The proliferation of sophisticated cyberattacks, coupled with the steady growth of information and communication technology (ICT) systems in size and complexity, provides motivation for continuous improvements in security management. For day-to-day operation, security officers and administrators need an effective response (or decision aid) system to handle ongoing cyberattacks. Effective countermeasures must minimize the risks induced by these attacks, noting that the risk is evaluated as a function of the success likelihood and the impact of an attack. In this paper, we demonstrate how to dynamically calculate the success likelihood (SL) for an ongoing attack by considering the progress of an attacker towards his objective. Afterwards, we present a response/decision aid system based on the SL metric. Finally, we present the Success Likelihood Assessment Module (SLAM), which implements and highlights the relevance of our work for real time security management. This paper focuses on the operational aspects of a security by design approach. © 2012 Alcatel-Lucent.