Cybersecurity strategies: The QuERIES methodology

The Quantitative Evaluation of Risk for Investment Efficient Strategies (QuERIES) methodology offers a novel computational approach to quantitative cybersecurity risk assessment. The authors based this approach on rigorous quantitative techniques drawn from computer science, game theory, control theory, and economics. Preliminary experiments have corroborated the QuERIES methodology, suggesting that it provides a broadly applicable alternative to red teaming (which involves attackers who have little or no knowledge of a systems' internal protection), black-hat analysis, and other decision-support methodologies previously tried in cybersecurity-related risk assessment.