The content of operations is identified and an alert is generated to an operation having a high risk of information leakage.An agent monitors, for example, operations performed with respect to a dialogue displayed on a client PC. If a file is selected by an operation performed with respect to the displayed dialogue, the agent assigns an identifier indicating a source for the file to the file. If the file is sent as an attached file, the agent identifies an output destination for the attached file as well as the source for the attached file; and if the output destination for the attached file is an external Web server and the source for the attached file is a mail server, the agent generates an alert by determining that an unauthorized operation has been executed; and then sends the generated alert to a management server.