Computer and Information Security

Dynamic risk assessment and management strategies are becoming more and more necessary in the cybersecurity field of companies to control the complexity and ongoing change of cyberthreats. Dynamic risk assessment and management solutions help companies to develop preventative cybersecurity plans, so addressing risks and so reducing expenses. Generative Artificial Intelligence (GenAI) has recently transformed these systems, by increasing capacity in real-time data analysis, allowing predictive threat modeling, and promoting initiative-taking defense mechanisms. By including cutting-edge AI models, including neural networks and LLMs, which enable anomaly detection, dynamic event prediction, and automatic compliance reporting, GenAI enhances conventional frameworks, including NIST and ISO standards. After reviewing the integration of GenAI with conventional cybersecurity models, this work emphasizes its dual influence as a tool for both defense and possible exploitation. By means of a comparative study, we investigate how these dynamic systems, enhanced with GenAI, optimize the security posture and support changing cybersecurity policies.

1.         Taherdoost H. Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics. 2022; 11(14). doi: 10.3390/electronics11142181

2.         Marchal N, Xu R, Elasmar R, et al. Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data. Available online: http://doi.org/10.48550/arXiv.2406.13843 (accessed on 5 April 2025).

3.         Blake H. Generative AI in Cyber Security: New Threats and Solutions for Adversarial Attacks. 2024. Available online: https://www.researchgate.net/profile/Harrison-Blake-2/publication/387136288_Generative_AI_in_Cyber_Security_New_Threats_and_Solutions_for_Adversarial_Attacks/links/6761c8fb2d60b863e276c9b4/Generative-AI-in-Cyber-Security-New-Threats-and-Solutions-for-Adversarial-Attacks.pdf (accessed on 5 April 2025).

4.         Parker J. Generative AI (GAI) Use for Cybersecurity Resilience: A Scoping Literature Review. International Journal of Applied Science. 2025; 8(2). doi: 10.30560/ijas.v8n2p1

5.         Mizrak F. Integrating cybersecurity risk management into strategic management: A comprehensive literature review. Research Journal of Business and Management. 2023; 10(3): 98–108. doi: 10.17261/Pressacademia.2023.1807

6.         CNSS-Glossary|CSRC. Available online: https://csrc.nist.gov/glossary/term/CNSS (accessed on 5 April 2025).

7.         Tweneboah-Koduah S, Buchanan W. Security Risk Assessment of Critical Infrastructure Systems: A Comparative Study. The Computer Journal. 2018; 61(9): 1389–1406. doi: 10.1093/comjnl/bxy002

8.         Cheimonidis P, Rantos K. Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review. Future Internet. 2023; 15(10). doi: 10.3390/fi15100324

9.         Ee S, O’Brien J, Williams Z, et al. Adapting cybersecurity frameworks to manage frontier AI risks: A defense-in-depth approach. 2024; Available online: http://doi.org/10.48550/arXiv.2408.07933 (accessed on 5 April 2025).

10.      Kaur R, Gabrijelčič D, Klobučar T. Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion. 2023; 97: 101804. doi: 10.1016/j.inffus.2023.101804

11.      Chen P, Wu L, Wang L. AI Fairness in Data Management and Analytics: A Review on Challenges, Methodologies and Applications. Applied Sciences. 2023; 13(18). doi: 10.3390/app131810258

12.      Salem AH, Azzam SM, Emam OE, Abohany AA. Advancing cybersecurity: a comprehensive review of AI-driven detection techniques. Journal of Big Data. 2025.

13.      Sivakumar J, Salman NR, Salman FR, et al. Ai-Driven Cyber Threat Detection: Enhancing Security Through Intelligent Engineering Systems. Journal of Information Systems Engineering and Management. 2025; 10(19s). doi: 10.52783/jisem.v10i19s.3116

14.      Khanna S. AI in Cybersecurity: A Comprehensive Review of Threat Detection and Prevention Mechanisms. International Journal of Sustainable Devlopment in Field of IT. 2025; 17(17).

15.      Petticrew M, Roberts H. Systematic Reviews in the Social Sciences: A Practical Guide. John Wiley & Sons; 2008.

16.      Larriva-Novo X, Vega-Barbas M, Villagrá VA, et al. Dynamic Risk Management Architecture Based on Heterogeneous Data Sources for Enhancing the Cyber Situational Awareness in Organizations. In: Proceedings of the 15th International Conference on Availability, Reliability and Security; 25–28 August 2020; New York, NY, United States. p. 9.

17.      Krundyshev V. Neural network approach to assessing cybersecurity risks in large-scale dynamic networks. In: Proceedings of the 13th International Conference on Security of Information and Networks; 4–7 November 2020; New York, NY, United States. pp. 1–8.

18.      El Amin H, Samhat AE, Chamoun M, et al. An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure. Journal of Cybersecurity and Privacy. 2024; 4(2): 357–381. doi: 10.3390/jcp4020018

19.      Ivanov D, Kalinin M, Krundyshev V, Orel E. Automatic security management of smart infrastructures using attack graph and risk analysis. In: Proceedings of the 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4); 27–28 July 2020; London, UK. pp. 295–300.

20.      Chatterjee S, Thekdi S. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering & System Safety. 2020; 193. doi: 10.1016/j.ress.2019.106664

21.      Burton R, Rocha L. Whitelists that Work: Creating Defensible Dynamic Whitelists with Statistical Learning. In: Proceedings of the 2019 APWG Symposium on Electronic Crime Research (eCrime); 13–15 November 2019; Pittsburgh, PA, USA.

22.      Suloyeva S, Grishunin S, Burova E. Developing a Cybersecurity Risk Analysis System for High-Tech Equipment in Machine Industry. In: Proceedings of the 2019 International SPBPU Scientific Conference on Innovations in Digital Economy; 24–25 October 2019; New York, NY, United States. pp. 1–6.

23.      Eckhart M, Brenner B, Ekelhart A, Weippl E. Quantitative security risk assessment for industrial control systems: Research opportunities and challenges. Journal of Internet Services and Information Security. 2019; 9(3): 52–73. doi: 10.22667/JISIS.2019.08.31.052

24.      Yaqoob T, Arshad A, Abbas H, et al. Framework for Calculating Return on Security Investment (ROSI) for Security-Oriented Organizations. Future Generation Computer Systems. 2019; 95: 754–763. doi: 10.1016/j.future.2018.12.033

25.      Ji X, Yu H, Fan G, Fu W. Attack-defense trees based cyber security analysis for CPSs. In: Proceedings of the 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD); 30 May–1 June 2016; Shanghai, China. pp. 693–698.

26.      Le A, Maple C. A simplified approach for dynamic security risk management in connected and autonomous vehicles. In: Proceedings of the Living in the Internet of Things (IoT 2019); 1–2 May 2019; London, UK.

27.      Rahmati M. Towards Explainable and Lightweight AI for Real-Time Cyber Threat Hunting in Edge Networks. Available online: http://doi.org/10.48550/arXiv.2504.16118 (accessed on 5 April 2025).

28.      Le A, Maple C, Watson T. A profile-driven dynamic risk assessment framework for connected and autonomous vehicles. In: Proceedings of the Living in the Internet of Things: Cybersecurity of the IoT—2018; 28–29 March 2018; London, UK.

29.      Pillai A, Schnebly J, Sengupta S. Development of Web-based Automated System for Cyber Analytic Applications. In: Proceedings of the 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON); 8–10 November 2018; New York, NY, USA. p. 871.

30.      Gonzalez-Granadillo G, Dubus S, Motzek A, et al., Dynamic risk management response system to handle cyber threats. Future Generation Computer Systems. 2018; 83: 535–552. doi: 10.1016/j.future.2017.05.043

31.      Zhang Q, Zhou C, Tian YC, et al. A Fuzzy Probability Bayesian Network Approach for Dynamic Cybersecurity Risk Assessment in Industrial Control Systems. IEEE Transactions on Industrial Informatics. 2018; 14(6): 2497–2506. doi: 10.1109/TII.2017.2768998

32.      Naumov S, Kabanov I. Dynamic framework for assessing cyber security risks in a changing environment. In: Proceedings of the 2016 International Conference on Information Science and Communications Technologies (ICISCT); 2–4 November 2016; Tashkent, Uzbekistan.

33.      Kalinin M, Krundyshev V, Zegzhda P. Cybersecurity risk assessment in smart city infrastructures. Machines. 2021; 9(4). doi: 10.3390/machines9040078

34.      AlSadhan T, Park JS. Enhancing risk-based decisions by leveraging cyber security automation. In: Proceedings of the 2016 European Intelligence and Security Informatics Conference (EISIC); 17–19 August 2016; Uppsala, Sweden. pp. 164–167.

35.      Duzha A, Gouvas P, Canepa M. MITIGATE*: An Innovative Cyber-Security Maritime Supply Chain Risk Management System. In: Proceedings of the 1st Italian Conference on Cyber Security (ITASEC’17); 17–20 January 2017; Venice, Italy. p. 5.

36.      Yigit Y, Buchanan WJ, Tehrani MG, Maglaras L. Review of Generative AI Methods in Cybersecurity. Available online: http://arxiv.org/abs/2403.08701 (accessed on 5 April 2025).

37.      Beltran MA, Ruiz Mondragon MI, Han SH. Comparative Analysis of Generative AI Risks in the Public Sector. In: Proceedings of the 25th Annual International Conference on Digital Government Research; 11–14 June 2024; New York, NY, USA. pp. 610–617.

38.      Falade PV. Decoding the Threat Landscape: ChatGPT, FraudGPT, and WormGPT in Social Engineering Attacks. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. 2023; 9(5): 185–198.

39.      Mavikumbure HS, Cobilean V, Wickramasinghe CS, et al. Generative AI in Cyber Security of Cyber Physical Systems: Benefits and Threats. In: Proceedings of the 2024 16th International Conference on Human System Interaction (HSI); 8–11 July 2024; Paris, France. pp. 1–8.

40.      Chandrasekaran AS. Harnessing the Power of Generative Artificial Intelligence (GenAI) in Governance, Risk Management, and Compliance (GRC). International Research Journal of Engineering and Technology. 2024; 11(5).

41.      Capodieci N, Sanchez-Adames C, Harris J, Tatar U. The Impact of Generative AI and LLMs on the Cybersecurity Profession. In: Proceedings of the 2024 Systems and Information Engineering Design Symposium (SIEDS); 3 May 2024; Charlottesville, VA, USA. pp. 448–453.

42.      Radanliev P, Santos O, Ani UD. Generative AI Cybersecurity and Resilience. Frontiers in Artificial Intelligence. 2025; 8. doi: 10.3389/frai.2025.1568360

43.      Fatima F, Hyatt JC, Rehman SU, et al. Resilience and risk management in cybersecurity: A grounded theory study of emotional, psychological, and organizational dynamics. Journal of Economy and Technology. 2024; 2: 247–257. doi: 10.1016/j.ject.2024.08.004

44.      Sen MA. Attention-GAN for Anomaly Detection: A Cutting-Edge Approach to Cybersecurity Threat Management. Available online: http://doi.org/10.48550/arXiv.2402.15945 (accessed on 5 April 2025).

45.      Tallam K. CyberSentinel: An Emergent Threat Detection System for AI Security. Available online: https://arxiv.org/abs/2502.14966v1 (accessed on 5 April 2025).

46.      How can tech leaders manage emerging generative AI risks today while keeping the future in mind. Available online: https://www2.deloitte.com/us/en/insights/topics/digital-transformation/four-emerging-categories-of-gen-ai-risks.html (accessed on 5 April 2025).

47.      Alshar’e M. CYBER SECURITY FRAMEWORK SELECTION: COMPARISION OF NIST AND ISO27001. Applied Computing Journal. 2023; 3(1): 245–255. doi: 10.52098/acj.202364

48.      Tabassi E. Artificial Intelligence Risk Management Framework (AI RMF 1.0). Available online: https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-ai-rmf-10 (accessed on 5 April 2025).

49.      ISO/IEC 42001:2023. Available online: https://www.iso.org/standard/81230.html (accessed on 5 April 2025).

50.      McIntosh TR, Susnjak T, Liu T, et al. From COBIT to ISO 42001: Evaluating Cybersecurity Frameworks for Opportunities, Risks, and Regulatory Compliance in Commercializing Large Language Models. Computers & Security; 2024; 144: 103964. doi: 10.1016/j.cose.2024.103964

51.      Islam S, Basheer N, Silvestri S, et al. Intelligent Dynamic Cybersecurity Risk Management Framework with Explainability and Interpretability of AI models for Enhancing Security and Resilience of Digital Infrastructure. 2024. Preprint. doi: 10.21203/rs.3.rs-4796809/v1

52.      Ubeysinghe R. AI-Powered Threat Detection in Cybersecurity: A Comprehensive Review. 2024. Available online: https://www.researchgate.net/publication/387271355_AI-Powered_Threat_Detection_in_Cybersecurity_A_Comprehensive_Review (accessed on 5 April 2025).