Abstract. IP telephony is less conned than traditional PSTN telephony. As a consequence, it is more exposed to security attacks. These attacks are specic to VoIP protocols such as SPIT, or are inherited from the IP layer such as SYN flooding. Protection mechanisms are often available, but they may seriously impact on the quality of service of such critical environments. We propose to exploit and automate risk management methods and techniques for VoIP infrastructures. Our objective is to dynamically adapt the exposure of a VoIP network with regard to the attack potentiality while minimizing the impact for the service. This paper describes the challenges of risk management for VoIP, our runtime strategy for assessing and treating risks, preliminary results and future work.