{"id":2222,"date":"2026-04-19T12:57:07","date_gmt":"2026-04-19T16:57:07","guid":{"rendered":"https:\/\/carleton.ca\/cybersea\/?p=2222"},"modified":"2026-04-19T12:57:07","modified_gmt":"2026-04-19T16:57:07","slug":"new-publication-a-scalable-game-theoretic-approach-for-selecting-security-controls-from-standardized-catalogues","status":"publish","type":"post","link":"https:\/\/carleton.ca\/cybersea\/2026\/new-publication-a-scalable-game-theoretic-approach-for-selecting-security-controls-from-standardized-catalogues\/","title":{"rendered":"New Publication: A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        New Publication: A Scalable Game-Theoretic Approach for Selecting Security Controls from Standardized Catalogues\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n\n\n<p>Our latest article published in <a href=\"https:\/\/lmcs.episciences.org\">Logical Methods in Computer Science<\/a> is now available online.  In this paper, we present a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for selection are generated using an algebraic formalism to account for dependencies among selected controls. Using a software tool, we apply the approach on a fictional Canadian military system with Canada&#8217;s standardized control catalogue, ITSG-33. Through this case study, we demonstrate the approach&#8217;s scalability to assist in selecting an effective set of security controls for large systems. The results illustrate how a security analyst can use the proposed approach and supporting tool to guide and support decision-making in the control selection activity when developing secure systems of all sizes. See <a href=\"https:\/\/carleton.ca\/cybersea\/publications\/\">Publications<\/a> for more details!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our latest article published in Logical Methods in Computer Science is now available online. In this paper, we present a game-theoretic approach for selecting effective combinations of security controls based on expected attacker profiles and a set budget. The control selection problem is set up as a two-person zero-sum one-shot game. Valid control combinations for [&hellip;]<\/p>\n","protected":false},"author":496,"featured_media":431,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[41],"tags":[],"class_list":["post-2222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-publication"],"acf":{"cu_post_thumbnail":""},"_links":{"self":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/users\/496"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/comments?post=2222"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2222\/revisions"}],"predecessor-version":[{"id":2223,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/2222\/revisions\/2223"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media\/431"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media?parent=2222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/categories?post=2222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/tags?post=2222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}