The increasing complexity and volume of cybersecurity threats present significant challenges for CISO function (hereafter, “CISO function”: the CISO and delegated security leadership teams such as SOC/IR, risk, compliance, and security architecture) tasked with protecting critical information infrastructure. Traditional risk assessment methods often struggle to keep pace with the rapidly evolving threat landscape, leading to potential gaps in coverage and regulatory non-compliance. To address this, this paper proposes a novel method that integrates Generative Artificial Intelligence (GenAI) into threat risk management. The proposed dual GenAI architecture, consisting of a primary risk analysis engine and an independent verification layer, demonstrated high alignment with expert evaluations in experimental testing, achieving high accuracy in certain risk scenarios. This method also reduces the risk of hallucinations and ensures compliance with evolving regulatory frameworks through a structured, prompt-driven analysis workflow. The achieved results indicate that the proposed method can significantly improve the precision of risk assessments, providing a scalable and legally defensible solution for CISO function. This work represents a substantial advancement in the integration of GenAI for critical infrastructure protection, offering a practical, data-driven alternative to conventional risk management approaches.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Next-Generation Threat Risk Management by Integrating GenAI for Security Compliance and Controls

  • Šarūnas Grigaliūnas,
  • Rasa Brūzgienė,
  • Ilona Veitaitė,
  • Renata Danielienė,
  • Paulius Astromskis,
  • Živilė Nemickienė,
  • Dovilė Vengalienė,
  • Rokas Stankūnas,
  • Ieva Andrijauskaitė,
  • Ieva Šilingaitė

摘要

The increasing complexity and volume of cybersecurity threats present significant challenges for CISO function (hereafter, “CISO function”: the CISO and delegated security leadership teams such as SOC/IR, risk, compliance, and security architecture) tasked with protecting critical information infrastructure. Traditional risk assessment methods often struggle to keep pace with the rapidly evolving threat landscape, leading to potential gaps in coverage and regulatory non-compliance. To address this, this paper proposes a novel method that integrates Generative Artificial Intelligence (GenAI) into threat risk management. The proposed dual GenAI architecture, consisting of a primary risk analysis engine and an independent verification layer, demonstrated high alignment with expert evaluations in experimental testing, achieving high accuracy in certain risk scenarios. This method also reduces the risk of hallucinations and ensures compliance with evolving regulatory frameworks through a structured, prompt-driven analysis workflow. The achieved results indicate that the proposed method can significantly improve the precision of risk assessments, providing a scalable and legally defensible solution for CISO function. This work represents a substantial advancement in the integration of GenAI for critical infrastructure protection, offering a practical, data-driven alternative to conventional risk management approaches.