Information systems concentrate invaluable resources, generally composed of the computers, and servers that process the data of an organisation. They constitute an increasingly attractive target for attackers. Given the number and complexity of attacks, security teams need to focus their actions on the most important attacks, in order to select the most efficient security controls. Because of the threat posed by advanced multi-step attacks, it is difficult for security operators to fully defend against all vulnerabilities when deploying countermeasures. Deploying intrusion detection sensors to monitor attacks exploiting residual vulnerabilities is not sufficient and new tools are needed to assess the risk associated with the security events produced by these sensors.
In this PhD thesis, we build a complete framework for static and dynamic risk assessment, leveraging prior knowledge on the information system (e.g., network topology, vulnerabilities, etc.) and dynamic events (e.g., intrusion alerts, attack detection, etc.), to propose responses to prevent future attacks.
View comments .