References
- Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications, 7(1), 1–17. https://doi.org/10.5121/ijcnc.2015.7101
- Ahmad, R., Sahib, S., & Azuwa, M. P. (2014). Effective measurement requirements for network security management. International Journal of Computer Science and Information Security, 12(4), 1–8.
- Almuhammadi, S., & Alsaleh, M. (2017). Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), 51–62.
- Anderson, J. A., & Rachamadugu, V. (2008, July 7–11). Managing security and privacy integration across enterprise business process and infrastructure [Paper presentation]. IEEE International Conference on Services Computing, Honolulu, HI, USA.
- Azuwa, M. P., Ahmad, R., Sahib, S., & Shamsuddin, S. (2012). Technical security metrics model in compliance with ISO 27001 standard. International Journal of Cyber-Security and Digital Forensics, 1(4), 280–288.
- Basili, V. R., Caldiera, G., & Rombach, H. D. (1994). The goal question metric approach. Wiley and Sons, Inc.
- Bhattacharya, P., & Ghosh, S. K. (2012). Analytical framework for measuring network security using exploit dependency graph. IET Information Security, 6(4), 264–270. https://doi.org/10.1049/iet-ifs.2011.0103
- Blank, R. M., & Gallagher, P. D. (2012). Guide for conducting risk assessments, NIST special publication Ming et al., 201100-30 (pp. 800–830). National Institute of Standards and Technology.
- Breu, R., Oberperfler, F. I., & Yautsiukhin, A. (2008, March 4–7). Quantitative assessment of enterprise security system [Paper presentation]. The Third International Conference on Availability, Reliability and Security (ARES 08), Barcelona, Spain.
- Brotby, W. K. (2009). Information security management metrics. Taylor & Francis Group.
- Brotby, W. K., & Hinson, G. (2013). PRAGMATIC security metrics: Applying meta-metrics to information security. Taylor & Francis Group.
- Bunke, M., Koschke, R., & Sohr, K. (2012). Organizing security patterns related to security and pattern recognition requirements. International Journal on Advances in Security, 5(1–2), 46–67.
- Canavan, J. E. (2000). Fundamentals of network security. Artech House Telecomm.
- Cheng, Y., Deng, J., Li, J., DeLoach, S. A., Singhal, A., & Ou, X. (2014). Cyber defense and situational awareness. Springer.
- Cheng, P., Wang, L., Jajodia, S., & Singhal, A. (2012, October 8–11). Aggregating CVSS base scores for semantics-rich network security metrics [Paper presentation]. 31st IEEE International Symposium on Reliable Distributed Systems, Irvine, CA, USA.
- Cherdantseva, Y., Hilton, J., Rana, O., & Ivins, W. (2016). A multifaceted evaluation of the reference model of information assurance & security. Computers & Security, 63, 45–66. https://doi.org/10.1016/j.cose.2016.09.007
- Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008). Security metrics guide for information technology systems. National Institute of Standards and Technology.
- Christopher, J. D., Muneer, F., & Fry, J. (2014). Cyber security capability maturity model (C2M2). Department of Energy (DoE).
- Dacier, M., & Deswarte, Y. (1994, November 7–9). An extension to the typed access matrix model [Paper presentation]. European Symposium on Research in Computer Security (ESORICS 94), Brighton, UK.
- de Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. https://doi.org/10.1016/j.cose.2014.12.006
- Deming, W. E. (2000). Out of the crisis. MIT Press.
- Dey, A. K., & Abowd, G. D. (1999, September 27–29). Towards a better understanding of context and context-awareness [Paper presentation]. The International Symposium on Handheld and Ubiquitous Computing, Karlsruhe, Germany.
- Ding, Z., & Peng, Y. (2004, January 5–8). A probabilistic extension to ontology language OWL [Paper presentation]. 37th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA.
- Ding, Z., Peng, Y., & Pan, R. (2006, June 25–29). A Bayesian approach to uncertainty modelling in OWL ontology [Paper presentation]. The International Conference on Advances in Intelligent Systems - Theory and Applications, Zakopane, Poland.
- Ding, Z., Peng, Y., & Pan, R. (2005). BayesOWL: Uncertainty modelling in semantic web ontologies. In Z. Ma (Ed.), Soft computing in ontologies and semantic web. Studies in fuzziness and soft computing (Vol. 204, pp. 3–29). Springer.
- Ding, Z., Peng, Y., Pan, R., & Yu, Y. (2005, July 9). A Bayesian methodology towards automatic ontology mapping [Paper presentation]. AAAI Workshop on Contexts and Ontologies: Theory, Practice, and Applications, Menlo Park, CA, USA.
- Dubois, É., Heymans, P., Mayer, N., & Matulevičius, R. (2010). A systematic approach to define the domain of information system security risk management. In Intentional perspectives on information systems engineering. Springer-Verlag.
- Easttom, C., & Butler, W. (2019, January 7–9). A modified McCumber cube as a basis for a taxonomy of cyber attacks [Paper presentation]. The 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.
- Falessi, N., Gavrila, R., Klejnstrup, M. R., & Moulinos, K. (2012). National cyber security strategies. ENISA.
- Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256, 57–73. https://doi.org/10.1016/j.ins.2013.02.036
- Fenz, S. (2010, March 22–26). Ontology-based generation of IT-security metrics [Paper presentation]. The 2010 ACM Symposium on Applied Computing (SAC’10), Sierre, Switzerland.
- Fenz, S. (2012). An ontology-based approach for constructing Bayesian networks. Data & Knowledge Engineering, 73, 73–88. https://doi.org/10.1016/j.datak.2011.12.001
- Fenz, S., & Ekelhart, A. (2009, March 10–12). Formalizing information security knowledge [Paper presentation]. 4th International Symposium on Information, Computer, and Communications Security (ASIACCS’09), Sydney, Australia.
- Fenz, S., Tjoa, A. M., & Hudec, M. (2009, March 16–19). Ontology-based generation of Bayesian networks [Paper presentation]. The International Conference on Complex, Intelligent and Software Intensive Systems (CISIS’09), Fukuoka, Japan.
- FIRST. (2005). Complete CVSS v1 Guide. Forum of Incident Response and Security Teams. https://www.first.org/cvss/v1/guide
- FIRST. (2015). Common vulnerability scoring system VJaquith, 2007.0: Specification document. Forum of Incident Response and Security Teams. https://www.first.org/cvss/specification-document
- Frigault, M., Wang, L., Singhal, A., & Jajodia, S. (2008, October 27). Measuring network security using dynamic Bayesian network [Paper presentation]. The 4th ACM Workshop on Quality of Protection Pages (QoP’08), Alexandria, VA, USA.
- García, S. M., Rubio, S. M., Rosado, D. G., Fernández, E. B., & Medina, E. F. (2014). Enterprise security pattern: A new type of security pattern. Security and Communication Networks, 7(11), 1670–1690. https://doi.org/10.1002/sec.863
- GCSCC. (2014). Cyber security capability maturity model (CMM). Global Cyber Security Capacity Centre and University of Oxford.
- Guan, H., Yang, H., & Wang, J. (2016). An ontology-based approach to security pattern selection. International Journal of Automation and Computing, 13(2), 168–182. https://doi.org/10.1007/s11633-016-0950-1
- Guermah, H., Fissaa, T., Hafiddi, H., Nassar, M., & Kriouile, A. (2013. May 27–30). Context modeling and reasoning for building context aware services [Paper presentation]. ACS International Conference on Computer Systems and Applications (AICCSA), Ifrane, Morocco.
- Hallberg, J., & Lundholm, K. (2009). Information security metrics based on organizational models. Swedish Defence Research Agency.
- Hayden, L. (2010). IT security metrics: A practical framework for measuring security & protecting data. Mc Graw Hill.
- Herzog, A., Shahmehri, N., & Duma, C. (2007). An ontology of information security. International Journal of Information Security, 1(4), 1–23.
- Hlel, E., Jamoussi, S., & Hamadou, A. B. (2017). A new method for building probabilistic ontology (prob-ont). International Journal of Information Technology and Web Engineering, 12(2), 1–25.
- Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., & Ochoa, M. (2019). Insight into insiders and IT: A survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Computing Surveys, 52(2), 1–40. https://doi.org/10.1145/3303771
- Hong, J. B. (2015). Scalable and adaptable security modelling and analysis. [Unpublished doctoral dissertation]. University of Canterbury.
- Hu, B., Wang, Z.-X., & Dong, Q.-C. (2013). A novel context-aware modeling and reasoning method based on OWL. Journal of Computers, 8(4), 943–950. https://doi.org/10.4304/jcp.8.4.943-950
- Huang, R., Yan, D., & Yang, F. (2009, November 6–8). Research of security metric architecture for next generation network [Paper presentation]. The International Conference on Network Infrastructure and Digital Content (IC-NIDC’09), Beijing, China.
- Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security–A survey. IEEE Internet of Things Journal, 4(6), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172
- Husni, E., & Kurniati, Y. (2014, October 23–24). Application of mean time-to-compromise and VEA-bility security metrics in auditing computer network security [Paper presentation]. 8th International Conference on Telecommunication Systems Services and Applications (TSSA), Bali, Indonesia.
- Idika, N., & Bhargava, B. (2012). Extending attack graph-based security metrics and aggregating their application. IEEE Transactions on Dependable and Secure Computing, 9(1), 75–85. https://doi.org/10.1109/TDSC.2010.61
- Ingols, K., Lippmann, R., & Piwowarski, K. (2006, December 11–15). Practical attack graph generation for network defense [Paper presentation]. The 22nd Annual Computer Security Applications Conference (ACSAC), Miami, Fl, USA.
- IRC. (1999). National scale INFOSEC research hard problems list. INFOSEC Research Council.
- ISO. (2002). Information technology-systems security engineering-capability maturity model (SSE-CMM). International Organization for Standardization (ISO).
- ISO. (2005). Information technology-security techniques-evaluation criteria for IT security-part 1: Introduction and general model (ISO 15408-1). International Organization for Standardization (ISO).
- ISO. (2009). Information technology - Security techniques - Information security management - Measurement. International Organization for Standardization (ISO).
- ISO. (2011). Information technology - Security techniques - Information security risk management. International Organization for Standardization (ISO).
- ISO. (2012). Information technology - Security techniques - Guidelines for cybersecurity. International Organization for Standardization (ISO).
- ISO. (2013a). Information technology-security techniques-Information security management systems: Code of practice for information security controls. International Organization for Standardization.
- ISO. (2013b). Information technology-security techniques-Information security management systems: Requirements. International Organization for Standardization.
- ISO. (2014). Information technology - Security techniques - Information security management systems - Overview and vocabulary. International Organization for Standardization.
- ITU. (2003). Security architecture for systems providing end-to-end communications. International Telecommunication Union.
- ITU. (2016). Global cybersecurity index: Reference model. International Telecommunication Union.
- Jakobson, G. (2011, July 5–8). Mission cyber security situation assessment using impact dependency graphs [Paper presentation]. 14th International Conference on Information Fusion (FUSION), Chicago, IL, USA.
- Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty and doubt. Addison-Wesley.
- Jhawar, R., Lounis, K., & Mauw, S. (2016, September 26–27). A stochastic framework for quantitative analysis of attack-defense trees [Paper presentation]. International Workshop on Security and Trust Management, Heraklion, Greece.
- Jouini, M., Rabai, L. B. A., & Khedri, R. (2015). A multidimensional approach towards a quantitative assessment of security threats. Procedia Computer Science, 52, 507–514. https://doi.org/10.1016/j.procs.2015.05.024
- Karokola, G., Kowalski, S., & Yngström, L. (2011, July 7–8). Towards an information security maturity model for secure e-government services: A stakeholders view [Paper presentation]. 5th International Symposium on Human Aspects of Information Security and Assurance HAISA2011 Conference, London, UK.
- Kayes, A. S. M., Han, J., & Colman, A. (2013, October 13–15). An ontology-based approach to context-aware access control for software services [Paper presentation]. The 14th International Conference on Web Information Systems Engineering, China.
- Kaynar, K., & Sivrikaya, F. (2016). Distributed attack graph generation. IEEE Transactions on Dependable and Secure Computing, 13(5), 519–532. https://doi.org/10.1109/TDSC.2015.2423682
- Kent, S., Gosler, J. R., Donner, M., Bellovin, S., Feigenbaum, J., Schneider, F., & Neumann, P. G. (2005). Hard problem list. INFOSEC Research Council.
- Keramati, M. (2017). An attack graph based method for predictive risk evaluation of zero-day attacks. International Journal of Information and Communication Technology Research, 9(3), 7–16.
- Korhonen, J. J., Yildiz, M., & Mykkänen, J. (2009, December 14–16). Governance of information security elements in service-oriented enterprise architecture [Paper presentation]. 10th International Symposium on Pervasive Systems, Algorithms, and Networks, Kaohsiung, Taiwan.
- Kotenko, I., & Doynikova, E. (2014). Evaluation of computer network security based on attack graphs and security event processing. Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 5(3), 14–29.
- Kotenko, I., Saenko, I., Polubelova, O., & Doynikova, E. (2013, September 2–6). The ontology of metrics for security evaluation and decision support in SIEM systems [Paper Presentation]. International Conference on Availability, Reliability and Security, Regensburg, Germany.
- Kreizman, G. (2011, October 4–6). An introduction to information security architecture [Paper presentation]. Gartner the Future of IT Conference, Mexico City, Mexico.
- Krummenacher, R., & Strang, T. (2007, January 21). Ontology-based context modeling [Paper presentation]. Third Workshop on Context-Aware Proactive Systems (CAPS’07), Guildford, UK.
- Lallie, H. S., Debattista, K., & Bal, J. (2018). An empirical evaluation of the effectiveness of attack graphs and fault trees in cyber-attack perception. IEEE Transactions on Information Forensics and Security, 13(5), 1110–1122. https://doi.org/10.1109/TIFS.2017.2771238
- Laverdiere, M.-A., Mourad, A., Hanna, A., & Debbabi, M. (2006, May 7–10). Security design patterns: survey and evaluation [Paper presentation]. Canadian Conference on Electrical and Computer Engineering (CCECE), Ottawa, ON, Canada.
- Lee, S.-W. (2011, June 27–29). Probabilistic risk assessment for security requirements: A preliminary study [Paper presentation]. The Fifth International Conference on Secure Software Integration and Reliability Improvement (SSIRI), Jeju Island, South Korea.
- Lippmann, R. P., Riordan, J. F., Yu, T. H., & Watson, K. K. (2012). Continuous security metrics for prevalent network threats: Introduction and first four metrics. Lincoln Laboratory, Massachusetts Institute of Technology.
- Liveri, D., & Sarri, A. (2014). An evaluation framework for national cyber security strategies. ENISA National Cyber Security Strategies.
- Lundholm, K., Hallberg, J., & Granlund, H. (2011). Design and use of information security metrics. Swedish Defense Research Agency.
- Magar, A., & Security, S. (2016). State-of-the-art in cyber threat models and methodologies. Defense Research and Development Canada.
- Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E., & Kalloniatis, C. (2016, June 13–17). Apparatus: Reasoning about security requirements in the internet of things [Paper presentation]. The Advanced Information Systems Engineering Workshops, Ljubljana, Slovenia.
- Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E., & Kalloniatis, C. (2017). A conceptual model to support security analysis in the internet of things. Computer Science and Information Systems, 14(2), 557–578. https://doi.org/10.2298/CSIS160110016M
- McCumber, J. (1991, October 1–4). Information systems security: a comprehensive model [Paper presentation]. 14th National Computer Security Conference, Washington, DC.
- Miehling, E., Rasouli, M., & Teneketzis, D. (2018). A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Transactions on Information Forensics and Security, 13(10), 2490–2505. https://doi.org/10.1109/TIFS.2018.2819967
- Ming, L., Wang, D., Zhang, L., Kuang, X., Tang, J., & Wang, C. (2011, October 21–23). Index system of network security and survivability [Paper presentation]. The First International Conference on Instrumentation, Measurement, Computer, Communication and Control, Biejing, China.
- Mohan, P., & Singh, M. (2015). Ontological approach for context aware modeling and reasoning in sensor networks. Internationl Journal of Computer Technology and Applications, 6(2), 244–248.
- Munoz-Gonzalez, L., Sgandurra, D., Paudice, A., & Lupu, E. C. (2017). Efficient attack graph analysis through approximate inference. ACM Transactions on Privacy and Security, 20(3), 1–31. https://doi.org/10.1145/3105760
- Nguyen, V. (2011). Ontologies and information systems: a literature survey. Defense Science and Technology Organization (DSTO).
- Niu, D.-D., Liu, L., Zhang, X., Lü, S., & Li, Z. (2016). Security analysis model, system architecture and relation model of enterprise cloud services. International Journal of Automation and Computing, 13(6), 574–584. https://doi.org/10.1007/s11633-016-1014-2
- NSTC. (2011). TrustWorthy cyberspace: Strategic plan for the federal cybersecurity research and development program. National Science and Technology Council.
- NSTC. (2014). Report on implementing the federal cybersecurity research and development strategy. National Science and Technology Council.
- NSTC. (2015). Science of security lablets progress on hard problems. National Science and Technology Council.
- NSTC. (2016). Federal cybersecurity research and development strategic plan. National Science and Technology Council.
- Othmane, L. B., Ranchal, R., Fernando, R., Bhargava, B., & Bodden, E. (2015). Incorporating attacker capabilities in risk estimation and mitigation. Computers & Security, 51, 41–61. https://doi.org/10.1016/j.cose.2015.03.001
- Ou, X., Boyer, W. F., & McQueen, M. A. (2006, October 30 to November 03). A scalable approach to attack graph generation [Paper presentation]. The 13th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, USA.
- Ouedraogo, M., Savola, R. M., Mouratidis, H., Preston, D., Khadraoui, D., & Dubois, E. (2013). Taxonomy of quality metrics for assessing assurance of security correctness. Software Quality Journal, 21(1), 67–97. https://doi.org/10.1007/s11219-011-9169-0
- Pan, R., Ding, Z., Yu, Y., & Peng, Y. (2005, November 6–10). A Bayesian network approach to ontology mapping [Paper presentation]. The 4th International Semantic Web Conference (ISWC), Galway, Ireland.
- Pendleton, M., Garcia-Lebron, R., Cho, J.-H., & Xu, S. (2017). A survey on systems security metrics. ACM Computing Surveys, 49(4), 1–35. https://doi.org/10.1145/3005714
- Peng, Y., & Ding, Z. (2005, July 26–29). Modifying Bayesian networks by probability constraints [Paper presentation]. The 21st Conference on Uncertainty in Artificial Intelligence, Edinburgh, UK.
- Pritzker, P., & May, W. (2014). Assessing security and privacy controls in federal information systems and organizations. National Institute of Standards and Technology.
- Priya, K. S. S., & Kalpana, Y. (2016). A review on context modeling techniques in context aware computing. International Journal of Engineering and Technology, 8(1), 429–433.
- Rajasooriya, S. M., Tsokos, C. P., & Kaluarachchi, P. K. (2016). Stochastic modelling of vulnerability life cycle and security risk evaluation. Journal of Information Security, 7(4), 269–279. https://doi.org/10.4236/jis.2016.74022
- Ramos, A., Lazar, M., Filho, R. H., & Rodrigues, J. J. P. C. (2017). Model-based quantitative network security metrics: A survey. IEEE Journal Communications Surveys & Tutorials, 19, 4.
- Robinson, S., Arbez, G., Birta, L. G., Tolk, A., & Wagner, G. (2015, December 6–9). Conceptual modeling: Definition, purpose and benefits [Paper presentation]. The 2015 Simulation Conference, Huntington Beach, CA, USA.
- Rosa, F. F., Bonacin, R., & Jino, M. (2017). The security assessment domain: A survey of taxonomies and ontologies. Renato Archer Information Technology Center (CTI).
- Rosa, F. F., & Jino, M. (2017). A survey of security assessment ontologies. In J. Kacprzyk (Ed.), Advances in intelligent systems and computing (569th ed., pp. 166–173). Springer International Publishing.
- Sadighian, A., Fernandez, J. M., Lemay, A., & Zargar, S. T. (2013, October 21–22). ONTIDS: A flexible context-aware and ontology-based alert correlation framework [Paper presentation]. 6th International Symposium on Foundations and Practice of Security, La Rochelle, France.
- Saeedi, S. (2013). Context-aware personal navigation services using multilevel sensor fusion algorithms [Unpublished doctoral dissertation]. University of Calgary.
- Salini, P., & Kanmani, S. (2013). Ontology-based representation of reusable security requirements for developing secure web applications. International Journal of Internet Technology and Secured Transactions, 5(1), 63–83. https://doi.org/10.1504/IJITST.2013.058295
- Savola, R. (2007, August 23–25). Towards a security metrics taxonomy for the information and communication technology industry [Paper presentation]. International Conference on Software Engineering Advances (ICSEA 2007), Cap Esterel, France.
- Savola, R. M. (2009). A security metrics taxonomization model for software-intensive systems. Journal of Information Processing Systems, 5(4), 197–206. https://doi.org/10.3745/JIPS.2009.5.4.197
- Savola, R. M. (2012, August 15–17). Strategies for security measurement objective decomposition [Paper presentation]. Information Security for South Africa (ISSA), Johannesburg, South Africa.
- Schilit, B. N., Adams, N., & Want, R. (1994, December 8–9). Context-aware computing applications [Paper presentation]. First Workshop on Mobile Computing Systems and Applications (WMCSA), Santa Cruz, CA, USA.
- Sedaghatbaf, A., & Azgomi, M. A. (2014). Attack modelling and security evaluation based on stochastic activity networks. Security and Communication Networks, 7(4), 714–737. https://doi.org/10.1002/sec.774
- Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., & Raghimi, O. (2019). ENISA threat landscape report 2018. ENISA.
- Shariati, M., Bahmani, F., & Shams, F. (2011). Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Computer Science, 3, 537–543. https://doi.org/10.1016/j.procs.2010.12.089
- Sherwood, J., Clark, A., & Lynas, D. (2009). Enterprise security architecture. SABSA Limited.
- Singhal, A., & Wijesekera, D. (2010, April 21–23). Ontologies for modeling enterprise level security metrics [Paper presentation]. The Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW’10), Oak Ridge, TN, USA.
- Souag, A., Salinesi, C., Mazo, R., & Comyn-Wattiau, I. (2015, March 4–6). A security ontology for security requirements elicitation [Paper presentation]. 7th International Symposium on Engineering Secure Software and Systems, Milan, Italy.
- Souag, A., Salinesi, C., & Wattiau, I. (2012, June 25–29). Ontologies for security requirements: A literature survey and classification [Paper presentation]. International Conference on Advanced Information Systems Engineering (CAiSE), Gdańsk, Poland.
- Strang, T., & Linnhoff-Popien, C. (2004, September 7). A context modeling survey [Paper presentation]. International Workshop on Advanced Context Modelling, Reasoning and Management, UbiComp 2004, Nottingham, England.
- Sun, J., & Chen, Y. (2008, November 20). Intelligent enterprise information security architecture based on service oriented architecture [Paper presentation]. International Seminar on Future Information Technology and Management Engineering, Leicestershire, UK.
- Sun, X., Dai, J., Liu, P., Singhal, A., & Yen, J. (2018). Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Transactions on Information Forensics and Security, 13(10), 2506–2521. https://doi.org/10.1109/TIFS.2018.2821095
- Topcu, F. (2011). Context modeling and reasoning techniques. Department of Telecommunication Systems, Technical University of Berlin.
- Tran, H., Campos-Nanez, E., Fomin, P., & Wasek, J. (2016). Cyber resilience recovery model to combat zero-day malware attacks. Computers & Security, 61, 19–31. https://doi.org/10.1016/j.cose.2016.05.001
- Tripathi, A., & Singh, U. K. (2013). A model for quantitative security measurement and prioritization of vulnerability mitigation. International Journal of Security and Networks, 8(3), 139–153. https://doi.org/10.1504/IJSN.2013.057696
- Tsoumas, B., & Gritzalis, D. (2006, April 18–20). Towards an ontology-based security management [Paper presentation]. 20th International Conference on Advanced Information Networking and Applications, Vienna, Austria.
- Wamala, F. (2011). National cybersecurity strategy guide. ITU.
- Weiss, J. D. (1991, October 1–4). A system security engineering process [Paper presentation]. 14th National Computer Security Conference, Washington, DC.
- Wita, R., Jiamnapanon, N., & Teng-Amnuay, Y. (2010, April 2–4). An ontology for vulnerability lifecycle [Paper presentation]. Third International Symposium on Intelligent IT and Security Informatics, Jinggangshan, China.
- Wrona, K., & Gomez, L. (2006). Context-aware security and secure context-awareness in ubiquitous computing environments. Annales Universitatis Mariae Curie-Sklodowska, Sectio AI–Informatica, 4(1), 332–348.
- Xie, A., Cai, Z., Tand, C., Hu, J., & Chen, Z. (2009, December 7–11). Evaluating network security with two-layer attack graphs [Paper presentation]. The 25th Annual Computer Security Applications Conference (ACSAC), Honolulu, HI, USA.
- Xiong, W., & Lagerström, R. (2019). Threat modeling-A systematic literature review. Computers & Security Journal, 84, 53–69. https://doi.org/10.1016/j.cose.2019.03.010
- Yang, Y., Cai, Z., Wang, C., & Zhang, J. (2018). Probabilistically inferring attack ramifications using temporal dependency network. IEEE Transactions on Information Forensics and Security, 13(11), 2913–2928. https://doi.org/10.1109/TIFS.2018.2833048
- Yang, L., Hu, Z., Long, J., & Guo, T. (2011, October 24–26). 5W1H-based conceptual modeling framework for domain ontology and its application on STPO [Paper presentation]. Seventh International Conference on Semantics, Knowledge and Grids, Beijing, China.
- Yngstrom, L. (2009). Controlled information security. Department of Computer and Systems Sciences, DSV, Stockholm University and the Royal Institute of Technology.
- Yoshioka, N., Washizaki, H., & Maruyama, K. (2008). A survey on security patterns. Progress in Informatics, 5(5), 35–47. https://doi.org/10.2201/NiiPi.2008.5.5
- Yusuf, S. E., Ge, M., Hong, J. B., Kim, H. K., Kim, P., & Kim, D. S. (2016, December 8–10). Security modelling and analysis of dynamic enterprise networks [Paper presentation]. IEEE International Conference on Computer and Information Technology (CIT), Nadi, Fiji.
- Zhang, S. (2014). Quantitative risk assessment under multi-context environments [Unpublished doctoral dissertation]. Kansas State University.