Publications
] .
2015. Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.
.
2016. A study on tangible participative enterprise modelling. ER 2016 Workshops AHA, MoBID, MORE-BI, MReBA, QMMQ, and WM2SP, Gifu, Japan, November 14-17, 2016, Proceedings, Gifu, Japan. 9975:139–148.
.
2014. Context-sensitive Information security Risk identification and evaluation techniques. 22nd IEEE International Requirements Engineering Conference (RE14), Karlskrona, Sweden. :485–488.
.
2016. Value-Driven Risk Analysis of Coordination Models. 9th IFIP WG 8.1. Working Conference, PoEM 2015, Proceedings, Skovde, Sweden. 267:102–116.
.
2015. Tangible Modelling to Elicit Domain Knowledge: An Experiment and Focus Group. 34th International Conference, ER 2015, Stockholm, Sweden. 9381:558–565.
.
2014. Argumentation-Based Security Requirements Elicitation: The Next Round. Proceedings of the 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden. :7–12.
.
2016. Automated Identification and Prioritization of Business Risks in e-service Networks. Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, Bucharest, Romania. 247:547–560.
.
2015. Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.
.
2016. ArgueSecure: Out-of-the-box Risk Assessment. Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Beijing, China.
.
2014. Modelling telecom fraud with e3value.
.
2014. Meer vrouwen in de ict, waarom eigenlijk? Bits en chips. 9:20–21.
.
2016. The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, Netherlands. 9635:163–185.
.
2015. "If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.
.
2014. Logical Lego? Co-constructed perspectives on service design Proceedings of NordDesign 2014, Melbourne, Australia. :416–425.
.
2015. Examining the Contribution of Critical Visualisation to Information Security. New Security Paradigm Workshop (NSPW), Twente, The Netherlands. :1–14.
.
2015. Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.
.
2014. Modelling and analysis of Markov reward automata. Proceedings of the 12th International Symposium on Automated Technology for Verification and Analysis, ATVA 2014, Sydney, NSW, Australia. 8837:168–184.
.
2016. Understanding How Components of Organisations Contribute to Attacks. 21st Nordic Conference, NordSec 2016, Oulu, Finland. 10014:54–66.
.
2015. Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports. 4:1–28.
.
2016. Modelling Attack-defense Trees Using Timed Automata. 14th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2016, Quebec, QC, Canada. 9884:35–50.
.
2016. Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. Third International Workshop GraMSec 2016, Lisbon, Portugal. :80–93.
.
2016. Automating Defence Generation for Risk Assessment. 1st European Symposium on Security and Privacy, Saarbrücken, Germany. :Number6.
