Apparatuses on a network may have security problems (security risks), such as vulnerabilities or threats caused by external attacks. There is a technique for examining whether there is an apparatus having such vulnerability or threat and providing a measure for the apparatus having vulnerability or threat.
An example of such a technique is disclosed in the following Patent Documents, for example. Patent Document 1 discloses a technique for calculating a risk value based on the presence or absence of vulnerability on a system to be managed and the confidentiality level of a document file present on the system to be managed and, in a case where the risk value exceeds the allowable range, providing a measure for which various costs satisfy predetermined conditions, among measures allowing the risk value to be kept within an allowable range. Patent Document 2 discloses a technique for collecting the operation log of an apparatus to be managed, determining whether or not the operation log is in line with the security policy, and, in a case where determination as a policy violation is made, taking a measure of blocking network against the apparatus.