A risk value is calculated to suit a state and environment of an analysis target system, by presenting data for determining whether or not a calculated risk is correct, and presenting portions for parameters to be changed such as weights related to a threat, a vulnerability and a measure contained in the risk model. A risk model correcting system includes a risk model storage section that stores as a risk model, a correspondence relationship between threats constituting a risk and a measure for each threat, and parameters including weights of them; an information collecting section that collects data of an analysis target system; an influence degree calculating section that calculates an influence degree of the existence or non-existence of the measure on a result of the calculation of the risk value; a risk analyzing section that performs a risk analysis on the analysis target system; and a reason presenting section that present a reason of the risk calculation by presenting the influence degree calculated by the risk degree calculating section.
展开▼