Abstract
A security risk analysis will only serve its purpose if we can trust that the risk levels obtained from the analysis are correct. However, obtaining correct risk levels requires that we find correct likelihood and consequence values for the unwanted incidents identified during the analysis. This is often very hard. Moreover, the values may soon be outdated as the system under consideration or its environment changes. It is therefore desirable to be able to base estimates of risk levels on measurable indicators that are dynamically updated. In this paper we present an approach for exploiting measurable indicators in order to obtain a risk picture that is continuously or periodically updated. We also suggest dynamic notions of confidence aiming to capture to what extent we may trust the current risk picture.