Security is of paramount importance in upgrading a power grid into a smart grid in which various wired and wireless communication links are used for control, monitoring and sensing applications. One of the key security concerns that has drawn much research attention is the so-called false data injection attack (FDIA) against state estimation. With the knowledge of the grid topology and by injecting proper false data into selected meters, an FDIA can pass bad data detection (BDD) and become stealth to the grid's Supervisory Control and Data Acquisition (SCADA) system. The Energy Management System (EMS) uses the state estimates evaluated by polluted measurements reported by tampered meters to perform grid configuration will result in incorrect, unreliable operations and may even lead to disastrous consequences. Such a counter-measures (CM) can be prevented if sufficient number of meters (links) are protected. Unfortunately, protection of a large number of meters can be very expensive and time-consuming. We therefore focus on the scenario in which the grid can only protect a selected set of measurements smaller than that required by a FDIA-free system. A scheme that maximizes the attacker's cost (i.e., the number of tampered meters required to form a stealth meter data vector) is desired. Such a design goal is equivalent to counter the counter-measure carried by an FDIA with a max-min approach. From the grid operator's viewpoint, however, its risk is inverse proportional to the cost of an attacker as the easier an attacker can launch an FDIA the higher the risk of a grid. Whence our method is also min-max, trying to minimize the risk of being attacked. Our solution involves the notion of security index (SI) of a meter which specifies the minimum number of tampered meters, other than the meter of concern, needed in generating a legitimate attack vector that corrupts a state estimation. The evaluation of a meter's SI is done by representing the grid by a grid and then find the so-called minimum cuts associated with the branch (meter) of interest. As the task of locating multiple measurements for protection is computational expensive, we adopt an incremental approach which tries to find, in each iteration, the single candidate meter for protection that costs the attacker least. Finding and protecting the most vulnerable meter (i.e., the one with the smallest SI) forces the attacker to tamper meters with higher SI in order to generate a legitimate false measurement thereby paying a higher cost. As oftentimes there are multiple meters with the same SI and a meter is involved with many minimum cuts of the equivalent grid graph that link other meters, we develop further criteria to select the protected (most vulnerable) meter. Our approach transforms an NP-hard problem of optimizing a successful FDIA into one that can be solved in polynomial-time for injection-free grids. We thus starts with injection-free grids and then extends to the full-measurement and other practical grids. We show that our injection-free solution gives a low-bound on the number of meters any FDIA has to tamper with. Computer simulations based on some IEEE standard grids are performed to examine the efficiencies of our approaches and verify the numerical advantages with respect to other known methods.