Dynamic risk management response system to handle cyber threats

Appropriate response strategies against new and ongoing cyber attacks must be able to reduce risks down to acceptable levels, without sacrificing a mission for security. Existing approaches either evaluate impacts without considering missions’ negative-side effects, or are manually based on traditional risk assessments, leaving aside technical difficulties. In this paper we propose a dynamic risk management response system (DRMRS) consisting of a proactive and reactive management software aiming at evaluating threat scenarios in an automated manner, as well as anticipating the occurrence of potential attacks. We adopt a quantitative risk-aware approach that provides a comprehensive view of the threats, by considering their likelihood of success, the induced impact, the cost of the possible responses, and the negative side-effects of a response. Responses are selected and proposed to operators based on financial, operational and threat assessments. The DRMRS is applied to a real case study of a critical infrastructure with multiple threat scenarios.