{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T04:31:02Z","timestamp":1742358662489,"version":"3.40.1"},"reference-count":35,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2025,2,1]],"date-time":"2025-02-01T00:00:00Z","timestamp":1738368000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,2,1]],"date-time":"2025-02-01T00:00:00Z","timestamp":1738368000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,2,1]],"date-time":"2025-02-01T00:00:00Z","timestamp":1738368000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw. Serv. Manage."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1109\/tnsm.2024.3488011","type":"journal-article","created":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T17:52:06Z","timestamp":1730310726000},"page":"913-929","source":"Crossref","is-referenced-by-count":0,"title":["Security Control Grid for Optimized Cyber Defense Planning"],"prefix":"10.1109","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-0094-4669","authenticated-orcid":false,"given":"Ashutosh","family":"Dutta","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7665-8293","authenticated-orcid":false,"given":"Ehab","family":"Al-Shaer","sequence":"additional","affiliation":[{"name":"School of Computer Science Department, Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Ehsan","family":"Aghaei","sequence":"additional","affiliation":[{"name":"School of Computer Science Department, Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6168-5192","authenticated-orcid":false,"given":"Qi","family":"Duan","sequence":"additional","affiliation":[{"name":"School of Computer Science Department, Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Hasan","family":"Yasar","sequence":"additional","affiliation":[{"name":"Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA"}]}],"member":"263","reference":[{"volume-title":"CIS Controls Version 7","year":"2018","key":"ref1"},{"volume-title":"Framework for Improving Critical Infrastructure Security","year":"2024","key":"ref2"},{"volume-title":"Adversarial Tactics, Techniques & Common Knowledge","year":"2024","key":"ref3"},{"volume-title":"The Z3 Theorem Prover","year":"2024","key":"ref4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2012.04.001"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222250102"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.02.013"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2016.02.012"},{"key":"ref9","first-page":"1","article-title":"Developing optimal causal Cyber-defence agents via Cyber security simulation","volume-title":"Proc. 39th Int. Conf. Mach. Learn.","author":"Andrew"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3272670"},{"volume-title":"Cyber defense matrix","year":"2024","key":"ref11"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3314058.3317725"},{"volume-title":"CIS","year":"2024","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-25538-0_3"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-02135-0"},{"volume-title":"Common Vulnerabilities and Exposures (CVE)","year":"2017","key":"ref16"},{"issue":"1","key":"ref17","first-page":"161","article-title":"Theories of bounded rationality","volume":"1","author":"Simon","year":"1972","journal-title":"Decis. Org."},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-10575-8_11"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2019.8802745"},{"volume-title":"AllenNLP semantic role Labeling tool","year":"2023","key":"ref21"},{"volume-title":"Managing Information Security Risks: The OCTAVE Approach","year":"2002","author":"Alberts","key":"ref22"},{"issue":"5","key":"ref23","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1016\/j.ijinfomgt.2008.02.002","article-title":"An economic modelling approach to information security risk management","volume":"28","author":"Jerman-Bla\u017ei\u010d","year":"2008","journal-title":"Int. J. Inf. Manag."},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1111\/risa.12891"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3058403"},{"issue":"1","key":"ref26","first-page":"45","article-title":"Return on security investment (ROSI)\u2014A practical quantitative model","volume":"38","author":"Sonnenreich","year":"2006","journal-title":"J. Res. Pract. Inf. Technol."},{"key":"ref27","article-title":"Uncertainty in cyber security investments","author":"Fielder","year":"2017","journal-title":"arXiv:1712.05893"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2013.01.001"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2004.06.004"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315272"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3465758"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/HST56032.2022.10025459"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.3390\/a15090314"},{"key":"ref34","article-title":"Linking common vulnerabilities and exposures to the MITRE ATT&CK framework: A self-distillation approach","author":"Ampel","year":"2021","journal-title":"arXiv:2108.01696"},{"key":"ref35","article-title":"Linking threat tactics, techniques, and patterns with defensive weaknesses, vulnerabilities and affected platform configurations for cyber hunting","author":"Hemberg","year":"2020","journal-title":"arXiv:2010.00533"}],"container-title":["IEEE Transactions on Network and Service Management"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/4275028\/10927606\/10738436.pdf?arnumber=10738436","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,18]],"date-time":"2025-03-18T17:38:36Z","timestamp":1742319516000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10738436\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2]]},"references-count":35,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tnsm.2024.3488011","relation":{},"ISSN":["1932-4537","2373-7379"],"issn-type":[{"type":"electronic","value":"1932-4537"},{"type":"electronic","value":"2373-7379"}],"subject":[],"published":{"date-parts":[[2025,2]]}}}