に比較できる。このため、全体システム管理者は、個別のシステムに関する知識がない場合でも、全システムのうちでどのシステムが危険であり、対策の実施が必要であるかを、容易に把握できる。リスク可視化部103は、表を用いた可視化に代えて、棒グラフ、又はレーダーチャートを用いて、リスク値ごと、及びリスクが高いシステムごとにカウントされた攻撃ルートの数を可視化してもよい。 In the third specific example, the overall system administrator can grasp the number of attack routes in a list for each high-risk system and for each risk value. Therefore, the overall system administrator can easily compare the number of attack routes between systems and for each risk value. Therefore, even if the overall system administrator does not have knowledge about individual systems, he or she can easily grasp which systems among all the systems are at risk and for which countermeasures need to be implemented. Instead of visualization using a table, the risk visualization unit 103 may visualize the number of attack routes counted for each risk value and for each high-risk system using a bar graph or radar chart.
 全体システム管理者は、図7に表示される表において、リスク値とシステムとの組み合わせを選択することができる。リスク可視化部103は、選択されたシステムを担当する個別システム管理者に、選択されたリスク値の攻撃ルートに関する情報を含む通知を送信してもよい。例えば、図7に示される表において、リスク値「A」、及びシステム1の組み合わせが選択された場合、リスク可視化部103は、システム1の個別システム担当者に、リスク値「A」の攻撃ルートに関する情報を含む通知を送信してもよい。 The overall system administrator can select a combination of risk value and system in the table displayed in FIG. 7. The risk visualization unit 103 may send a notification including information regarding the attack route of the selected risk value to the individual system administrator in charge of the selected system. For example, if a combination of risk value "A" and system 1 is selected in the table shown in FIG. 7, the risk visualization unit 103 may send a notification including information regarding the attack route of risk value "A" to the individual system person in charge of system 1.
 図8は、個別システム管理者に送信される通知の一例を示す。図8に示される通知は、攻撃ルート情報と、使用される脆弱性の情報とを含む。攻撃ルート情報は、攻撃の起点となる資産、攻撃の最終目的である資産、起点から最終目標までに経由する資産、及び攻撃に使用される攻撃パターンの情報を含む。脆弱性に関する情報は、脆弱性を有する資産と、脆弱性を識別する情報、及び関連する攻撃ルートの数を含む。第3の具体例において、個別システム管理者に送信される通知は、対策情報、すなわち、脆弱性に対する一般的な対応策を示す情報を含み得る。第3の具体例においても、リスク可視化部103は、全体システム管理者が組み合わせを選択した場合に通知を送信することに代えて、又はこれに加えて、各組み合わせについて、定期的に、個別システム管理者に通知を送信することができる。 FIG. 8 shows an example of a notification sent to an individual system administrator. The notification shown in FIG. 8 includes attack route information and information on the vulnerability used. The attack route information includes the asset that is the starting point of the attack, the asset that is the final target of the attack, the assets along the way from the starting point to the final target, and information on the attack pattern used in the attack. The vulnerability information includes the asset having the vulnerability, information identifying the vulnerability, and the number of related attack routes. In the third specific example, the notification sent to the individual system administrator may include countermeasure information, i.e., information indicating a general countermeasure against the vulnerability. In the third specific example, the risk visualization unit 103 may also periodically send notifications to the individual system administrator for each combination, instead of or in addition to sending a notification when the overall system administrator selects a combination.
 続いて、可視化の第4の具体例を説明する。図9は、第4の具体例における可視化の例を示す。第4の具体例では、攻撃ルート数の可視化に、棒グラフが用いられる。共通情報集約部102は、第3の具体例と同様に、攻撃ルートのリスク値ごと、及びリスクが高いシステムごとに、攻撃ルートの数をカウントする。さらに、第4の具体例では、共通情報集約部102は、各攻撃ルートについて、対策多重度を調べる。対策多重度は、1つの攻撃ルートにおいて実施される対策の数を示す。共通情報集約部102は、各リスク値について、対策多重度が所定数以上の攻撃ルートの数と、対策多重度が所定数未満の攻撃ルートの数とをカウントする。 Next, a fourth specific example of visualization will be described. FIG. 9 shows an example of visualization in the fourth specific example. In the fourth specific example, a bar graph is used to visualize the number of attack routes. As in the third specific example, the common information aggregation unit 102 counts the number of attack routes for each risk value of the attack route and for each high-risk system. Furthermore, in the fourth specific example, the common information aggregation unit 102 checks the countermeasure multiplicity for each attack route. The countermeasure multiplicity indicates the number of countermeasures implemented for one attack route. For each risk value, the common information aggregation unit 102 counts the number of attack routes with a countermeasure multiplicity equal to or greater than a predetermined number, and the number of attack routes with a countermeasure multiplicity less than a predetermined number.
 共通情報集約部102は、例えば、各リスク値について、対策多重度が3以上の攻撃ルートの数と、対策多重度が2以下の攻撃ルートの数とをカウントする。第4の具体例において、リスク可視化部103は、システムA-Cについて、攻撃ルートの数を、攻撃ルートのリスク値と対策多重度の数とに応じて、棒グラフで可視化する。図9に示される棒グラフにおいて、例えば「A3-」は、リスク値が「A」であり、かつ対策多重度が3以上の攻撃ルートを表している。また、「A-2」は、リスク値が「A」であり、かつ対策多重度が2以下の攻撃ルートを表している。 The common information aggregation unit 102, for example, counts the number of attack routes with a countermeasure multiplicity of 3 or more and the number of attack routes with a countermeasure multiplicity of 2 or less for each risk value. In a fourth specific example, the risk visualization unit 103 visualizes the number of attack routes for systems A-C in a bar graph according to the risk value of the attack route and the number of countermeasure multiplicities. In the bar graph shown in FIG. 9, for example, "A3-" represents an attack route with a risk value of "A" and a countermeasure multiplicity of 3 or more. Also, "A-2" represents an attack route with a risk value of "A" and a countermeasure multiplicity of 2 or less.
 リスク可視化部103は、棒グラフにおいて、攻撃ルートの数の平均値を表示してもよい。その場合、全体システム管理者は、攻撃ルートの数が平均値を超えているシステムをリスクが高いシステムとして認識することができ、そのシステムに対する対策を優先的に立案できる。また、リスク可視化部103は、攻撃ルートの数をリスク値に応じた重みで重み付けし、棒グラフの各ブロックの長さを重みに応じて変更してもよい。例えば、リスク可視化部103は、リスク値が高いほど、攻撃ルートの数「1」あたりのブロックの長さを長くする。その場合、リスク値が高い攻撃ルートの数が多いほど、棒グラフの高さが高くなる。 The risk visualization unit 103 may display the average number of attack routes in a bar graph. In this case, the overall system administrator can recognize a system in which the number of attack routes exceeds the average value as a high-risk system, and can prioritize planning countermeasures for that system. In addition, the risk visualization unit 103 may weight the number of attack routes with a weight according to the risk value, and change the length of each block in the bar graph according to the weight. For example, the higher the risk value, the longer the length of the block per "1" attack route. In this case, the higher the number of attack routes with a high risk value, the higher the height of the bar graph.
 可視化の第5の具体例を説明する。図10は、第5の具体例における可視化の例を示す。第5の具体例では、攻撃ルート数の可視化に、レーダーチャートが用いられる。共通情報集約部102は、第3の具体例と同様に、攻撃ルートのリスク値ごと、及びリスクが高いシステムごとに、攻撃ルートの数をカウントする。第5の具体例において、リスク可視化部103は、システム1-3について、攻撃ルートの数を、攻撃ルートのリスク値に応じて、レーダーチャートで可視化する。 A fifth specific example of visualization will be described. FIG. 10 shows an example of visualization in the fifth specific example. In the fifth specific example, a radar chart is used to visualize the number of attack routes. As in the third specific example, the common information aggregation unit 102 counts the number of attack routes for each risk value of the attack route and for each high-risk system. In the fifth specific example, the risk visualization unit 103 visualizes the number of attack routes for systems 1-3 in a radar chart according to the risk value of the attack route.
 リスク可視化部103は、レーダーチャートにおいて、リスク値ごとに攻撃ルートの数の平均値を表示してもよい。その場合、リスク可視化部103は、平均値を超える攻撃ルートの数を、赤色などで強調して表示してもよい。全体システム管理者は、攻撃ルートの数が平均値を超えているシステムをリスクが高いシステムとして認識することができ、そのシステムに対する対策を優先的に立案できる。第5の具体例においても、リスク可視化部103は、攻撃ルートの数をリスク値に応じた重みで重み付けしてもよい。 The risk visualization unit 103 may display the average number of attack routes for each risk value in a radar chart. In this case, the risk visualization unit 103 may highlight the number of attack routes that exceed the average value in red, for example. The overall system administrator can recognize a system in which the number of attack routes exceeds the average value as a high-risk system, and can prioritize planning countermeasures for that system. In the fifth specific example, the risk visualization unit 103 may also weight the number of attack routes with a weight according to the risk value.
 可視化の第6の具体例を説明する。図11は、第6の具体例における可視化の例を示す。共通情報集約部102は、全システムのリスク分析結果から、攻撃ルートに使用された攻撃パターンを抽出する。共通情報集約部102は、リスク分析結果から、抽出された攻撃パターンのそれぞれについて、攻撃パターンによって最も使用される脆弱性を特定する。また、全システムの攻撃ルートにおいて、各攻撃パターンの悪用数、すなわち、各攻撃パターンが使用された数をカウントする。共通情報集約部102は、リスク分析結果が被害額を含む場合、リスク分析結果から被害額の最大値を取得する。共通情報集約部102は、被害額に代えて、又はこれに加えて、脆弱性に関連するニュース記事の数、事例数、又はPoCの数を取得してもよい。 A sixth specific example of visualization will be described. FIG. 11 shows an example of visualization in the sixth specific example. The common information aggregation unit 102 extracts the attack patterns used in the attack routes from the risk analysis results of all systems. The common information aggregation unit 102 identifies the vulnerability most used by each of the extracted attack patterns from the risk analysis results. In addition, the common information aggregation unit 102 counts the number of exploits of each attack pattern, i.e., the number of times each attack pattern was used, in the attack routes of all systems. If the risk analysis results include the amount of damage, the common information aggregation unit 102 obtains the maximum amount of damage from the risk analysis results. Instead of or in addition to the amount of damage, the common information aggregation unit 102 may obtain the number of news articles, the number of cases, or the number of PoCs related to the vulnerability.
 リスク可視化部103は、攻撃ルートで使用される攻撃パターンと、使用される脆弱性と、攻撃ルートでの悪用数と、被害額とを表示する。攻撃ルートの悪用数の項目において、括弧内に記載される数値は、全攻撃パターンの数を示している。リスク可視化部103は、攻撃パーンを例えば攻撃ルートでの悪用数でソートし、攻撃ルートでの悪用数が多い攻撃パターンを最も上に表示してもよい。全体システム管理者は、図11に示される表を参照することで、複数のシステム全体において、どの攻撃パターンに対して対策すべきかを知ることができる。攻撃ルートでの悪用数が攻撃パターンに対して対策が実施される場合、多くの攻撃ルートに対して対策が実施される。このため、全体システム管理者は、効率のよい対策立案が可能である。 The risk visualization unit 103 displays the attack patterns used in the attack routes, the vulnerabilities used, the number of exploits in the attack routes, and the amount of damage. In the number of exploits in the attack route field, the number in parentheses indicates the total number of attack patterns. The risk visualization unit 103 may sort the attack patterns, for example, by the number of exploits in the attack route, and display the attack patterns with the most exploits in the attack routes at the top. By referring to the table shown in FIG. 11, the overall system administrator can know which attack patterns should be countered across multiple systems. When countermeasures are implemented for attack patterns with a high number of exploits in the attack routes, countermeasures are implemented for many attack routes. This allows the overall system administrator to plan efficient countermeasures.
 全体システム管理者は、図11に表示される表において、攻撃パターンを選択することができる。リスク可視化部103は、選択された攻撃パターンが攻撃ルートにおいて使用されているシステムを特定し、特定したシステムを担当する個別システム管理者に、攻撃パターンに関する情報を含む通知を送信してもよい。攻撃パターンに関する情報は、例えば選択された攻撃パターンによって使用される脆弱性の情報、及び対策情報を含む。脆弱性の情報は、図5に示される通知に含まれる脆弱性情報と同様でよい。対策情報は、図5に示される通知に含まれる対策情報と同様でよい。 The overall system administrator can select an attack pattern in the table displayed in FIG. 11. The risk visualization unit 103 may identify systems in which the selected attack pattern is used in the attack route, and send a notification including information about the attack pattern to the individual system administrator in charge of the identified system. The information about the attack pattern includes, for example, information about vulnerabilities used by the selected attack pattern, and countermeasure information. The vulnerability information may be the same as the vulnerability information included in the notification shown in FIG. 5. The countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
 可視化の第7の具体例を説明する。図12は、第7の具体例における可視化の例を示す。共通情報集約部102は、全システムのリスク分析結果から、攻撃ルートに使用された攻撃パターンを抽出する。共通情報集約部102は、攻撃パターンに関連する攻撃ルートを特定し、特定した攻撃ルートの数をカウントする。また、共通情報集約部102は、特定した攻撃ルートのリスク値を取得し、最大リスク値と、平均リスク値とを取得する。また、共通情報集約部102は、攻撃パターンに対する対策を取得する。 A seventh specific example of visualization will be described. FIG. 12 shows an example of visualization in the seventh specific example. The common information aggregation unit 102 extracts the attack patterns used in the attack routes from the risk analysis results of all systems. The common information aggregation unit 102 identifies attack routes related to the attack patterns and counts the number of identified attack routes. The common information aggregation unit 102 also obtains risk values for the identified attack routes, and obtains a maximum risk value and an average risk value. The common information aggregation unit 102 also obtains countermeasures against the attack patterns.
 リスク可視化部103は、攻撃ルートで使用される攻撃パターンと、関連する攻撃ルートの数と、最大リスク値と、平均リスク値と、対策とを表示する。リスク可視化部103は、攻撃パーンを例えば攻撃ルートの数でソートし、関連する攻撃ルートの数が多い攻撃パターンを最も上に表示してもよい。あるいは、リスク可視化部103は、システム全体に対して有効な対策ランキングを上位に表示してもよい。リスク可視化部103は、全体システム管理者にプルダウンメニューから対策を選択させ、選択された対策に関連する攻撃パターンの情報を表示してもよい。 The risk visualization unit 103 displays the attack patterns used in the attack routes, the number of associated attack routes, the maximum risk value, the average risk value, and the countermeasures. The risk visualization unit 103 may sort the attack patterns, for example, by the number of attack routes, and display the attack patterns with the largest number of associated attack routes at the top. Alternatively, the risk visualization unit 103 may display a ranking of countermeasures that are effective for the entire system at the top. The risk visualization unit 103 may allow the overall system administrator to select a countermeasure from a pull-down menu, and display information about the attack patterns related to the selected countermeasure.
 全体システム管理者は、図12に示される表を参照することで、複数のシステム全体において、関連する攻撃ルートの数が多く、悪用された場合に影響が大きい攻撃パターンを把握することができる。このため、全体システム管理者は、システム全体に対する対策検討を、効率的に実施できる。すなわち、全体システム管理者は、様々なシステムにおいて脆弱性がある場合に、全体としてどのような対策を実施すればリスクを低減できるかを、効率的に検討できる。 By referring to the table shown in Figure 12, the overall system administrator can understand attack patterns that have a large number of associated attack routes across multiple systems and will have a large impact if exploited. This allows the overall system administrator to efficiently consider countermeasures for the entire system. In other words, when there are vulnerabilities in various systems, the overall system administrator can efficiently consider what countermeasures should be implemented overall to reduce risk.
 全体システム管理者は、図12に表示される表において、攻撃パターンを選択することができる。リスク可視化部103は、選択された攻撃パターンが攻撃ルートにおいて使用されているシステムを特定し、特定したシステムを担当する個別システム管理者に、攻撃パターンに関する情報を含む通知を送信してもよい。攻撃パターンに関する情報は、例えば選択された攻撃パターンに関連する攻撃ルートの情報、使用される脆弱性の情報、及び対策情報を含む。攻撃ルートの情報は、図8に示される通知に含まれる攻撃ルート情報と同様でよい。脆弱性の情報は、図8に示される通知に含まれる脆弱性情報と同様でよい。対策情報は、図5に示される通知に含まれる対策情報と同様でよい。 The overall system administrator can select an attack pattern in the table displayed in FIG. 12. The risk visualization unit 103 may identify systems in which the selected attack pattern is used in an attack route, and send a notification including information about the attack pattern to the individual system administrator in charge of the identified system. The information about the attack pattern includes, for example, information about the attack route related to the selected attack pattern, information about vulnerabilities used, and countermeasure information. The attack route information may be the same as the attack route information included in the notification shown in FIG. 8. The vulnerability information may be the same as the vulnerability information included in the notification shown in FIG. 8. The countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
 可視化の第8の具体例を説明する。図13は、第8の具体例における可視化の例を示す。共通情報集約部102は、全システムのリスク分析結果から、攻撃に悪用される脆弱性を抽出する。共通情報集約部102は、脆弱性が登場する攻撃ルート、すなわち脆弱性が悪用される攻撃ルートを特定し、特定した攻撃ルートの数をカウントする。また、共通情報集約部102は、特定した攻撃ルートの最大リスク値を取得する。共通情報集約部102は、抽出した脆弱性のそれぞれについて、悪用事例の有無、攻撃コードの有無、実証コードの有無、及びCVSSスコアを取得する。これら脆弱性に関する各種情報は、例えば、インターネットなどを通じて、外部サーバから取得可能であってもよい。 An eighth specific example of visualization will now be described. FIG. 13 shows an example of visualization in the eighth specific example. The common information aggregation unit 102 extracts vulnerabilities that can be exploited in attacks from the risk analysis results of all systems. The common information aggregation unit 102 identifies attack routes in which vulnerabilities appear, i.e., attack routes in which vulnerabilities are exploited, and counts the number of identified attack routes. The common information aggregation unit 102 also obtains the maximum risk value of the identified attack routes. For each of the extracted vulnerabilities, the common information aggregation unit 102 obtains the presence or absence of exploitation cases, the presence or absence of attack code, the presence or absence of verification code, and the CVSS score. These various pieces of information on vulnerabilities may be obtainable from an external server, for example, via the Internet.
 リスク可視化部103は、悪用される脆弱性と、その脆弱性の悪用事例の有無と、攻撃ルートにおける最大リスク値と、攻撃コードの有無と、実証コードの有無と、CVSSスコアと、攻撃ルートでの登場回数とを表示する。全体システム管理者は、図13に示される表を参照することで、複数のシステム全体において、悪用される危険が高い脆弱性を把握することができる。このため、全体システム管理者は、システム全体に対する対策検討を、効率的に実施できる。 The risk visualization unit 103 displays the vulnerability to be exploited, whether or not the vulnerability has been exploited, the maximum risk value in the attack route, whether or not there is attack code, whether or not there is verification code, the CVSS score, and the number of times the vulnerability appears in the attack route. By referring to the table shown in FIG. 13, the overall system administrator can grasp the vulnerabilities that are at high risk of being exploited across multiple systems. This allows the overall system administrator to efficiently consider countermeasures for the entire system.
 全体システム管理者は、図13に表示される表において、脆弱性を選択することができる。リスク可視化部103は、選択された脆弱性が登場する攻撃ルートを有するシステムを特定し、特定したシステムを担当する個別システム管理者に、脆弱性に関する情報を含む通知を送信してもよい。脆弱性に関する情報は、例えば関連するシステムの情報、及び対策情報を含む。関連するシステムの情報は、図5に示される関連するシステムの情報と同様でよい。対策情報は、図5に示される通知に含まれる対策情報と同様でよい。 The overall system administrator can select a vulnerability in the table displayed in FIG. 13. The risk visualization unit 103 may identify a system having an attack route in which the selected vulnerability appears, and send a notification including information about the vulnerability to the individual system administrator in charge of the identified system. The information about the vulnerability includes, for example, information about the related system and countermeasure information. The information about the related system may be the same as the information about the related system shown in FIG. 5. The countermeasure information may be the same as the countermeasure information included in the notification shown in FIG. 5.
 続いて、動作手順を説明する。図14は、情報処理装置100の動作手順を示す。情報処理装置100の動作手順は、リスク可視化方法とも呼ばれる。収集部101は、複数のシステム200-1~200-N(図3を参照)に対して実施された複数のリスク分析結果201を収集する(ステップS1)。収集部101は、複数のリスク分析結果201から取得される攻撃に関する情報を攻撃情報DB120に登録する。また、収集部101は、リスク分析結果201から取得される対策に関する情報を対策情報DB130に登録する。 Next, the operation procedure will be explained. Figure 14 shows the operation procedure of the information processing device 100. The operation procedure of the information processing device 100 is also called a risk visualization method. The collection unit 101 collects multiple risk analysis results 201 performed on multiple systems 200-1 to 200-N (see Figure 3) (step S1). The collection unit 101 registers information about attacks obtained from the multiple risk analysis results 201 in the attack information DB 120. The collection unit 101 also registers information about countermeasures obtained from the risk analysis results 201 in the countermeasure information DB 130.
 共通情報集約部102は、攻撃情報DB120に登録された攻撃に関する情報、及び対策情報DB130に登録された対策に関する情報に基づいて、例えば複数のシステムに共通な情報を集約することで、複数のリスク分析結果を集約する(ステップS2)。共通情報集約部102は、例えばシステム、攻撃ルート、攻撃ステップ、又は脆弱性の観点で、複数のリスク分析結果を集約する。共通情報集約部102は、集約された情報を、集約情報DB140に登録する。リスク可視化部103は、集約情報DB140から登録された情報を読み出し、読み出した情報に基づいて、複数のシステムに存在するリスクを可視化する(ステップS3)。リスク可視化部103は、例えば前述の第1の具体例から第8の具体例の可視化方法で、複数のシステム全体に含まれるリスクを可視化する。 The common information aggregation unit 102 aggregates multiple risk analysis results, for example by aggregating information common to multiple systems, based on the information on attacks registered in the attack information DB 120 and the information on countermeasures registered in the countermeasure information DB 130 (step S2). The common information aggregation unit 102 aggregates multiple risk analysis results, for example, from the perspective of systems, attack routes, attack steps, or vulnerabilities. The common information aggregation unit 102 registers the aggregated information in the aggregated information DB 140. The risk visualization unit 103 reads the registered information from the aggregated information DB 140 and visualizes the risks present in the multiple systems based on the read information (step S3). The risk visualization unit 103 visualizes the risks contained in the multiple systems as a whole, for example, using the visualization methods of the first to eighth specific examples described above.
 本実施形態では、共通情報集約部102は、所定の観点で複数のリスク分析結果を集約し、リスク可視化部103は、集約されたリスク分析結果を表示する。例えば、共通情報集約部102は、複数のリスク分析結果を集約することで、特定の脆弱性に関連するシステムの数、複数のシステムにおける特定の脆弱性に関連する資産の数、若しくは攻撃ルートの数、又はリスク値ごとの攻撃ルートの数などカウントする。リスク可視化部103は、複数のシステムに横断して集約された情報を、全体システム管理者に提供する。全体システム管理者は、リスク可視化部103から提供される情報を用いることで、複数のシステム全体としてのリスクを容易に把握することができる。また、全体システム管理者は、対策の優先順位などを考えることができる。 In this embodiment, the common information aggregation unit 102 aggregates multiple risk analysis results from a predetermined perspective, and the risk visualization unit 103 displays the aggregated risk analysis results. For example, the common information aggregation unit 102 aggregates multiple risk analysis results to count the number of systems related to a specific vulnerability, the number of assets related to a specific vulnerability in multiple systems, or the number of attack routes, or the number of attack routes for each risk value. The risk visualization unit 103 provides the information aggregated across multiple systems to the overall system administrator. By using the information provided by the risk visualization unit 103, the overall system administrator can easily grasp the risk of multiple systems as a whole. In addition, the overall system administrator can consider the priority order of countermeasures, etc.
 また、本実施形態では、リスク可視化部103は、個別システム管理者に対して、選択された情報に関連する通知を送信することができる。個別システム管理者は、通知に含まれる情報を参考に、担当するシステムに含まれる脅威などを分析することができる。また、個別システム管理者は、脅威に対する対策を立案することができる。 Furthermore, in this embodiment, the risk visualization unit 103 can send a notification related to the selected information to the individual system administrator. The individual system administrator can analyze threats contained in the system for which he is responsible by referring to the information contained in the notification. Furthermore, the individual system administrator can plan countermeasures against threats.
 続いて、本開示の第2実施形態を説明する。図15は、本開示の第2実施形態に係る情報処理装置を示す。本実施形態に係る情報処理装置100aは、図2に示される第1実施形態において説明した情報処理装置100の構成に加えて、対策コストDB150を有する。対策コストDB150は、複数のシステムに対して導入可能な複数の対策のそれぞれについて、対策が導入される場合のコスト又は費用を記憶する。対策コストDB150は、対策コスト情報記憶部とも呼ばれる。 Next, a second embodiment of the present disclosure will be described. FIG. 15 shows an information processing device according to the second embodiment of the present disclosure. The information processing device 100a according to this embodiment has a countermeasure cost DB 150 in addition to the configuration of the information processing device 100 described in the first embodiment shown in FIG. 2. The countermeasure cost DB 150 stores the cost or expense when a countermeasure is introduced for each of a plurality of countermeasures that can be introduced into a plurality of systems. The countermeasure cost DB 150 is also called a countermeasure cost information storage unit.
 図16は、対策コストDB150に記憶される情報の例を示す。この例において、対策コストDB150は、対策0及び対策1について、それぞれ対策コスト「10k」及び「1M」を記憶する。対策コストの単位は、例えば日本円などの通貨単位であってもよい。対策コストDB150は、対策の導入に対してボリュームディスカウントが適用される場合、その割引率と、割引が反映される個数とを更に記憶してもよい。図16の例では、対策コストDB150は、対策1について、20個まとめて導入される場合に、10%の割引が適用されることを示す情報を記憶する。 FIG. 16 shows an example of information stored in countermeasure cost DB 150. In this example, countermeasure cost DB 150 stores countermeasure costs of "10k" and "1M" for countermeasure 0 and countermeasure 1, respectively. The unit of countermeasure cost may be a currency unit, such as Japanese yen. When a volume discount is applied to the introduction of a countermeasure, countermeasure cost DB 150 may further store the discount rate and the number of units to which the discount is reflected. In the example of FIG. 16, countermeasure cost DB 150 stores information indicating that a 10% discount is applied to countermeasure 1 when 20 units are introduced at once.
 本実施形態において、共通情報集約部102は、複数のシステムについてのリスク分析結果に基づいて、導入され得る対策ごとに、複数のシステムについての情報を集約する。リスク可視化部103は、集約された対策の情報を可視化する。リスク可視化部103は、集約された対策の情報の可視化では、対策コストDB150から対策コストを取得し、対策が導入される場合のコストを表示する。リスク可視化部103は、対策コストに加えて、ボリュームディスカウントが適用される個数、及び割引率も表示してもよい。 In this embodiment, the common information aggregation unit 102 aggregates information about multiple systems for each countermeasure that may be introduced based on the risk analysis results for the multiple systems. The risk visualization unit 103 visualizes the aggregated countermeasure information. In visualizing the aggregated countermeasure information, the risk visualization unit 103 obtains the countermeasure cost from the countermeasure cost DB 150 and displays the cost if the countermeasure is introduced. In addition to the countermeasure cost, the risk visualization unit 103 may also display the number to which a volume discount is applied and the discount rate.
 図17は、本実施形態における可視化の具体例を示す。共通情報集約部102は、例えば、導入され得る対策のそれぞれについて、対策可能な攻撃パターンの数、対策が導入されるシステムの数、及び対策箇所の数を集約する。リスク可視化部103は、対策可能な攻撃パターンの数、対策が導入されるシステムの数、対策箇所の数を表示する。また、リスク可視化部103は、対策コストDB150から各対策の対策コストを取得し、取得した各対策の対策コストを表示する。 FIG. 17 shows a specific example of visualization in this embodiment. The common information aggregation unit 102 aggregates, for example, for each countermeasure that can be introduced, the number of attack patterns that can be countered, the number of systems to which the countermeasure will be introduced, and the number of countermeasure locations. The risk visualization unit 103 displays the number of attack patterns that can be countered, the number of systems to which the countermeasure will be introduced, and the number of countermeasure locations. In addition, the risk visualization unit 103 obtains the countermeasure cost of each countermeasure from the countermeasure cost DB 150, and displays the obtained countermeasure cost of each countermeasure.
 本実施形態では、リスク可視化部103は、全体システム管理者に、対策可能な攻撃パターンの数、対策が導入されるシステムの数、対策箇所の数、及び対策コストの情報を提供する。この場合、全体システム管理者は、対策が導入される場合に、対策コストはどれくらいか、何個の数の攻撃パターンに対して対策できるか、何個のシステムに対して対策できるか、などの情報を知ることができる。このため、全体システム管理者は、対策コストと、対策できる攻撃パターン数及びシステム数などを考慮のうえ、効率が高い対策を優先的に決定することができる。また、本実施形態では、全体システム管理者は、ボリュームディスカウントがある場合に、ボリュームディスカウントが適用される個数、及び割引率を知ることができ、そのような情報を、対策立案に使用することができる。 In this embodiment, the risk visualization unit 103 provides the overall system administrator with information on the number of attack patterns that can be countered, the number of systems to which the countermeasures will be introduced, the number of countermeasure locations, and the cost of the countermeasures. In this case, the overall system administrator can know information such as how much the countermeasures will cost when countermeasures are introduced, how many attack patterns the countermeasures can be applied to, and how many systems the countermeasures can be applied to. Therefore, the overall system administrator can prioritize highly efficient countermeasures, taking into consideration the countermeasures cost, the number of attack patterns that can be countered, and the number of systems. Also, in this embodiment, if there is a volume discount, the overall system administrator can know the number of items to which the volume discount is applied and the discount rate, and can use such information when planning countermeasures.
 続いて、情報処理装置100の物理構成を説明する。図18は、情報処理装置100として用いられ得るコンピュータ装置の構成例を示す。コンピュータ装置500は、制御部(CPU:Central Processing Unit)510、記憶部520、ROM(Read Only Memory)530、RAM(Random Access Memory)540、通信インタフェース(IF:Interface)550、及びユーザインタフェース560を有する。制御部501は、プロセッサとも呼ばれる。 Next, the physical configuration of the information processing device 100 will be described. Figure 18 shows an example configuration of a computer device that can be used as the information processing device 100. The computer device 500 has a control unit (CPU: Central Processing Unit) 510, a storage unit 520, a ROM (Read Only Memory) 530, a RAM (Random Access Memory) 540, a communication interface (IF: Interface) 550, and a user interface 560. The control unit 501 is also called a processor.
 通信インタフェース550は、有線通信手段又は無線通信手段などを介して、コンピュータ装置500と通信ネットワークとを接続するためのインタフェースである。ユーザインタフェース560は、例えばディスプレイなどの表示部を含む。また、ユーザインタフェース560は、キーボード、マウス、及びタッチパネルなどの入力部を含む。 The communication interface 550 is an interface for connecting the computer device 500 to a communication network via a wired communication means or a wireless communication means. The user interface 560 includes a display unit such as a display. The user interface 560 also includes an input unit such as a keyboard, a mouse, and a touch panel.
 記憶部520は、各種のデータを保持できる補助記憶装置である。記憶部520は、必ずしもコンピュータ装置500の一部である必要はなく、外部記憶装置であってもよいし、ネットワークを介してコンピュータ装置500に接続されたクラウドストレージであってもよい。記憶部520は、例えば図2に示される攻撃情報DB120、対策情報DB130、及び集約情報DB140の少なくとも1つとして用いられ得る。 The storage unit 520 is an auxiliary storage device that can hold various types of data. The storage unit 520 does not necessarily have to be a part of the computer device 500, and may be an external storage device or cloud storage connected to the computer device 500 via a network. The storage unit 520 may be used, for example, as at least one of the attack information DB 120, countermeasure information DB 130, and aggregated information DB 140 shown in FIG. 2.
 ROM530は、不揮発性の記憶装置である。ROM530には、例えば比較的容量が少ないフラッシュメモリなどの半導体記憶装置が用いられる。CPU510が実行するプログラムは、記憶部520又はROM530に格納され得る。記憶部520又はROM530は、例えば情報処理装置100内の各部の機能を実現するための各種プログラムを記憶する。 ROM 530 is a non-volatile storage device. For example, a semiconductor storage device with a relatively small capacity, such as a flash memory, is used for ROM 530. Programs executed by CPU 510 can be stored in storage unit 520 or ROM 530. Storage unit 520 or ROM 530 stores various programs for implementing the functions of each unit in information processing device 100, for example.
 上記プログラムは、コンピュータに読み込まれた場合に、実施形態で説明された1又はそれ以上の機能をコンピュータに行わせるための命令群(又はソフトウェアコード)を含む。プログラムは、非一時的なコンピュータ可読媒体又は実体のある記憶媒体に格納されてもよい。限定ではなく例として、コンピュータ可読媒体又は実体のある記憶媒体は、RAM、ROM、フラッシュメモリ、solid-state drive(SSD)又はその他のメモリ技術、Compact Disc (CD)、digital versatile disc(DVD)、Blu-ray(登録商標)ディスク又はその他の光ディスクストレージ、磁気カセット、磁気テープ、磁気ディスクストレージ又はその他の磁気ストレージデバイスを含む。プログラムは、一時的なコンピュータ可読媒体又は通信媒体上で送信されてもよい。限定ではなく例として、一時的なコンピュータ可読媒体又は通信媒体は、電気的、光学的、音響的、又はその他の形式の伝搬信号を含む。 The program includes instructions (or software code) that, when loaded into a computer, causes the computer to perform one or more functions described in the embodiments. The program may be stored on a non-transitory computer-readable medium or a tangible storage medium. By way of example and not limitation, computer-readable media or tangible storage media include RAM, ROM, flash memory, solid-state drive (SSD) or other memory technology, Compact Disc (CD), digital versatile disc (DVD), Blu-ray (registered trademark) disc or other optical disk storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices. The program may be transmitted on a transitory computer-readable medium or a communication medium. By way of example and not limitation, transitory computer-readable media or communication media include electrical, optical, acoustic, or other forms of propagated signals.
 RAM540は、揮発性の記憶装置である。RAM540には、DRAM(Dynamic Random Access Memory)又はSRAM(Static Random Access Memory)などの各種半導体メモリデバイスが用いられる。RAM540は、データなどを一時的に格納する内部バッファとして用いられ得る。CPU510は、記憶部520又はROM530に格納されたプログラムをRAM540に展開し、実行する。CPU510がプログラムを実行することで、情報処理装置100の各部の機能が実現され得る。CPU510は、データなどを一時的に格納できる内部バッファを有してもよい。 RAM 540 is a volatile storage device. Various semiconductor memory devices such as DRAM (Dynamic Random Access Memory) or SRAM (Static Random Access Memory) are used for RAM 540. RAM 540 can be used as an internal buffer for temporarily storing data, etc. CPU 510 deploys a program stored in storage unit 520 or ROM 530 into RAM 540 and executes it. The functions of each part of information processing device 100 can be realized by CPU 510 executing a program. CPU 510 may have an internal buffer in which data, etc. can be temporarily stored.
 以上、本開示の実施形態を詳細に説明したが、本開示は、上記した実施形態に限定されるものではなく、本開示の趣旨を逸脱しない範囲で上記実施形態に対して変更や修正を加えたものも、本開示に含まれる。 The above describes the embodiments of the present disclosure in detail, but the present disclosure is not limited to the above-described embodiments, and the present disclosure also includes changes and modifications to the above-described embodiments that do not deviate from the spirit of the present disclosure.
 例えば、上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。 For example, some or all of the above embodiments can be described as follows, but are not limited to the following:
[付記1]
 複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得する分析結果取得部と、
 複数のリスク分析結果を、所定の評価指標で集約する集約部と、
 前記集約されたリスク分析結果の情報を、ユーザに提示する可視化部とを備える情報処理装置。 [Appendix 1]
an analysis result acquisition unit that acquires a plurality of risk analysis results that are results of risk analysis performed on each of the plurality of systems;
an aggregation unit that aggregates a plurality of risk analysis results using a predetermined evaluation index;
and a visualization unit that presents the aggregated risk analysis result information to a user.
[付記2]
 前記リスク分析結果は、攻撃が実施された場合のリスク値と、攻撃に使用される脆弱性とを含む、付記1に記載の情報処理装置。 [Appendix 2]
2. The information processing device according to claim 1, wherein the risk analysis result includes a risk value in the event that an attack is carried out and a vulnerability used in the attack.
[付記3]
 前記所定の評価指標は前記システムの数であり、
 前記集約部は、所定数の脆弱性ごとに、該脆弱性が攻撃に使用されるシステムの数をカウントし、
 前記可視化部は、前記所定数の脆弱性ごとにカウントされたシステムの数を表示する、付記2に記載の情報処理装置。 [Appendix 3]
the predetermined evaluation index is the number of the systems;
The aggregation unit counts, for each of a predetermined number of vulnerabilities, the number of systems in which the vulnerability is used in an attack;
The information processing device according to claim 2, wherein the visualization unit displays the number of systems counted for each of the predetermined number of vulnerabilities.
[付記4]
 前記集約部は、前記脆弱性の危険度に基づいて、前記所定数の脆弱性を選択する、付記3に記載の情報処理装置。 [Appendix 4]
The information processing device according to claim 3, wherein the aggregation unit selects the predetermined number of vulnerabilities based on a risk level of the vulnerability.
[付記5]
 前記リスク分析結果は、分析対象のシステムの資産に対して、想定される1以上の攻撃パターンで攻撃が行われた場合のリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記システムに含まれる資産の数であり、
 前記集約部は、所定数の脆弱性ごと、及び所定数のシステムごとに、前記システムにおいて前記脆弱性が攻撃に使用される資産の数をカウントし、
 前記可視化部は、前記所定数の脆弱性ごと、及び所定数のシステムごとにカウントされた資産の数を表示する、付記2に記載の情報処理装置。 [Appendix 5]
The risk analysis result includes a risk analysis result that evaluates a risk when an attack is carried out on the assets of the analysis target system using one or more assumed attack patterns,
the predetermined evaluation index is the number of assets included in the system;
The aggregation unit counts, for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems, the number of assets in the systems that are used in attacks by the vulnerabilities;
The information processing device according to claim 2, wherein the visualization unit displays the number of assets counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
[付記6]
 前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記攻撃ルートの数であり、
 前記集約部は、所定数の脆弱性ごと、及び所定数のシステムごとに、前記脆弱性に関連する攻撃ルートの数をカウントし、
 前記可視化部は、前記所定数の脆弱性ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、付記2に記載の情報処理装置。 [Appendix 6]
the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
the predetermined evaluation index is the number of attack routes;
The aggregation unit counts the number of attack routes associated with the vulnerabilities for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems;
The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
[付記7]
 前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記攻撃ルートの数であり、
 前記集約部は、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとに前記攻撃ルートの数をカウントし、
 前記可視化部は、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、付記2に記載の情報処理装置。 [Appendix 7]
the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
the predetermined evaluation index is the number of attack routes;
The aggregation unit counts the number of attack routes for each risk value of the attack route and for each predetermined number of systems;
The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each risk value of the attack route and for each of a predetermined number of systems.
[付記8]
 前記可視化部は、表、棒グラフ、又はレーダーチャートを用いて、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、付記7に記載の情報処理装置。 [Appendix 8]
The information processing device according to claim 7, wherein the visualization unit displays the number of attack routes counted for each risk value of the attack route and for each predetermined number of systems using a table, a bar graph, or a radar chart.
[付記9]
 前記リスク分析結果は、分析対象のシステムに含まれる侵入口から攻撃対象までに経由する攻撃ルートであって、攻撃元と攻撃先と攻撃パターンとを含む攻撃ステップを1以上含む攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記攻撃ルートの数であり、
 前記集約部は、複数の攻撃パターンごとに、該攻撃パターンで使用される脆弱性を特定し、該特定した脆弱性に関連する攻撃ルートの数をカウントし、
 前記可視化部は、前記複数の攻撃パターンごとに、前記特定した脆弱性と前記カウントされた攻撃ルートの数を表示する、付記2に記載の情報処理装置。 [Appendix 9]
the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern;
the predetermined evaluation index is the number of attack routes;
The aggregation unit identifies vulnerabilities used in each of a plurality of attack patterns, and counts the number of attack routes related to the identified vulnerabilities;
3. The information processing device according to claim 2, wherein the visualization unit displays the identified vulnerabilities and the number of counted attack routes for each of the multiple attack patterns.
[付記10]
 前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記攻撃ルートの数であり、
 前記集約部は、前記複数のシステムへの攻撃に使用される脆弱性ごとに、該脆弱性に関連する攻撃ルートの数をカウントし、
 前記可視化部は、前記脆弱性ごとにカウントされた攻撃ルートの数を表示する、付記2に記載の情報処理装置。 [Appendix 10]
the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
the predetermined evaluation index is the number of attack routes;
The aggregation unit counts, for each vulnerability used in an attack on the plurality of systems, a number of attack routes associated with the vulnerability;
The information processing device according to claim 2, wherein the visualization unit displays the number of attack routes counted for each vulnerability.
[付記11]
 前記リスク分析結果は、分析対象のシステムに含まれる侵入口から攻撃対象までに経由する攻撃ルートであって、攻撃元と攻撃先と攻撃パターンとを含む攻撃ステップを1以上含む攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
 前記所定の評価指標は前記攻撃ルートの数であり、
 前記集約部は、前記攻撃ルートに使用される攻撃パターンを特定し、該特定した攻撃パターンに関連する攻撃ルートの数をカウントし、
 前記可視化部は、前記特定された攻撃パターンと、前記カウントされた攻撃ルートの数とを表示する、付記1又は2に記載の情報処理装置。 [Appendix 11]
the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern;
the predetermined evaluation index is the number of attack routes;
The aggregation unit identifies an attack pattern used in the attack route, and counts the number of attack routes related to the identified attack pattern;
3. The information processing device according to claim 1, wherein the visualization unit displays the identified attack pattern and the number of the counted attack routes.
[付記12]
 前記集約部は、更に、前記システムに対する攻撃への対策ごとに、前記複数のリスク分析結果を集約し、
 前記可視化部は、更に、前記対策ごとに集約されたリスク分析結果の情報を表示する、付記1から11何れか1項に記載の情報処理装置。 [Appendix 12]
The aggregation unit further aggregates the plurality of risk analysis results for each countermeasure against an attack on the system,
12. The information processing device according to any one of claims 1 to 11, wherein the visualization unit further displays information of risk analysis results aggregated for each of the countermeasures.
[付記13]
 前記集約部は、前記対策が導入可能なシステムの数、及び対策が導入される箇所の数をカウントし、
 前記可視化部は、前記対策ごとに、前記対策が導入可能なシステムの数、及び対策が導入される箇所の数を表示する、付記12に記載の情報処理装置。 [Appendix 13]
The aggregation unit counts the number of systems to which the countermeasures can be introduced and the number of locations to which the countermeasures can be introduced;
13. The information processing device according to claim 12, wherein the visualization unit displays, for each of the countermeasures, the number of systems in which the countermeasure can be introduced and the number of locations where the countermeasure can be introduced.
[付記14]
 前記可視化部は、前記対策が実施される場合のコストを示す対策コストを記憶する対策コスト情報記憶部から前記対策コストを取得し、前記対策ごとに、前記対策コストを表示する、付記12又は13に記載の情報処理装置。 [Appendix 14]
The information processing device according to claim 12 or 13, wherein the visualization unit acquires the countermeasure costs from a countermeasure cost information storage unit that stores countermeasure costs indicating the cost when the countermeasure is implemented, and displays the countermeasure costs for each of the countermeasures.
[付記15]
 前記対策コスト情報記憶部は、割引が実施される数、及び割引率を更に記憶し、
 前記可視化部は、前記対策ごとに、前記割引が実施される数、及び割引率を更に表示する、付記14に記載の情報処理装置。 [Appendix 15]
The countermeasure cost information storage unit further stores the number of items to be discounted and a discount rate;
The information processing device according to claim 14, wherein the visualization unit further displays, for each of the measures, the number of the discounts to be implemented and a discount rate.
[付記16]
 複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、
 前記取得した複数のリスク分析結果を、所定の評価指標で集約し、
 前記集約されたリスク分析結果の情報を、ユーザに提示することを有するリスク可視化方法。 [Appendix 16]
obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems;
aggregating the acquired multiple risk analysis results using a predetermined evaluation index;
A risk visualization method comprising presenting information of the aggregated risk analysis results to a user.
[付記17]
 複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、
 前記取得した複数のリスク分析結果を、所定の評価指標で集約し、
 前記集約されたリスク分析結果の情報を、ユーザに提示することを含む処理をコンピュータに実行させるためのプログラムを記憶する非一時的なコンピュータ可読媒体。 [Appendix 17]
obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems;
aggregating the acquired multiple risk analysis results using a predetermined evaluation index;
A non-transitory computer-readable medium storing a program for causing a computer to execute a process including presenting information of the aggregated risk analysis results to a user.
10:情報処理装置
11:分析結果取得部
12:集約部
13:可視化部
20:リスク分析結果
100:情報処理装置
101:収集部
102:共通情報集約部
103:リスク可視化部
120:攻撃情報DB
130:対策情報DB
140:集約情報DB
200:システム
201:リスク分析結果
500:コンピュータ装置
510:CPU
520:記憶部
530:ROM
540:RAM
550:通信IF
560:ユーザIF 10: Information processing device 11: Analysis result acquisition unit 12: Aggregation unit 13: Visualization unit 20: Risk analysis result 100: Information processing device 101: Collection unit 102: Common information aggregation unit 103: Risk visualization unit 120: Attack information DB
130: Countermeasure information DB
140: Aggregated information DB
200: System 201: Risk analysis result 500: Computer device 510: CPU
520: Storage unit 530: ROM
540: RAM
550: Communication IF
560: User IF

Claims (17)

  1.  複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得する分析結果取得部と、
     複数のリスク分析結果を、所定の評価指標で集約する集約部と、
     前記集約されたリスク分析結果の情報を、ユーザに提示する可視化部とを備える情報処理装置。     an analysis result acquisition unit that acquires a plurality of risk analysis results that are results of risk analysis performed on each of the plurality of systems;
    an aggregation unit that aggregates a plurality of risk analysis results using a predetermined evaluation index;
    and a visualization unit that presents the aggregated risk analysis result information to a user.
  2.  前記リスク分析結果は、攻撃が実施された場合のリスク値と、攻撃に使用される脆弱性とを含む、請求項1に記載の情報処理装置。 The information processing device according to claim 1, wherein the risk analysis result includes a risk value in the event that an attack is carried out and a vulnerability used in the attack.
  3.  前記所定の評価指標は前記システムの数であり、
     前記集約部は、所定数の脆弱性ごとに、該脆弱性が攻撃に使用されるシステムの数をカウントし、
     前記可視化部は、前記所定数の脆弱性ごとにカウントされたシステムの数を表示する、請求項2に記載の情報処理装置。     the predetermined evaluation index is the number of the systems;
    The aggregation unit counts, for each of a predetermined number of vulnerabilities, the number of systems in which the vulnerability is used in an attack;
    The information processing apparatus according to claim 2 , wherein the visualization unit displays the number of systems counted for each of the predetermined number of vulnerabilities.
  4.  前記集約部は、前記脆弱性の危険度に基づいて、前記所定数の脆弱性を選択する、請求項3に記載の情報処理装置。 The information processing device according to claim 3, wherein the aggregation unit selects the predetermined number of vulnerabilities based on the risk of the vulnerabilities.
  5.  前記リスク分析結果は、分析対象のシステムの資産に対して、想定される1以上の攻撃パターンで攻撃が行われた場合のリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記システムに含まれる資産の数であり、
     前記集約部は、所定数の脆弱性ごと、及び所定数のシステムごとに、前記システムにおいて前記脆弱性が攻撃に使用される資産の数をカウントし、
     前記可視化部は、前記所定数の脆弱性ごと、及び所定数のシステムごとにカウントされた資産の数を表示する、請求項2に記載の情報処理装置。     The risk analysis result includes a risk analysis result that evaluates a risk when an attack is carried out on the assets of the analysis target system using one or more assumed attack patterns,
    the predetermined evaluation index is the number of assets included in the system;
    The aggregation unit counts, for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems, the number of assets in the systems that are used in attacks by the vulnerabilities;
    The information processing apparatus according to claim 2 , wherein the visualization unit displays the number of assets counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
  6.  前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記攻撃ルートの数であり、
     前記集約部は、所定数の脆弱性ごと、及び所定数のシステムごとに、前記脆弱性に関連する攻撃ルートの数をカウントし、
     前記可視化部は、前記所定数の脆弱性ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、請求項2に記載の情報処理装置。     the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
    the predetermined evaluation index is the number of attack routes;
    The aggregation unit counts the number of attack routes associated with the vulnerabilities for each of a predetermined number of vulnerabilities and for each of a predetermined number of systems;
    The information processing device according to claim 2 , wherein the visualization unit displays the number of attack routes counted for each of the predetermined number of vulnerabilities and for each of the predetermined number of systems.
  7.  前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記攻撃ルートの数であり、
     前記集約部は、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとに前記攻撃ルートの数をカウントし、
     前記可視化部は、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、請求項2に記載の情報処理装置。     the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
    the predetermined evaluation index is the number of attack routes;
    The aggregation unit counts the number of attack routes for each risk value of the attack route and for each predetermined number of systems;
    The information processing device according to claim 2 , wherein the visualization unit displays the number of attack routes counted for each risk value of the attack route and for each of a predetermined number of systems.
  8.  前記可視化部は、表、棒グラフ、又はレーダーチャートを用いて、前記攻撃ルートのリスク値ごと、及び所定数のシステムごとにカウントされた攻撃ルートの数を表示する、請求項7に記載の情報処理装置。 The information processing device according to claim 7, wherein the visualization unit uses a table, a bar graph, or a radar chart to display the number of attack routes counted for each risk value of the attack route and for each predetermined number of systems.
  9.  前記リスク分析結果は、分析対象のシステムに含まれる侵入口から攻撃対象までに経由する攻撃ルートであって、攻撃元と攻撃先と攻撃パターンとを含む攻撃ステップを1以上含む攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記攻撃ルートの数であり、
     前記集約部は、複数の攻撃パターンごとに、該攻撃パターンで使用される脆弱性を特定し、該特定した脆弱性に関連する攻撃ルートの数をカウントし、
     前記可視化部は、前記複数の攻撃パターンごとに、前記特定した脆弱性と前記カウントされた攻撃ルートの数を表示する、請求項2に記載の情報処理装置。     the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern;
    the predetermined evaluation index is the number of attack routes;
    The aggregation unit identifies vulnerabilities used in each of a plurality of attack patterns, and counts the number of attack routes related to the identified vulnerabilities;
    The information processing device according to claim 2 , wherein the visualization unit displays the identified vulnerabilities and the number of the counted attack routes for each of the plurality of attack patterns.
  10.  前記リスク分析結果は、攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記攻撃ルートの数であり、
     前記集約部は、前記複数のシステムへの攻撃に使用される脆弱性ごとに、該脆弱性に関連する攻撃ルートの数をカウントし、
     前記可視化部は、前記脆弱性ごとにカウントされた攻撃ルートの数を表示する、請求項2に記載の情報処理装置。     the risk analysis result includes a risk analysis result evaluating a risk in the event that an attack is made against the system along an attack route;
    the predetermined evaluation index is the number of attack routes;
    The aggregation unit counts, for each vulnerability used in an attack on the plurality of systems, a number of attack routes associated with the vulnerability;
    The information processing device according to claim 2 , wherein the visualization unit displays the number of attack routes counted for each vulnerability.
  11.  前記リスク分析結果は、分析対象のシステムに含まれる侵入口から攻撃対象までに経由する攻撃ルートであって、攻撃元と攻撃先と攻撃パターンとを含む攻撃ステップを1以上含む攻撃ルートに沿って、前記システムに対して攻撃が行われた場合におけるリスクを評価したリスク分析結果を含み、
     前記所定の評価指標は前記攻撃ルートの数であり、
     前記集約部は、前記攻撃ルートに使用される攻撃パターンを特定し、該特定した攻撃パターンに関連する攻撃ルートの数をカウントし、
     前記可視化部は、前記特定された攻撃パターンと、前記カウントされた攻撃ルートの数とを表示する、請求項1又は2に記載の情報処理装置。     the risk analysis result includes a risk analysis result that evaluates a risk when an attack is made against the system along an attack route that is an attack route from an intrusion point included in the system to be analyzed to a target of attack, the attack route including one or more attack steps including an attack source, an attack destination, and an attack pattern;
    the predetermined evaluation index is the number of attack routes;
    The aggregation unit identifies an attack pattern used in the attack route, and counts the number of attack routes related to the identified attack pattern;
    The information processing device according to claim 1 , wherein the visualization unit displays the identified attack pattern and the number of the counted attack routes.
  12.  前記集約部は、更に、前記システムに対する攻撃への対策ごとに、前記複数のリスク分析結果を集約し、
     前記可視化部は、更に、前記対策ごとに集約されたリスク分析結果の情報を表示する、請求項1から11何れか1項に記載の情報処理装置。     The aggregation unit further aggregates the plurality of risk analysis results for each countermeasure against an attack on the system,
    The information processing apparatus according to claim 1 , wherein the visualization unit further displays information on the risk analysis results summarized for each of the countermeasures.
  13.  前記集約部は、前記対策が導入可能なシステムの数、及び対策が導入される箇所の数をカウントし、
     前記可視化部は、前記対策ごとに、前記対策が導入可能なシステムの数、及び対策が導入される箇所の数を表示する、請求項12に記載の情報処理装置。     The aggregation unit counts the number of systems to which the countermeasures can be introduced and the number of locations to which the countermeasures can be introduced;
    The information processing device according to claim 12 , wherein the visualization unit displays, for each of the countermeasures, the number of systems in which the countermeasure can be introduced and the number of locations to which the countermeasure can be introduced.
  14.  前記可視化部は、前記対策が実施される場合のコストを示す対策コストを記憶する対策コスト情報記憶部から前記対策コストを取得し、前記対策ごとに、前記対策コストを表示する、請求項12又は13に記載の情報処理装置。 The information processing device according to claim 12 or 13, wherein the visualization unit acquires the countermeasure costs from a countermeasure cost information storage unit that stores countermeasure costs indicating the cost when the countermeasure is implemented, and displays the countermeasure costs for each countermeasure.
  15.  前記対策コスト情報記憶部は、割引が実施される数、及び割引率を更に記憶し、
     前記可視化部は、前記対策ごとに、前記割引が実施される数、及び割引率を更に表示する、請求項14に記載の情報処理装置。     The countermeasure cost information storage unit further stores the number of items to be discounted and a discount rate;
    The information processing device according to claim 14 , wherein the visualization unit further displays, for each of the measures, the number of the discounts to be implemented and a discount rate.
  16.  複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、
     前記取得した複数のリスク分析結果を、所定の評価指標で集約し、
     前記集約されたリスク分析結果の情報を、ユーザに提示することを有するリスク可視化方法。     obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems;
    aggregating the acquired multiple risk analysis results using a predetermined evaluation index;
    A risk visualization method comprising presenting information of the aggregated risk analysis results to a user.
  17.  複数のシステムのそれぞれに対して実施されたリスク分析の結果である複数のリスク分析結果を取得し、
     前記取得した複数のリスク分析結果を、所定の評価指標で集約し、
     前記集約されたリスク分析結果の情報を、ユーザに提示することを含む処理をコンピュータに実行させるためのプログラムを記憶する非一時的なコンピュータ可読媒体。     obtaining a plurality of risk analysis results that are results of a risk analysis performed on each of the plurality of systems;
    aggregating the acquired multiple risk analysis results using a predetermined evaluation index;
    A non-transitory computer-readable medium storing a program for causing a computer to execute a process including presenting information of the aggregated risk analysis results to a user.
PCT/JP2023/004353 2023-02-09 2023-02-09 Information processing device, risk visualization method, and computer readable medium WO2024166288A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/004353 WO2024166288A1 (en) 2023-02-09 2023-02-09 Information processing device, risk visualization method, and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/004353 WO2024166288A1 (en) 2023-02-09 2023-02-09 Information processing device, risk visualization method, and computer readable medium

Publications (1)

Publication Number Publication Date
WO2024166288A1 true WO2024166288A1 (en) 2024-08-15

Family

ID=92262228

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/004353 WO2024166288A1 (en) 2023-02-09 2023-02-09 Information processing device, risk visualization method, and computer readable medium

Country Status (1)

Country Link
WO (1) WO2024166288A1 (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002024526A (en) * 2000-07-10 2002-01-25 Mitsubishi Electric Corp Device for evaluating information security, method for the same and recording medium with information security evaluation program recorded
CN102170431A (en) * 2011-03-25 2011-08-31 中国电子科技集团公司第三十研究所 Host risk evaluation method and device
JP2014503099A (en) * 2011-01-10 2014-02-06 サウジ アラビアン オイル カンパニー Risk assessment workflow process execution system, program product and method for plant network and system
JP2015219665A (en) * 2014-05-15 2015-12-07 ゲヒルン株式会社 Vulnerability visualization server, vulnerability visualization method, and vulnerability visualization server program
WO2017047341A1 (en) * 2015-09-15 2017-03-23 日本電気株式会社 Information processing device, information processing method, and program
JP2017100443A (en) * 2015-11-20 2017-06-08 イビデン株式会社 Decorative sheet and method for producing the same
JP2017525055A (en) * 2014-08-13 2017-08-31 ハネウェル・インターナショナル・インコーポレーテッド Analysis of cyber security risk in industrial control environment
JP2018180595A (en) * 2017-04-03 2018-11-15 富士通株式会社 Security countermeasure proposal apparatus, security countermeasure proposal method and program
WO2021059471A1 (en) * 2019-09-27 2021-04-01 日本電気株式会社 Security risk analysis assistance device, method, and computer-readable medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002024526A (en) * 2000-07-10 2002-01-25 Mitsubishi Electric Corp Device for evaluating information security, method for the same and recording medium with information security evaluation program recorded
JP2014503099A (en) * 2011-01-10 2014-02-06 サウジ アラビアン オイル カンパニー Risk assessment workflow process execution system, program product and method for plant network and system
CN102170431A (en) * 2011-03-25 2011-08-31 中国电子科技集团公司第三十研究所 Host risk evaluation method and device
JP2015219665A (en) * 2014-05-15 2015-12-07 ゲヒルン株式会社 Vulnerability visualization server, vulnerability visualization method, and vulnerability visualization server program
JP2017525055A (en) * 2014-08-13 2017-08-31 ハネウェル・インターナショナル・インコーポレーテッド Analysis of cyber security risk in industrial control environment
WO2017047341A1 (en) * 2015-09-15 2017-03-23 日本電気株式会社 Information processing device, information processing method, and program
JP2017100443A (en) * 2015-11-20 2017-06-08 イビデン株式会社 Decorative sheet and method for producing the same
JP2018180595A (en) * 2017-04-03 2018-11-15 富士通株式会社 Security countermeasure proposal apparatus, security countermeasure proposal method and program
WO2021059471A1 (en) * 2019-09-27 2021-04-01 日本電気株式会社 Security risk analysis assistance device, method, and computer-readable medium

Similar Documents

Publication Publication Date Title
US10404737B1 (en) Method for the continuous calculation of a cyber security risk index
Eling et al. What do we know about cyber risk and cyber risk insurance?
Romanosky Examining the costs and causes of cyber incidents
US20220232040A1 (en) Advanced cybersecurity threat mitigation using software supply chain analysis
TWI573036B (en) Risk scoring for threat assessment
KR20210145126A (en) Methods for detecting and interpreting data anomalies, and related systems and devices
Sarabi et al. Risky business: Fine-grained data breach prediction using business profiles
US11455587B2 (en) Continuous and anonymous risk evaluation
CN106656996B (en) Information security risk assessment method
JP2018032355A (en) Program, method, and device for assisting cyberattack analysis
US11507674B2 (en) Quantifying privacy impact
US11575702B2 (en) Systems, devices, and methods for observing and/or securing data access to a computer network
KR20160068620A (en) Abnormal pattern analysis method, abnormal pattern analysis apparatus performing the same and storage media storing the same
Faiz et al. Predicting likelihood of legitimate data loss in email DLP
Madhuri et al. Big-data driven approaches in materials science for real-time detection and prevention of fraud
US20240231909A1 (en) System and method for universal computer asset normalization and configuration management
CN117501658A (en) Evaluation of likelihood of security event alarms
KR100524649B1 (en) Risk analysis system for information assets
WO2024166288A1 (en) Information processing device, risk visualization method, and computer readable medium
CN111563254B (en) Threat risk processing method and apparatus for product, computer system, and medium
JP7384208B2 (en) Security risk analysis support device, method, and program
WO2021130943A1 (en) Risk analysis result display device, method, and computer-readable medium
Anand Trust based COVID-19 vaccine distribution using blockchain technology
WO2023064436A1 (en) System, method, and apparatus for measuring, modeling, reducing, and addressing cyber risk
JP2022165207A (en) Security measure planning support device and security measure planning support method