References
- Achen, C. H., and D. Snidal. 1989. “Rational Deterrence Theory and Comparative Case Studies.” World Politics: A Quarterly Journal of International Relations 41(2): 143–169.
- Campbell, J., M. O'Hanlon, and J. Shapiro. 2009. “How to Measure the War.” Policy Review 157: 15.
- Cheng, Y., J. Deng, J. Li, S. A. DeLoach, A. Singhal, and X. Ou. 2014. “Metrics of Security.” In Cyber Defense and Situational Awareness, edited by A. Kott, C. Wang, and R. Erbacher, 263–295. Cham: Springer.
- Cheng, P., L. Wang, S. Jajodia, and A. Singhal. 2012. Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics. IEEE 31st Symposium on Reliable Distributed Systems, 31-40. doi:10.1109/SRDS.2012.4. https://ieeexplore.ieee.org/document/6424837.
- Clancy, J., and C. Crossett. 2007. “Measuring Effectiveness in Irregular Warfare.” The US Army War College Quarterly: Parameters 37 (2): 3.
- Dempsey, K., N. S. Chawla, A. Johnson, R. Johnson, A. C. Jones, A. Orebaugh, M. School, and K. Stine. 2011. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. Gaithersburg, MD: NIST Special Publication. 800-137. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf.
- Denning, D. E. 2015. “Assessing Cyber War.” In Assessing War: The Challenge of Measuring Success and Failure, edited by L. Blanken, H. Rothstein, and J. Lepore, 266–284. Washington, DC: Georgetown University Press.
- Esty, D. C., J. A. Goldstone, T. R. Gurr, B. Harff, M. Levy, G. D. Dabelko, P. T. Surko, and A. N. Unger. 1999. State Failure Task Force Report: Phase II Findings. Environmental Change & Security Project Report. Summer Issue Volume 5. https://www.wilsoncenter.org/sites/default/files/media/documents/event/Phase2.pdf.
- Flater, D. 2018. “Bad Security Metrics: The Problem and its SOLUTION.” IT Professional (IEEE, January 4. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=924554; https://www.nist.gov/publications/bad-security-metrics-problem-and-its-solution.
- Gueye, A., and P. Mell. 2021. “A Historical and Statistical Study of the Software Vulnerability Landscape.” The Seventh International Conference on Advances and Trends in Software Engineering. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929964; https://www.nist.gov/publications/historical-and-statistical-study-software-vulnerability-landscape.
- Healey, J., and N. Jenkins. 2019. “Rough-and-Ready: A Policy Framework to Determine if Cyber Deterrence is Working or Failing.” Paper presented to the 11th International Conference on Cyber Conflict: Silent Battle, Tallinn, May 28-31. https://ccdcoe.org/uploads/2019/06/Art_07_Rough-and-Ready.pdf.
- Hoffman, F. G., and G. A. Crowther. 2015. “Strategic Assessment and Adaptation: The Surges in Iraq and Afghanistan.” In Lessons Encountered: Learning From the Long War, edited by Richard D. Hooker, and Joseph J. Collins, 89–163. Washington, DC.
- Jansen, W. 2009. Directions in Security Metrics Research. NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, doi:10.6028/NIST.IR.7564; https://www.nist.gov/publications/directions-security-metrics-research.
- Jardine, E. 2017. “Sometimes Three Rights Really Do Make a Wrong: Measuring Cybersecurity and Simpson’s Paradox.” Paper presented to the 16th Annual Workshop on the Economics of Information Security, La Jolla, June 26-27. https://weis2017.econinfosec.org/wpcontent/uploads/sites/3/2017/07/WEIS_2017_paper_18.pdf.
- Jervis, R. 1970. The Logic of Images in International Relations. Princeton, NJ: Princeton University Press.
- Kuehn, J. T. 2010. “The General Board and Naval Arms Limitation: 1922–1937.” The Journal of Military History 74: 523–556.
- Lennon, E. 2003. “IT Security Metrics (ITL Bulletin).” National Institute of Standards and Technology, August 4. https://www.nist.gov/publications/it-security-metrics-itl-bulletin.
- Leverett, ÉP. 2011. “Quantitatively Assessing and Visualising Industrial System Attack Surfaces.” MPhil diss., University of Cambridge.
- Leverett, É, and A. Kaplan. 2017. “Towards Estimating the Untapped Potential: a Global Malicious DDoS Mean Capacity Estimate.” Journal of Cyber Policy 2 (2): 195–208. doi:10.1080/23738871.2017.1362020.
- Lynn-Jones, S. M. 1995. “Offense-Defense Theory and its Critics.” Security Studies 4 (4): 660–691.
- Mandiant, F. 2021. M-Trends 2021: Fireeye Mandiant Services Special Report.
- Maschmeyer, L., R. J. Deibert, and J. R. Lindsay. 2020. “A Tale of Two Cybers: How Threat Reporting by Cybersecurity Firms Systematically Underrepresents Threats to Civil Society.” Journal of Information Technology & Politics 18 (1): 1–20.
- Mell, P., and A. Gueye. 2020. A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types. COMPSAC. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929586.
- Montgomery, M., B. Jensen, E. D. Borghard, J. Costello, V. Cornfeld, C. Simpson, and B. Valeriano. 2020. Cyberspace Solarium Commission Report. Washington, DC: US Cyberspace Solarium Commission.
- Nakasone, P. M. 2019. “A Cyber Force For Persistent Operations.” Jt. Force Q 92: 10–14.
- Neugent, W., J. Gilligan, L. Hoffman, and Z. G. Ruthberg. 1985. Technology Assessment: Methods for Measuring the Level of Computer Security. Special Publication (NIST SP), National Institute of Standards and Technology. doi:10.6028/NBS.SP.500-; https://www.nist.gov/publications/technology-assessment-methods-measuring-level-computer-security.
- Nextgov. 2020. “Measuring What Matters: Enhancing Cybersecurity with Metrics.” YouTube, July 7. https://www.youtube.com/watch?v=qH54zA477JE&t=1015s.
- Quackenbush, S. L. 2017. “Empirical Analyses of Deterrence.” Oxford Research Encyclopedia of Politics.
- Ragin, C. C. 2014. The Comparative Method: Moving Beyond Qualitative and Quantitative Strategies. Berkeley, California: University of California Press.
- Ratnam, G. 2021. “SolarWinds Hack May Lead to Breach Notification Law and Stronger Cyber Agency.” Roll Call, March 2. https://rollcall.com/2021/03/02/solarwinds-hack-may-lead-to-breach-notification-law-and-stronger-cyber-agency/.
- Schroden, J. J. 2009. “Measures For Security in a Counterinsurgency.” Journal of Strategic Studies 32 (5): 715–744.
- Strom, B. E., A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas. 2018. Mitre Attack: Design and Philosophy. McLean, VA: Technical report.
- Thompson, N., and T. Jhang. 2021. “US Cybersecurity Has a Metrics Problem. Here’s How to Fix It.” Just Security, October 19. https://www.justsecurity.org/78667/us-cybersecurity-has-a-metrics-problem-heres-how-to-fix-it/.
- Valeriano, B., and R. C. Maness. 2014. “The Dynamics of Cyber Conflict Between Rival Antagonists, 2001–11.” Journal of Peace Research 51 (3): 347–360.
- Valeriano, B., and R. C. Maness. 2015. Cyber War Versus Cyber Realities: Cyber Conflict in the International System. Oxford: Oxford University Press.
- Valeriano, B., and R. C. Maness. 2018. “How We Stopped Worrying About Cyber Doom and Started Collecting Data.” Politics and Governance 6 (2): 49–60.
- Wang, L., T. Islam, T. Long, A. Singhal, and S. Jajodia. 2018. “An Attack Graph-Based Probabilistic Security Metric.” In: Data and Applications Security XXII edited by Atluri V, 283-296. Berlin: Springer. https://link.springer.com/chapter/10.1007/978-3-540-70567-3_22.
- Wang, L., S. Jajodia, A. Singhal, P. Cheng, and S. Noel. 2014. “K-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities.” IEEE Transactions on Dependable and Secure Computing 11 (1), https://doi.org/10.1109/TDSC.2013.24. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=914235.
- Woods, W. W., and R. Böhme. 2021. “Systematization of Knowledge: Quantifying Cyber Risk.” 2021 IEEE Symposium on Security and Privacy (SP): 211-228. doi:10.1109/SP40001.2021.00053.
- Zhang, M., L. Wang, S. Jajodia, A. Singhal, and M. Albanese. 2016. “Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero Day Attacks.” IEEE Transactions on Information Forensics and Security 11 (5), https://doi.org/10.1109/TIFS.2016.2516916. https://www.nist.gov/publications/network-diversity-security-metric-evaluating-resilience-networks-against-zero-day.