The paper considers the issue of countermeasures selection for ongoing computer network attacks. The suggested technique is based on the countermeasure model that was defined on the base of the open standards, the family of interrelated security metrics and the security analysis technique based on attack graphs and service dependencies. The technique was implemented in a security assessment and countermeasure selection system. This technique was validated on case studies. It is applicable for security information and event management systems.