Dynamic risk management architecture based on heterogeneous data sources for enhancing the cyber situational awareness in organizations.

Traditional static risk assessment and management are currently not enough in most of the scenarios where the cybersecurity context of an organization varies dynamically. New threats that may affect to the organization can appear, suspicious activity is detected, etc. These changes are not taken into account by a static risk assessment as it is carried out unresponsively to these sudden changes in the context. This paper proposes a dynamic risk management system with the capability of reacting to those rapid changes in the context of the organization. This system is responsible for collecting multiple data from different types of sensors (presence, environmental, wifi, Bluetooth, network anomaly, work climate, etc.) and detecting anomalies in such data using correlation techniques. This architecture also counts with a prediction module that mathematically models the attacks, using Hidden Markov Models and Bayesian networks, and tries to estimate the next step of the attacker. Also, it is capable of automatically inferring the best response action in order to deploy the proper countermeasures against the attack.