Next-Generation Threat Risk Management by Integrating GenAI for Security Compliance and Controls
摘要
The increasing complexity and volume of cybersecurity threats present significant challenges for CISO function (hereafter, “CISO function”: the CISO and delegated security leadership teams such as SOC/IR, risk, compliance, and security architecture) tasked with protecting critical information infrastructure. Traditional risk assessment methods often struggle to keep pace with the rapidly evolving threat landscape, leading to potential gaps in coverage and regulatory non-compliance. To address this, this paper proposes a novel method that integrates Generative Artificial Intelligence (GenAI) into threat risk management. The proposed dual GenAI architecture, consisting of a primary risk analysis engine and an independent verification layer, demonstrated high alignment with expert evaluations in experimental testing, achieving high accuracy in certain risk scenarios. This method also reduces the risk of hallucinations and ensures compliance with evolving regulatory frameworks through a structured, prompt-driven analysis workflow. The achieved results indicate that the proposed method can significantly improve the precision of risk assessments, providing a scalable and legally defensible solution for CISO function. This work represents a substantial advancement in the integration of GenAI for critical infrastructure protection, offering a practical, data-driven alternative to conventional risk management approaches.