Holistic Cyber Risk Assessment in the Cloud Continuum: A Multi-Layer, Multi-Domain Approach

The increasing complexity of modern information technology infrastructures poses new challenges for cyber risk assessment, especially when the boundaries of resources and computing extend across multiple administrative domains and heterogeneous environments, such as those found in the cloud continuum. Traditional frameworks fall short in these dynamic, multi-domain contexts. In this work, we propose a holistic approach that combines trust assessment through continuous monitoring of platform health indicators and service-level security assessment into a comprehensive cyber risk model for quantitative scoring. Our framework leverages a multi-layer architecture featuring automated data collection, semantic enrichment, and advanced risk metrics. It supports intra- and inter-layer anomaly detection and is validated on an experimental, cloud continuum-like deployment spanning multiple administrative domains and mixing physical and virtual environments. Results show that our method outperforms isolated approaches, offering enhanced detection, contextual explanation of threats, and improved risk visibility across the cloud continuum.