Information processing device, information processing method, and information processing computer program product

What is claimed is: 1 . An information processing device, comprising: one or more hardware processors configured to: acquire a resilience requirement for a target system including a plurality of nodes in communication via a network; generate a plurality of action sets for which at least one of a type of an action and a number of actions for resilience is different, each action set comprising one or more security actions to be performed against cyberattacks on the target system, the one or more security actions being selected from a cyber resilience catalog including one or more of firewall, anti-virus, Security Operations Center (SOC), backup or restore, fallback, and duplication; calculate, for each of the plurality of action sets, a resilience indicator of the target system to which an action set is applied, based on resilience parameters representing improvement degrees of resilience items; select, as resilience design information, the action set satisfying the resilience requirement among the plurality of action sets, based on the resilience indicator; generate a code to implement the action set represented by the resilience design information by generating Infrastructure as Code (IaC) for the action set; and implement the action set in the target system by applying the generated code to facilitate an optimum resilience design information for the target system, wherein the resilience items include at least one of an attack success rate, an operation function, or a stop period, the resilience indicator is calculated using an integrated value of a function stop rate and the attack success rate within a return time, the function stop rate represents a proportion of functions in the target system that are stopped at a given time, and is defined as 1 minus a function operation rate, and the function operation rate is defined as a proportion of functions in the target system that are operating at a given time, expressed as a value between 0 and 1, with 1 indicating all functions are operating and 0 indicating all functions are stopped. 2 . The information processing device of claim 1 , wherein the one or more hardware processors are further configured to: acquire system constraint information representing a constraint requirement level required for each constraint item for the target system; calculate, for each action set, a score representing a sufficiency degree of a constraint requirement for each constraint item in accordance with an influence parameter representing an influence degree, other than the resilience, occurring to the target system in a case where the action is introduced in the target system, and the acquired constraint requirement level for each constraint item; calculate a constraint sufficiency score representing a sufficiency degree of a constraint represented by the system constraint information for each action set using the score; and select the action set for which the resilience indicator satisfies the resilience requirement and the constraint sufficiency score satisfies a predetermined condition, as the resilience design information. 3 . The information processing device of claim 1 , wherein the one or more hardware processors are further configured to output the resilience design information. 4 . The information processing device of claim 1 , wherein the one or more hardware processors are further configured to: acquire system configuration information concerning a plurality of nodes included in the target system and a flow of data between the nodes; and classify the nodes included in the target system into a plurality of groups with a similar resilience requirement, based on the resilience requirement for each of the nodes included in the target system; calculate the resilience indicator of each of the action sets for each of the groups; and select, as the resilience design information of each of the groups, the action set satisfying the resilience requirement among the action sets, based on the resilience indicator calculated for each of the action sets, for each of the groups. 5 . The information processing device of claim 4 , wherein the one or more hardware processors are configured to classify the nodes included in the target system into the groups such that an attack surface is minimized, based on the system configuration information. 6 . An information processing method implemented by a computer, the method comprising: acquiring a resilience requirement for a target system including a plurality of nodes in communication via a network; generating a plurality of action sets for which at least one of a type of an action and a number of actions for resilience is different, each action set comprising one or more security actions to be performed against cyberattacks on the target system, the one or more security actions being selected from a cyber resilience catalog including one or more of firewall, anti-virus, Security Operations Center (SOC), backup or restore, fallback, and duplication; calculating, for each of the plurality of action sets, a resilience indicator of the target system to which an action set is applied, based on resilience parameters representing improvement degrees of resilience items; selecting, as resilience design information, the action set satisfying the resilience requirement among the plurality of action sets, based on the resilience indicator; generating a code to implement the action set represented by the resilience design information by generating Infrastructure as Code (IaC) for the action set; and implementing the action set in the target system by applying the generated code to facilitate an optimum resilience design information for the target system, wherein the resilience items include at least one of an attack success rate, an operation function, or a stop period, the resilience indicator is calculated using an integrated value of a function stop rate and the attack success rate within a return time, the function stop rate represents a proportion of functions in the target system that are stopped at a given time, and is defined as 1 minus a function operation rate, and the function operation rate is defined as a proportion of functions in the target system that are operating at a given time, expressed as a value between 0 and 1, with 1 indicating all functions are operating and 0 indicating all functions are stopped. 7 . An information processing program product having a non-transitory computer readable medium including programmed instructions, wherein the instructions, when executed by a computer, cause the computer to execute: acquiring a resilience requirement for a target system including a plurality of nodes in communication via a network; generating a plurality of action sets for which at least one of a type of an action and a number of actions for resilience is different, each action set comprising one or more security actions to be performed against cyberattacks on the target system, the one or more security actions being selected from a cyber resilience catalog including one or more of firewall, anti-virus, Security Operations Center (SOC), backup or restore, fallback, and duplication; calculate, for each of the plurality of action sets, a resilience indicator of the target system to which an action set is applied, based on resilience parameters representing improvement degrees of resilience items; selecting, as resilience design information, the action set satisfying the resilience requirement among the plurality of action sets, based on the resilience indicator; generate a code to implement the action set represented by the resilience design information by generating Infrastructure as Code (IaC) for the action set; and implement the action set in the