Attack navigator vindt en verhelpt zwakke plekken. Bits en chips. 4. 2013.
Defining the cloud battlefield - supporting security assessments by cloud customers. International Conference on Cloud Engineering (IC2E 2013), Redwood City, CA. :78–87.. 2013.
Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.. 2013.
Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.. 2013.
Quantitative penetration testing with item response theory. 9th International Conference on Information Assurance and Security, IAS 2013, Gammarth, Tunisia. :49–54.. 2013.
On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology. 15:195–208.. 2013.
Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.. 2014.
Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.. 2014.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.. 2014.
Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.. 2014.
Proceedings First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014. EPTCS. 148. 2014.
Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.. 2014.
Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.. 2014.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.. 2015.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.. 2015.
From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology. 55:1–18.. 2015.
"If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.. 2015.
The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.. 2015.
Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.. 2015.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2015.
Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports. 4:1–28.. 2015.
Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.. 2015.