We present in this thesis a novel approach for automated threat response. The emergence of SIM (Security Information Management) platforms, as well as recent advances in the field of intrusion detection, raises the question of response to the threat reported by such tools. Till now, response is mainly left to the initiative of the security officer. Due to complexity of the analysis, such manual response suffers from a lack of reactivity and possibly relevancy. We propose to replace the security officer by a component in charge of assessing threats considering alerts reported by security monitoring tools, and responsible for deciding which countermeasures are suitable. The core of our proposal relies on the use of a contextual security policy, which is instantiated depending on current context. Beyond traditional operational requirements, the policy includes reaction and minimal requirements. The reaction policy deals with threat contexts, which are activated considering alerts, so that new policy instances (permissions or prohibitions) may be deployed according to threat. The minimal policy allows to guarantee requirements which must always be ensured, even in case of threat. The corresponding architecture of a threat response system is provided, and the use of Or-BAC to model reaction and minimal requirements is discussed, to allow fine-grained and suitable countermeasures. Our approach allows to establish the missing connection between security policies and security monitoring (IDS). This results in a continuous assessment of the best compromise between multiple adjustment variables, including security, but also other requirements such as performance, convenience and business constraints. .