24 October, 2019

SS04 – Special Session on Measurements for Dynamic Cyber-risk Assessment


Currently, organizations have an increasing dependence on information systems. These essential IT services are thus attractive targets for direct or unintentional attacks, and the resulting incidents can jeopardize the mission of the organization. The way for different entities to organize and make decisions on how to act towards them is performed through risk management. Risk management aims to reach a realistic knowledge about circumstances that could affect processes or services, causing damage or losses. It allows priorities and security requisites to be established to cope with those situations. For that end, risk management relies on risk analysis, that is, the process that permits identifying, studying and evaluating the potential events that could affect the objectives of an organization, as well as their consequences. Given that information systems are constantly changing, risk calculation should adapt to these changes and reflect an accurate risk estimation. Properly estimated risk analysis would provide enough information for making real-time decision-making easier when coping with intrusions, reassigning priorities, (de)activating protocols or procedures depending on risk variations and optimizing available resources in real time. However, direct relationship between information system events, cybersecurity risks and business impacts, is not clear. There are too many measurements that can be used as key risk indicators, and the complexity of the dependences is so high that research on this topic is a growing open field.


The list of possible topics includes, but is not limited to:

  • Measurements to obtain risk or impact indicators
  • Monitoring of critical operation parameters on systems and networks
  • Audit trails for impact assessment and forensics
  • Behavior definition and analysis of users, business applications, devices or channels in the information system
  • Evaluation of protection technologies performance: access control, traceability, cyphering usage, signatures, etc.
  • Monitorization of cybersecurity devices: firewalls, antimalware, endpoint protection, intrusion detection systems, data loss prevention, etc.
  • IoT devices analysis
  • Anomaly detection and classification
  • Physical vulnerabilities and weaknesses found on electronic devices and certification management
  • Management of trust in biometric recognition information
  • Credential and rights management evaluation
  • Key measurements and risk indicators in critical infrastructures: industry, health, transport, banking, etc.
  • Other case studies and real-world applications
  • Legal and societal aspects of dynamic cyber-risk assessment
  • Privacy and GDPR in dynamic cyber-risk assessment
  • Management of risk changes over time
  • Novel methods for dynamic cyber-risk assessment (differential assessment, etc)

Session Chairs

  • Inés Goicoechea, Vicomtech, (Spain)
  • Raúl Orduna, Vicomtech, (Spain)
  • Hervé Debar, Institut Mines-Telecom (IMT), (France)
  • Joaquin Garcia-Alfaro, Institut Mines-Telecom (IMT), (France)


Raúl Orduna


Paseo Mikeletegi, 57, 20009 Donostia – San Sebastián (Spain)

E-mail: rorduna@vicomtech.org