A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues

Dylan L\'eveill\'e; Jason Jaskolka

arxiv: 2503.15626 · v3 · submitted 2025-03-19 · 💻 cs.SE

A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues

Dylan L\'eveill\'e , Jason Jaskolka This is my paper

Pith reviewed 2026-05-22 23:02 UTC · model grok-4.3

classification 💻 cs.SE

keywords security controlsgame theoryzero-sum gamecontrol dependenciesITSG-33cybersecurityrisk managementcatalogue selection

0 comments

The pith

Security control selection from large catalogues is modeled as a two-person zero-sum game whose valid moves are generated by algebraic rules that enforce control dependencies.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that framing the choice of security controls as a zero-sum game between defender and attacker, with feasible combinations produced by an algebraic check on dependencies, yields a practical method for staying inside budget while matching expected threats. A reader would care because standardized catalogues like ITSG-33 contain hundreds of controls whose interactions make exhaustive search impossible, yet picking the wrong subset leaves critical assets exposed. The authors demonstrate the method on a fictional military system and report that the computation remains tractable, allowing analysts to obtain ranked control sets that respect both effectiveness and cost.

Core claim

The control selection problem is set up as a two-person zero-sum one-shot game in which the defender's pure strategies are the valid combinations generated by an algebraic formalism that accounts for dependencies among controls; payoffs are derived from attacker profiles and a fixed budget. When the game is solved on Canada's ITSG-33 catalogue for a representative military system, the resulting equilibrium supplies a concrete, scalable recommendation for which controls to implement.

What carries the argument

Two-person zero-sum one-shot game whose strategy space is restricted to algebraically validated control combinations.

If this is right

The method scales to catalogues the size of ITSG-33 and produces usable recommendations for systems of realistic size.
Security analysts obtain an explicit, auditable mapping from attacker profiles and budget to a ranked list of control combinations.
Dependencies among controls are enforced automatically, eliminating the need for manual enumeration of incompatible sets.
The one-shot zero-sum formulation directly incorporates effectiveness against profiled threats rather than relying on generic risk scores.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same algebraic generator could be reused with different payoff matrices if new threat intelligence becomes available, without rebuilding the entire catalogue representation.
Because the game is solved once per profile-budget pair, repeated runs for scenario planning become feasible once the valid-combination generator has been executed.
Extending the model to allow mixed strategies would produce probabilistic recommendations that might better reflect uncertainty in attacker behavior.

Load-bearing premise

Attacker profiles can be written down in advance with enough accuracy that the resulting payoffs are meaningful, and the algebraic rules correctly capture every relevant dependency so that only feasible sets enter the game.

What would settle it

Apply the same game model and algebraic generator to the military-system case study and observe that either the computed control sets exceed the stated budget or fail to reduce the modeled attack success probability below the level achieved by an expert-chosen baseline set.

Figures

Figures reproduced from arXiv: 2503.15626 by Dylan L\'eveill\'e, Jason Jaskolka.

**Figure 1.** Figure 1: An overview of the game-theoretic approach for security control selection security controls that can be selected from a control catalogue. We say that a control is applicable to a system if it could provide any form of protection from the threats to the assets of the system. We assume that a list of threats and assets are available to the security analyst in the form of a threat model. A threat model is de… view at source ↗

**Figure 2.** Figure 2: Finding the suggested controls for an attacker profile with multiple ordered attacker objectives In this example, there are initially eight valid security control combinations. Each security control combination has a unique set of controls (denoted by the different coloured dots in the figure). Only two assets exist in this system; a Sensor and an Actuator. The attacker profile has two ordered attacker obj… view at source ↗

**Figure 4.** Figure 4: As shown in the figure, CSAT currently only supports security objectives based [PITH_FULL_IMAGE:figures/full_fig_p011_4.png] view at source ↗

**Figure 3.** Figure 3: Overview of CSAT’s design and functionality [PITH_FULL_IMAGE:figures/full_fig_p012_3.png] view at source ↗

**Figure 4.** Figure 4: An example of a filled CSAT control specification file 4.2. Process Spreadsheet. As CSAT is a Python-based web tool, it is accessed through a web browser. The control specification file can simply be passed into the file picker on the initial page. CSAT will parse the specification file provided using pandas [Num24] and store the information internally. 4.3. Budget and Attacker Profile. After the control s… view at source ↗

**Figure 5.** Figure 5: The CSAT user interface before the suggested controls are found using the “Add Attacker Objectives” button and the “Remove Attacker Objectives” button respectively. In this figure, the budget is 20, and we have an attacker profile with two ordered attacker objectives: the first targets the confidentiality and integrity of Asset1 and the confidentiality of Asset2 equally, and the second targets the availabi… view at source ↗

**Figure 6.** Figure 6: A visualization of the logic used by CSAT to find the suggested control combinations security objectives of the second set of attacker objectives. This process is repeated until there are no more ordered attacker objectives. Note that this logic is identical to that of the example provided in [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗

**Figure 7.** Figure 7: Excerpt of a CSAT report resolves ties in the results by selecting those with the lowest cost. As many cases could share the same suggested security controls, cases with identical results are printed sequentially. 5. Illustrative Example In this section, we demonstrate how the approach presented in Section 3 could be applied to support the control selection activity for a large illustrative system. The sys… view at source ↗

**Figure 8.** Figure 8: An overview of the Ravenclaw system architecture Because Ravenclaw is a Canadian government system, the analyst selects controls from the ITSG-33 control catalogue2 . To comply with departmental requirements, it was decided by the organization that the following controls must be present in the system: 2 ITSG-33 is the standard control catalogue to assist security practitioners in their efforts to protect i… view at source ↗

read the original abstract

Selecting the combination of security controls that will most effectively protect a system's assets is a difficult task. If the wrong controls are selected, the system may be left vulnerable to cyber-attacks that can impact the confidentiality, integrity, and availability of critical data and services. In practical settings, as standardized control catalogues can be quite large, it is not possible to select and implement every control possible. Instead, considerations, such as budget, effectiveness, and dependencies among various controls, must be considered to choose a combination of security controls that best achieve a set of system security objectives. In this paper, we present a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. Using a software tool, we apply the approach on a fictional Canadian military system with Canada's standardized control catalogue, ITSG-33. Through this case study, we demonstrate the approach's scalability to assist in selecting an effective set of security controls for large systems. The results illustrate how a security analyst can use the proposed approach and supporting tool to guide and support decision-making in the control selection activity when developing secure systems of all sizes.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper shows a workable game-theoretic method with algebraic filtering for picking controls from ITSG-33 that runs at catalogue scale on a fictional system.

read the letter

The main point is that this work takes a zero-sum game setup for control selection and adds an algebraic step to generate only valid combinations that respect dependencies, then runs the whole thing on a large ITSG-33 instance for a made-up Canadian military system. The claim is that this stays computationally feasible where brute force would not. That combination and the tool demonstration on a real catalogue size is what is new here. Prior game theory work in security exists, and dependency modeling does too, but the specific pairing applied to ITSG-33 with the scalability test is the fresh piece. The paper does a decent job showing how an analyst could inspect the resulting mixed strategy under a budget to guide choices, which matches a recurring task in regulated environments. The algebraic filter keeps the strategy space from exploding, and the case study is presented as evidence that the approach can handle large systems without getting stuck. The soft spots are straightforward. Attacker profiles and the budget are exogenous inputs, so the output quality rests on how accurately those are set by the user rather than anything derived inside the model. The demonstration uses a fictional system with no reported runtimes, no baseline comparisons, and no error or sensitivity checks, which leaves the scalability claim more qualitative than quantitative. The abstract also does not indicate whether the algebraic closure fully captures real dependencies or just the ones listed in the catalogue. This is aimed at security engineers and compliance teams who already work with standardized catalogues and need a structured decision aid rather than a new theoretical result. A practitioner reader would get a concrete workflow and tool example to adapt. It deserves peer review because the practical integration and scale demonstration are clear enough to evaluate, even if the paper would need added metrics and validation to strengthen the case.

Referee Report

1 major / 1 minor

Summary. The manuscript presents a game-theoretic approach for selecting security controls from standardized catalogues such as ITSG-33. The control selection problem is formulated as a two-person zero-sum one-shot game whose strategy space is restricted to valid combinations generated by an algebraic formalism that encodes dependencies among controls. A case study applying the method (via a supporting software tool) to a fictional Canadian military system is used to illustrate scalability for large systems.

Significance. If the algebraic generator produces a tractable strategy space and the zero-sum equilibrium can be computed at catalogue scale, the work supplies a concrete, inspectable decision-support procedure that incorporates exogenous attacker profiles and a budget constraint. The explicit separation of modeling inputs from the game solution is a methodological strength.

major comments (1)

[Abstract] Abstract and case-study description: the central claim that the approach demonstrates scalability rests on a case study whose quantitative outcomes (run-time, size of the filtered strategy space, equilibrium computation cost, or comparison to any baseline) are not reported. Without these metrics the scalability assertion cannot be evaluated.

minor comments (1)

The abstract would be strengthened by a single sentence stating the catalogue size, number of valid combinations retained by the algebraic filter, and wall-clock time for the game solution.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback. The single major comment identifies a clear gap in the presentation of quantitative evidence for the scalability claim, which we will address directly in revision.

read point-by-point responses

Referee: [Abstract] Abstract and case-study description: the central claim that the approach demonstrates scalability rests on a case study whose quantitative outcomes (run-time, size of the filtered strategy space, equilibrium computation cost, or comparison to any baseline) are not reported. Without these metrics the scalability assertion cannot be evaluated.

Authors: We agree that the current manuscript does not report the requested quantitative metrics. The abstract and case-study section assert scalability on the basis of applying the algebraic generator and zero-sum solver to the ITSG-33 catalogue for a fictional military system, yet they omit concrete figures for filtered strategy-space cardinality, solver run-times, equilibrium computation cost, or baseline comparisons. In the revised version we will insert these metrics (drawn from the experiments already performed with the supporting tool) into both the abstract and the case-study section, together with a brief description of the experimental platform, so that the scalability claim can be evaluated on the basis of explicit data. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper presents a modeling construction: a zero-sum game whose strategy space is filtered by an algebraic closure over control dependencies, then solved on an exogenous ITSG-33 instance with supplied attacker profiles and budget. No equation or result is shown to reduce by construction to a fitted parameter, self-citation chain, or renamed input; the algebraic generator and game solution are presented as a computational filter whose outputs are inspected rather than claimed to be derived from first principles. The central claim of scalability is demonstrated by direct application to a large catalogue, with all load-bearing inputs treated as analyst-supplied rather than internally generated. This is a self-contained engineering proposal with no load-bearing self-citation or definitional loop.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 0 invented entities

The model treats attacker profiles and budget as exogenous inputs. The algebraic formalism is presented as a given method for encoding dependencies. No new physical or mathematical entities are introduced.

free parameters (2)

attacker profiles
Expected attacker behaviors used to define the payoff matrix of the zero-sum game; chosen or estimated outside the derivation.
budget constraint
Fixed limit on total control cost that restricts the feasible strategy space.

axioms (2)

domain assumption The interaction between defender and attacker can be accurately represented as a one-shot zero-sum game with known payoff structure.
Invoked when the control selection problem is set up as a two-person zero-sum game.
domain assumption An algebraic formalism exists that correctly captures all relevant dependencies among controls in the catalogue.
Used to generate only valid control combinations.

pith-pipeline@v0.9.0 · 5768 in / 1572 out tokens · 116663 ms · 2026-05-22T23:02:40.651643+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism (akin to product family algebra) to account for dependencies among selected controls.
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Definition 1 (Security Control Algebra). A security control algebra is a commutative idempotent semiring C ≔ (C, ⊕, ⊙, 0, 1) …

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

18 extracted references · 18 canonical work pages

[1]

Decision support for selecting information security controls

[AR18] Luís Almeida and Ana Respício. Decision support for selecting information security controls. Journal of Decision Systems, 27:173–180, 2018.doi:10.1080/12460125.2018.1468177. [BSS+20] Seifeddine Bettaieb, Seung Yeob Shin, Mehrdad Sabetzadeh, Lionel C. Briand, Michael Garceau, and Antoine Meyers. Using machine learning to assist with the selection of...

work page doi:10.1080/12460125.2018.1468177 2018
[2]

[Dra] Victoria Drake

Association for Computing Machinery.doi:10.1145/1315245.1315272. [Dra] Victoria Drake. Threat Modeling.https://owasp.org/www-community/Threat_Modeling [Ac- cessed: 2023-12-11]. [FCHJ05] Martin S. Feather, Steven L. Cornford, Kenneth A. Hicks, and Kenneth R. Johnson:. Applications of tool support for risk-informed requirements reasoning. https://www.resear...

work page doi:10.1145/1315245.1315272 2023
[3]

IT Security Risk Management: A Lifecycle Approach – Security Control Catalogue

[Gov14] Government of Canada. IT Security Risk Management: A Lifecycle Approach – Security Control Catalogue. https://www.cisecurity.org/controls/v8 [Accessed: 2024-06-21], December

work page 2024
[4]

An algebra of product families.Software and Systems Modeling, 10(2):161–182, 2011.doi:10.1007/s10270-009-0127-2

[HKM11] Peter Höfner, Ridha Khedri, and Bernhard Möller. An algebra of product families.Software and Systems Modeling, 10(2):161–182, 2011.doi:10.1007/s10270-009-0127-2. [Int18] International Organization for Standardization. ISO/IEC 31000:2018 Risk Management – Guide- lines.https://www.iso.org/standard/65694.html[Accessed: 2024-06-21], February

work page doi:10.1007/s10270-009-0127-2 2011
[5]

[Int22a] International Organization for Standardization. ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls.https://www.iso.org/ standard/75652.html[Accessed: 2024-06-21], February

work page 2022
[6]

[Int22b] International Organization for Standardization. ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection – Guidance on managing information security risks.https: //www.iso.org/standard/80585.html[Accessed: 2023-12-11], October

work page 2022
[7]

Risk management framework for information systems and organizations: A system life cycle approach for security and privacy

[Joi18] Joint Task Force Interagency Working Group. Risk management framework for information systems and organizations: A system life cycle approach for security and privacy. Special Publication (NIST SP) 800-37 Revision 2, National Institute of Standards and Technology, December 2018.doi:10.6028/NIST.SP.800-37r2. [Joi20a] Joint Task Force Interagency Wo...

work page doi:10.6028/nist.sp.800-37r2 2018
[8]

Selecting security control portfolios: a multi-objective simulation-optimization approach.EURO Journal on Decision Processes, 4(1-2):85–117, 2016.doi:10.1007/s40070-016-0055-7

[KEG+16] Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strauss, and Christian Stummer. Selecting security control portfolios: a multi-objective simulation-optimization approach.EURO Journal on Decision Processes, 4(1-2):85–117, 2016.doi:10.1007/s40070-016-0055-7. [KMRS14] Barbara Kordy, Sjouke Mauw, Saša Radomirović, and Patrick Schweitzer. ...

work page doi:10.1007/s40070-016-0055-7 2016
[9]

Toward a knowledge graph of cybersecurity counter- measures

[KS20] Peter Kaloroumakis and Michael Smith. Toward a knowledge graph of cybersecurity counter- measures. https://apps.dtic.mil/sti/citations/AD1156977 [Accessed: 2024-06-21], April

work page 2024
[10]

A game-theoretic approach for security control selection

[LJ24a] Dylan Léveillé and Jason Jaskolka. A game-theoretic approach for security control selection. In 15th International Symposium on Games, Automata, Logics and Formal Verification, volume 409 ofGandALF 2024, pages 103–119, Reykjavic, Iceland,

work page 2024
[11]

[LJ24b] Dylan Léveillé and Jason Jaskolka

Electronic Proceedings in Theoretical Computer Science. [LJ24b] Dylan Léveillé and Jason Jaskolka. A tool for enabling scalable automation in security control selection. In17th International Symposium on Foundations & Practice of Security, FPS 2024, pages 1–16, Montreal, Canada,

work page 2024
[12]

[LZ11] Qixu Liu and Yuqing Zhang

Springer. [LZ11] Qixu Liu and Yuqing Zhang. VRSS: A new system for rating and scoring vulnerabilities. Computer Communications, 34:264–273, 2011.doi:10.1016/j.comcom.2010.04.006. [Mic22] Microsoft. Microsoft threat modeling tool – threats.https://learn.microsoft.com/en-us/ azure/security/develop/threat-modeling-tool-threats[Accessed: 2024-06-21],

work page doi:10.1016/j.comcom.2010.04.006 2011
[13]

The common vulnerability scoring system (CVSS) and its applicability to federal agency systems

[MSR07] Peter Mell, Karen Scarfone, and Sasha Romanosky. The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. NIST Interagency Report 7435, National Institute of Standards and Technology, August 2007.doi:10.6028/NIST.IR.7435. [Mur16] Murugiah Souppaya and Karen Scarfone. Guide to data-centric system threat modeli...

work page doi:10.6028/nist.ir.7435 2007
[14]

The NIST privacy framework: A tool for improving privacy through enterprise risk management

[Nat20] National Institute of Standards and Technology. The NIST privacy framework: A tool for improving privacy through enterprise risk management. Cybersecurity White Papers (CSWP) 10, National Institute of Standards and Technology, January 2020.doi:10.6028/nist.cswp.10. [Nat24] National Institute of Standards and Technology. The NIST cybersecurity fram...

work page doi:10.6028/nist.cswp.10 2020
[15]

Game theory

[Owe15] Guillermo Owen. Game theory. In James D. Wright, editor,International Encyclopedia of the Social & Behavioral Sciences (Second Edition), pages 573–581. Elsevier, Oxford, second edition edition, 2015.doi:10.1016/B978-0-08-097086-8.43045-X. [PH20] Jun Young Park and Eui Nam Huh. A cost-optimization scheme using security vulnerability measurement for...

work page doi:10.1016/b978-0-08-097086-8.43045-x 2015
[16]

[RPG+21] Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie Mcquaid

doi:10.1109/rew57809.2023.00045. [RPG+21] Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie Mcquaid. De- veloping cyber-resilient systems: A systems security engineering approach. Special Publication (NIST SP) 800-160, Volume 2 Revision 1, National Institute of Standards and Technology, December 2021.doi:10.6028/NIST.SP.800-160v...

work page doi:10.1109/rew57809.2023.00045 2023
[17]

Sarala, G

[SZV16] R. Sarala, G. Zayaraz, and V. Vijayalakshmi. Optimal selection of security countermeasures for effective information security.Advances in Intelligent Systems and Computing, 398:345–353, 2016.doi:10.1007/978-81-322-2674-1_33. [TCG+21] Maria Tsiodra, Michail Chronopoulos, Matthias Ghering, Eirini Karapistoli, Neofytos Gerosavva, and Nicolas Kylilis....

work page doi:10.1007/978-81-322-2674-1_33 2016
[18]

doi: 10.1016/j.procs.2015.08.625

work page doi:10.1016/j.procs.2015.08.625 2015

[1] [1]

Decision support for selecting information security controls

[AR18] Luís Almeida and Ana Respício. Decision support for selecting information security controls. Journal of Decision Systems, 27:173–180, 2018.doi:10.1080/12460125.2018.1468177. [BSS+20] Seifeddine Bettaieb, Seung Yeob Shin, Mehrdad Sabetzadeh, Lionel C. Briand, Michael Garceau, and Antoine Meyers. Using machine learning to assist with the selection of...

work page doi:10.1080/12460125.2018.1468177 2018

[2] [2]

[Dra] Victoria Drake

Association for Computing Machinery.doi:10.1145/1315245.1315272. [Dra] Victoria Drake. Threat Modeling.https://owasp.org/www-community/Threat_Modeling [Ac- cessed: 2023-12-11]. [FCHJ05] Martin S. Feather, Steven L. Cornford, Kenneth A. Hicks, and Kenneth R. Johnson:. Applications of tool support for risk-informed requirements reasoning. https://www.resear...

work page doi:10.1145/1315245.1315272 2023

[3] [3]

IT Security Risk Management: A Lifecycle Approach – Security Control Catalogue

[Gov14] Government of Canada. IT Security Risk Management: A Lifecycle Approach – Security Control Catalogue. https://www.cisecurity.org/controls/v8 [Accessed: 2024-06-21], December

work page 2024

[4] [4]

An algebra of product families.Software and Systems Modeling, 10(2):161–182, 2011.doi:10.1007/s10270-009-0127-2

[HKM11] Peter Höfner, Ridha Khedri, and Bernhard Möller. An algebra of product families.Software and Systems Modeling, 10(2):161–182, 2011.doi:10.1007/s10270-009-0127-2. [Int18] International Organization for Standardization. ISO/IEC 31000:2018 Risk Management – Guide- lines.https://www.iso.org/standard/65694.html[Accessed: 2024-06-21], February

work page doi:10.1007/s10270-009-0127-2 2011

[5] [5]

[Int22a] International Organization for Standardization. ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls.https://www.iso.org/ standard/75652.html[Accessed: 2024-06-21], February

work page 2022

[6] [6]

[Int22b] International Organization for Standardization. ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection – Guidance on managing information security risks.https: //www.iso.org/standard/80585.html[Accessed: 2023-12-11], October

work page 2022

[7] [7]

Risk management framework for information systems and organizations: A system life cycle approach for security and privacy

[Joi18] Joint Task Force Interagency Working Group. Risk management framework for information systems and organizations: A system life cycle approach for security and privacy. Special Publication (NIST SP) 800-37 Revision 2, National Institute of Standards and Technology, December 2018.doi:10.6028/NIST.SP.800-37r2. [Joi20a] Joint Task Force Interagency Wo...

work page doi:10.6028/nist.sp.800-37r2 2018

[8] [8]

Selecting security control portfolios: a multi-objective simulation-optimization approach.EURO Journal on Decision Processes, 4(1-2):85–117, 2016.doi:10.1007/s40070-016-0055-7

[KEG+16] Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strauss, and Christian Stummer. Selecting security control portfolios: a multi-objective simulation-optimization approach.EURO Journal on Decision Processes, 4(1-2):85–117, 2016.doi:10.1007/s40070-016-0055-7. [KMRS14] Barbara Kordy, Sjouke Mauw, Saša Radomirović, and Patrick Schweitzer. ...

work page doi:10.1007/s40070-016-0055-7 2016

[9] [9]

Toward a knowledge graph of cybersecurity counter- measures

[KS20] Peter Kaloroumakis and Michael Smith. Toward a knowledge graph of cybersecurity counter- measures. https://apps.dtic.mil/sti/citations/AD1156977 [Accessed: 2024-06-21], April

work page 2024

[10] [10]

A game-theoretic approach for security control selection

[LJ24a] Dylan Léveillé and Jason Jaskolka. A game-theoretic approach for security control selection. In 15th International Symposium on Games, Automata, Logics and Formal Verification, volume 409 ofGandALF 2024, pages 103–119, Reykjavic, Iceland,

work page 2024

[11] [11]

[LJ24b] Dylan Léveillé and Jason Jaskolka

Electronic Proceedings in Theoretical Computer Science. [LJ24b] Dylan Léveillé and Jason Jaskolka. A tool for enabling scalable automation in security control selection. In17th International Symposium on Foundations & Practice of Security, FPS 2024, pages 1–16, Montreal, Canada,

work page 2024

[12] [12]

[LZ11] Qixu Liu and Yuqing Zhang

Springer. [LZ11] Qixu Liu and Yuqing Zhang. VRSS: A new system for rating and scoring vulnerabilities. Computer Communications, 34:264–273, 2011.doi:10.1016/j.comcom.2010.04.006. [Mic22] Microsoft. Microsoft threat modeling tool – threats.https://learn.microsoft.com/en-us/ azure/security/develop/threat-modeling-tool-threats[Accessed: 2024-06-21],

work page doi:10.1016/j.comcom.2010.04.006 2011

[13] [13]

The common vulnerability scoring system (CVSS) and its applicability to federal agency systems

[MSR07] Peter Mell, Karen Scarfone, and Sasha Romanosky. The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. NIST Interagency Report 7435, National Institute of Standards and Technology, August 2007.doi:10.6028/NIST.IR.7435. [Mur16] Murugiah Souppaya and Karen Scarfone. Guide to data-centric system threat modeli...

work page doi:10.6028/nist.ir.7435 2007

[14] [14]

The NIST privacy framework: A tool for improving privacy through enterprise risk management

[Nat20] National Institute of Standards and Technology. The NIST privacy framework: A tool for improving privacy through enterprise risk management. Cybersecurity White Papers (CSWP) 10, National Institute of Standards and Technology, January 2020.doi:10.6028/nist.cswp.10. [Nat24] National Institute of Standards and Technology. The NIST cybersecurity fram...

work page doi:10.6028/nist.cswp.10 2020

[15] [15]

Game theory

[Owe15] Guillermo Owen. Game theory. In James D. Wright, editor,International Encyclopedia of the Social & Behavioral Sciences (Second Edition), pages 573–581. Elsevier, Oxford, second edition edition, 2015.doi:10.1016/B978-0-08-097086-8.43045-X. [PH20] Jun Young Park and Eui Nam Huh. A cost-optimization scheme using security vulnerability measurement for...

work page doi:10.1016/b978-0-08-097086-8.43045-x 2015

[16] [16]

[RPG+21] Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie Mcquaid

doi:10.1109/rew57809.2023.00045. [RPG+21] Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie Mcquaid. De- veloping cyber-resilient systems: A systems security engineering approach. Special Publication (NIST SP) 800-160, Volume 2 Revision 1, National Institute of Standards and Technology, December 2021.doi:10.6028/NIST.SP.800-160v...

work page doi:10.1109/rew57809.2023.00045 2023

[17] [17]

Sarala, G

[SZV16] R. Sarala, G. Zayaraz, and V. Vijayalakshmi. Optimal selection of security countermeasures for effective information security.Advances in Intelligent Systems and Computing, 398:345–353, 2016.doi:10.1007/978-81-322-2674-1_33. [TCG+21] Maria Tsiodra, Michail Chronopoulos, Matthias Ghering, Eirini Karapistoli, Neofytos Gerosavva, and Nicolas Kylilis....

work page doi:10.1007/978-81-322-2674-1_33 2016

[18] [18]

doi: 10.1016/j.procs.2015.08.625

work page doi:10.1016/j.procs.2015.08.625 2015