Apparatus and method for quantifying vulnerability of system

The present invention relates to a device for quantifying the vulnerability of a system such that a state of the system can be expressed intuitively and objectively, and a method thereof. The device for quantifying the vulnerability of a system comprises: a vulnerability calculation unit which converts each system vulnerability identification result into a vulnerability score; a target organization safety calculation unit which calculates a target organization safety score corresponding to the system on the basis of a technical field safety score and a management field safety score among vulnerability scores; a network separation status calculation unit which converts a system separation status for an intranet and external networks into a network separation score; an intermediate calculation unit which calculates an intermediate score on the basis of the target organization safety score and the network separation score; and a final score calculation unit which quantifies the vulnerability of the system by calculating a final total score of the system using the intermediate score and a simulation hacking rank.