S. Amin, G. A. Schwartz & S. S. Sastry (2011):
On the interdependence of reliability and security in networked control systems.
In: Decision and Control and European Control Conference (CDC-ECC), 2011 50th IEEE Conference on.
IEEE,
pp. 4078–4083,
doi:10.1109/CDC.2011.6161527.
R. Anderson & S Fuloria (2010):
Security economics and critical national infrastructure.
In: Economics of Information Security and Privacy.
Springer,
pp. 55–66,
doi:10.1007/978-1-4419-6967-5_4.
A. Atzeni, C. Cameroni, S. Faily, J. Lyle & I Fléchais (2011):
Here's Johnny: A methodology for developing attacker personas.
In: Availability, Reliability and Security (ARES), 2011 Sixth International Conference on.
IEEE,
pp. 722–727,
doi:10.1109/ARES.2011.115.
J. F. Brenner (2013):
Eyes wide shut: The growing threat of cyber attacks on industrial control systems.
Bulletin of the atomic scientists (1974) 69(5),
pp. 15–20,
doi:10.1177/0096340213501372.
R. Dantu, P. Kolan, R. Akl & K Loper (2007):
Classification of attributes and behavior in risk management using bayesian networks.
In: Intelligence and Security Informatics, 2007 IEEE.
IEEE,
pp. 71–74,
doi:10.1109/ISI.2007.379536.
R. Dantu, P. Kolan & J Cangussu (2009):
Network risk management using attacker profiling.
Security and Communication Networks 2(1),
pp. 83–96,
doi:10.1002/sec.58.
D. Florêncio & C Herley (2013):
Where do all the attacks go?.
In: Economics of Information Security and Privacy III.
Springer,
pp. 13–33,
doi:10.1007/978-1-4614-1981-5_2.
M. Frigault, L. Wang, A. Singhal & S Jajodia (2008):
Measuring network security using dynamic bayesian network.
In: Proceedings of the 4th ACM workshop on Quality of protection.
ACM,
pp. 23–30,
doi:10.1145/1456362.1456368.
A. Giani, S. Sastry, K. H. Johansson & H Sandberg (2009):
The VIKING project: an initiative on resilient control of power networks.
In: Resilient Control Systems, 2009. ISRCS'09. 2nd International Symposium on.
IEEE,
pp. 31–35,
doi:10.1109/ISRCS.2009.5251361.
S. N. Hamilton, W. L. Miller, A. Ott & O. Saydjari (2002):
Challenges in applying game theory to the domain of information warfare.
In: 4th Information survivability workshop (ISW-2001/2002), Vancouver, Canada.
Available at http://www.au.af.mil/au/awc/awcgate/afrl/hamilton-31-08-a.pdf.
B. Johnson, J. Grossklags, N. Christin & J Chuang (2012):
Nash equilibria for weakest target security games with heterogeneous agents..
In: Game Theory for Networks.
Springer Berlin Heidelberg,
pp. 444–458,
doi:10.1007/978-3-642-30373-9_31.
I. Kotenko & M Stepashkin (2006):
Attack graph based evaluation of network security.
In: Communications and Multimedia Security.
Springer,
pp. 216–227,
doi:10.1007/11909033_20.
Z. Li, Q. Liao & A Striegel (2009):
Botnet economics: uncertainty matters.
In: Managing Information Risk and the Economics of Security.
Springer,
pp. 245–267,
doi:10.1007/978-0-387-09762-6_12.
P. Liu, W. Zang & M Yu (2005):
Incentive-based modeling and inference of attacker intent, objectives, and strategies.
ACM Transactions on Information and System Security (TISSEC) 8(1),
pp. 78–118,
doi:10.1145/1053283.1053288.
M. S. Lund, B. Solhaug & K Stolen (2011):
Model-driven risk analysis: the CORAS approach.
Springer,
doi:10.1007/978-3-642-12323-8.
S. Mauw & M Oostdijk (2006):
Foundations of attack trees.
In: Information Security and Cryptology-ICISC 2005.
Springer,
pp. 186–198,
doi:10.1007/11734727_17.
J. Merrick & G. S. Parnell (2011):
A comparative analysis of PRA and intelligent adversary methods for counterterrorism risk management.
Risk Analysis 31(9),
pp. 1488–1510,
doi:10.1111/j.1539-6924.2011.01590.x.
C. Muehrcke, E. V. Ruitenbeek, K. Keefe & W. H. Sanders (2010):
Characterizing the behavior of cyber adversaries: The means, motive, and opportunity of cyberattacks.
In: 2010 International Conference on Dependable Systems and Networks Supplemental.
IEEE/IFIP International Conference on Dependable Systems and Networks.
Available at https://www.perform.illinois.edu/Papers/USAN_papers/10VAN01.pdf.
D. K. Mulligan & F. B. Schneider (2011):
Doctrine for cybersecurity.
Daedalus 140(4),
pp. 70–92,
doi:10.1162/DAED_a_00116.
S. L. Pfleeger & R Rue (2008):
Cybersecurity economic issues: Clearing the path to good practice.
Software, IEEE 25(1),
pp. 35–42,
doi:10.1109/MS.2008.4.
David Rios Insua, J. Rios & D Banks (2009):
Adversarial risk analysis.
Journal of the American Statistical Association 104(486),
pp. 841–854,
doi:10.1198/jasa.2009.0155.
S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya & Q Wu (2010):
A survey of game theory as applied to network security.
In: System Sciences (HICSS), 2010 43rd Hawaii International Conference on.
IEEE,
pp. 1–10,
doi:10.1109/HICSS.2010.35.
J. C. Sevillano, D Rios Insua & J Rios (2012):
Adversarial risk analysis: The Somali pirates case.
Decision Analysis 9(2),
pp. 86–95,
doi:10.1287/deca.1110.0225.
C.-W. Ten, C.-C. Liu & G Manimaran (2008):
Vulnerability assessment of cybersecurity for SCADA systems.
Power Systems, IEEE Transactions on 23(4),
pp. 1836–1846,
doi:10.1109/TPWRS.2008.2002298.
R. C. Thomas, M. Antkiewicz, P. Florer, S. Widup & M Woodyard (2013):
How bad is it?–A branching activity model to estimate the impact of information security breaches,
doi:10.2139/ssrn.2233075.
P. Xie, J. H. Li, X. Ou, P. Liu & R Levy (2010):
Using Bayesian networks for cyber security analysis.
In: Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on.
IEEE,
pp. 211–220.
Available at 10.1109/DSN.2010.5544924.
B. Zhu, A. Joseph & S Sastry (2011):
A taxonomy of cyber attacks on SCADA systems.
In: Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing.
IEEE,
pp. 380–388,
doi:10.1109/iThings/CPSCom.2011.34.