BUSINESS RISK ANALYSIS SYSTEM AND BUSINESS RISK ANALYSIS METHOD

• Main Authors: NAKAKOJI HIROSHI, KUMAGAI YOKO, ISOBE YOSHIAKI
• Format: Patent
• Language: English; Japanese
• Published: 02.04.2024
• Subjects: CALCULATING; COMPUTING; COUNTING; DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES; PHYSICS; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR

To appropriately assess business risks resulting from problems in relation to information security.SOLUTION: Provided is a business risk analysis system having a calculation unit and a storage unit. The storage unit holds business composition information and occurrence probability assessment information. If a value indicating the occurrence probability of the realization of a threat corresponding to the actual state of business components and a value indicating the occurrence probability of exploiting vulnerability are identified based on guide words included in the occurrence probability assessment information, the calculation unit calculates an occurrence frequency of an event related to information security in the business components based on the identified values, calculates the occurrence frequency of the event in the business based on the occurrence frequency of the event in the components, and calculates a risk value of the business based on the occurrence frequency of the event and the magnitude of an impact imparted to the business by the event.SELECTED DRAWING: Figure 2 【課題】情報セキュリティ上の問題に起因する事業のリスクを適切に評価する。【解決手段】事業リスク分析システムであって、演算部と、記憶部と、を有し、記憶部は、事業構成情報と、発生確率評価情報と、を保持し、演算部は、発生確率評価情報に含まれるガイドワードに基づいて、業務の構成要素の実際の状態に対応する脅威の現実化が発生する確率を示す値及び脆弱性の利用が発生する確率を示す値が特定された場合、特定された値に基づいて、業務の構成要素において情報セキュリティに関する事象が発生する頻度を算出し、構成要素における前記事象の発生頻度に基づいて、業務における前記事象の発生頻度を算出し、事象の発生頻度と、事象が事業に与える影響の大きさと、に基づいて、業務のリスク値を算出する。【選択図】図２