Risk management system for information cecurity

摘要

According to an embodiment of the present invention, provided is an information security risk management system, which comprises: a manager server performing subject analysis based on basic information received from a subject server, providing an inspection criterion for each subject in accordance with a performed subject analysis result to a subject server, and calculating countermeasures based on vulnerabilities received from the subject server; and a subject server analyzing vulnerabilities in response to the inspection criterion, calculating the risk based on the analyzed vulnerabilities, requesting countermeasures to the manager server in order of an asset item at the high level of the risk, and receiving and applying the countermeasure from the manager server.