An information system that is coupled to the Internet has a risk of receiving attacks from externals. In order to reduce the risk, the security of the information system is verified.
For an on-premise system in which a device and software are installed in a facility managed by a user and that is operated, a system engineer manages all of hardware, a platform, and the software and comprehensively verifies the security of the system.
For an information system that uses a cloud service, a service provider manages hardware and a platform. It is, therefore, difficult for a user to recognize the security of an environment that is used by the user.
Japanese Laid-open Patent Publication No. 2004-234401 is an example of related art.