Skip to Main Content
Different from traditional risk management, real-time risk management describes system risk dynamically. It includes three phases: risk analysis, risk evaluation and risk prediction. This paper proposes a practical framework to real-time risk management. Risk evaluation is a quantitative analysis process of system security and risk, and it is a basis of real-time risk management. This paper adopts continuous time hidden Markov model to evaluate system risk. The model evaluates system risk via the integrated analysis of system assets, threats, vulnerabilities and safety measures. Simulation results show that the model is suitable and efficient. The framework will be tested in actual network environment and improve it.