{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T05:55:01Z","timestamp":1725602101141},"reference-count":22,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T00:00:00Z","timestamp":1658880000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,7,27]],"date-time":"2022-07-27T00:00:00Z","timestamp":1658880000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,7,27]]},"DOI":"10.1109\/csr54599.2022.9850337","type":"proceedings-article","created":{"date-parts":[[2022,8,16]],"date-time":"2022-08-16T19:35:46Z","timestamp":1660678546000},"page":"287-292","source":"Crossref","is-referenced-by-count":0,"title":["Using Potential Effects on Threat Events (PETE) to Assess Mitigation Effectiveness and Return on Investment (ROI)"],"prefix":"10.1109","author":[{"given":"Deborah J.","family":"Bodeau","sequence":"first","affiliation":[{"name":"The MITRE Corporation,MITRE Labs,Bedford,MA,USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Richard","family":"Graubart","sequence":"additional","affiliation":[{"name":"The MITRE Corporation,MITRE Labs,Bedford,MA,USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rosalie","family":"McQuaid","sequence":"additional","affiliation":[{"name":"The MITRE Corporation,MITRE Labs,Bedford,MA,USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"journal-title":"Threat Modeling Designing for Security","year":"2014","author":"shostack","key":"ref10"},{"journal-title":"Adversarial Tactics Techniques & Common Knowledge","year":"2022","key":"ref11"},{"article-title":"Getting Started with ATT&CK","year":"2019","author":"pennington","key":"ref12"},{"journal-title":"Cyber Resiliency Approaches and Controls to Mitigate Adversary Tactics Techniques and Procedures (TTPs) Mapping Cyber Resiliency to the ATT&CK® Framework – Revision 2 MTR200286R2 PR 21-3123","year":"2021","author":"bodeau","key":"ref13"},{"year":"2020","key":"ref14","article-title":"NIST SP 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations"},{"year":"2016","key":"ref15","article-title":"NIST SP 800-160 Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (including updates as of 3-21-2018)"},{"year":"2019","key":"ref16","article-title":"NIST SP 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Security Engineering Approach"},{"key":"ref17","first-page":"62","article-title":"On the Sensitivity of Cyber Assessment Methodologies","author":"rowe","year":"2019","journal-title":"Resilience and Hybrid Threats Security and Integrity for the Digital World"},{"year":"2021","key":"ref18","article-title":"NIST SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171"},{"journal-title":"Cyber Survivability Attributes CSA Tool (8ABW-2019-2267)","year":"2019","author":"reilly","key":"ref19"},{"year":"2012","key":"ref4","article-title":"NIST SP 800-30 Rev.1, Guide for Conducting Risk Assessments"},{"article-title":"Threat Modeling: A Summary of Available Methods","year":"2018","author":"shevchenko","key":"ref3"},{"year":"2018","key":"ref6","article-title":"NSA\/CSS Technical Cyber Threat Framework V2"},{"year":"0","key":"ref5","article-title":"Cyber Threat Framework"},{"year":"2022","key":"ref8","article-title":"Threat-Based Risk Profiling Methodology, Version 2.0"},{"article-title":"DoDCAR \/ .govCAR (presentation)","year":"2018","author":"dinsmore","key":"ref7"},{"year":"2020","key":"ref2","article-title":"NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM)"},{"year":"2021","key":"ref1","article-title":"NIST SP 800-160 Vol. 2 Rev. 1, Developing Cyber Resilient Systems: A Systems Security Engineering Approach"},{"year":"2009","key":"ref9","article-title":"The STRIDE Threat Model"},{"year":"2022","key":"ref20","article-title":"MITRE ATT&CK Navigator"},{"year":"2018","key":"ref22","article-title":"Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1"},{"year":"2011","key":"ref21","article-title":"NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View"}],"event":{"name":"2022 IEEE International Conference on Cyber Security and Resilience (CSR)","start":{"date-parts":[[2022,7,27]]},"location":"Rhodes, Greece","end":{"date-parts":[[2022,7,29]]}},"container-title":["2022 IEEE International Conference on Cyber Security and Resilience (CSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9850275\/9850277\/09850337.pdf?arnumber=9850337","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,5]],"date-time":"2022-09-05T20:23:20Z","timestamp":1662409400000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9850337\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,27]]},"references-count":22,"URL":"https:\/\/doi.org\/10.1109\/csr54599.2022.9850337","relation":{},"subject":[],"published":{"date-parts":[[2022,7,27]]}}}