This Article 
 Bibliographic References 
 Add to: 
Cybersecurity Strategies: The QuERIES Methodology
August 2008 (vol. 41 no. 8)
pp. 20-26
Lawrence Carin, Duke University
George Cybenko, Dartmouth College
Jeff Hughes, Air Force Research Laboratory
QuERIES offers a novel multidisciplinary approach to quantifying risk associated with security technologies resulting in investment-efficient cybersecurity strategies.

1. W.H. Sanders et al., "Measuring Critical Infrastructure Security," I3P Challenge Description, 2006;
2. S.J. Russell and P. Norvig, Artificial Intelligence: A Modern Approach, 2nd ed., Prentice Hall, 2002.
3. J. Wolfers and E. Zitzewitz, "Prediction Markets," J. Economic Perspectives, vol. 18, no. 2, 2004, pp. 107–126.
4. D. Geer, K.S. Hoo, and A. Jaquith, "Why the Future Belongs to the Quants," IEEE Security and Privacy, vol. 1, no. 4, 2003, pp. 24–32.
5. L. Carin, G. Cybenko, and J. Hughes, "Quantitative Evaluation of Risk for Investment Efficient Strategies in Cybersecurity: The QuERIES Methodology," Dartmouth Computer Science Technical Report, 2008.
6. K. Catterjee and W.F. Samuelson, Game Theory and Business Applications, Springer, 2001.
7. O. Sheyner et al., "Automated Generation and Analysis of Attack Graphs," Proc. IEEE Symp. Security and Privacy, IEEE Press, 2002, pp. 273–284.
8. J. Surowiecki, The Wisdom of Crowds, Random House, 2004.
9. R. Hanson, "Combinatorial Information Market Design," Information System Frontiers 5, 2003. pp. 107–119.
10. P. Chalasani et al., "A Refined Binomial Lattice for Pricing American Asian Options," Rev. of Derivatives Research, vol. 3, no. 1, 1999, pp. 85–105.

Index Terms:
cybersecurity, risk assessment, game theory, IP protection
Lawrence Carin, George Cybenko, Jeff Hughes, "Cybersecurity Strategies: The QuERIES Methodology," Computer, vol. 41, no. 8, pp. 20-26, Aug. 2008, doi:10.1109/MC.2008.295
Usage of this product signifies your acceptance of the Terms of Use.