Telephony over IP has known a large scale deployment and is supported by the standardization of dedicated signalling protocols. This service is less confined than traditional telephony and is exposed to multiple security attacks. In the meantime, protection mechanisms may seriously impact on its performance. Risk management provides new opportunities for dynamically controlling the service exposure while maintaining low security costs. We propose in this paper a broad-spectrum strategy for runtime risk management in VoIP networks and services. We first analyse and model VoIP attacks based on their observability properties.We then generalize a runtime risk model capable of automatically assessing and treating risks based on dynamic safeguards. In particular, we quantify the potentiality of VoIP attacks and the induced risks with respect to their observability. We evaluate the benefits as well as the limits of our solution through an implementation prototype and an extensive set of simulations.