The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.. 2016.
Probabilistic reasoning with graphical security models. Information sciences. 342:111–131.. 2016.
Quantitative Verification and Synthesis of Attack-Defence Scenarios Conference. 29th IEEE Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal. :105–119.. 2016.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2016.
A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:138–153.. 2016.
A study on tangible participative enterprise modelling. ER 2016 Workshops AHA, MoBID, MORE-BI, MReBA, QMMQ, and WM2SP, Gifu, Japan, November 14-17, 2016, Proceedings, Gifu, Japan. 9975:139–148.. 2016.
Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.. 2016.
Towards Empirical Evaluation of Automated Risk Assessment Methods. 11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France.. 2016.
Towards Formal Analysis of Insider Threats for Auctions. Proceedings of the 2016 International Workshop on Managing Insider Security Threats, Vienna, Austria. :23–34.. 2016.
Uncovering dynamic fault trees. Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France. :299–310.. 2016.
Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece. 9963:19–33.. 2016.
Understanding How Components of Organisations Contribute to Attacks. 21st Nordic Conference, NordSec 2016, Oulu, Finland. 10014:54–66.. 2016.
Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden. 267:326–334.. 2016.
The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, Netherlands. 9635:163–185.. 2016.
Value-Driven Risk Analysis of Coordination Models. 9th IFIP WG 8.1. Working Conference, PoEM 2015, Proceedings, Skovde, Sweden. 267:102–116.. 2016.
Apate: Anti-Phishing Analysing and Triaging Environment (Poster). 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA.. 2015.
Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.. 2015.
Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.. 2015.
Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.. 2015.
Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.. 2015.
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees. Computer Science Review. 13-14:1–38.. 2015.