Afful-Dadzie, A.,Allen, T.T.,2015-07-212017-10-162015-07-212017-10-1620140022-4065http://197.255.68.203/handle/123456789/6492The frequencies of cyber attacks and known cyber vulnerabilities continue to increase and there is a need for models to focus limited administrator attention and build cases for additional resources. A related challenge is the scarcity of available data partly because of security concerns. In this paper, we propose a method based on Markov decision processes (MDP) for the generation and graphical evaluation of relevant maintenance policies for cases with limited data availability. The proposed method also provides an estimate of the cost benefit of collecting additional data. Both Bayesian and non-Bayesian formulations of the transition probabilities and cost models are considered. We apply the proposed method to a real-world cyber-vulnerability dataset and generate specific guidance and cost predictions. We also illustrate the relevance of the proposed method to general MDP modeling using a numerical example involving three levels of data scarcity.enCyber AttacksMarkov-Decision ProcessesModel-UncertaintyArticle