2025
Realistic and balanced automated threat emulation.
Comput. Secur., 2025
2024
The unpredictability of phishing susceptibility: results from a repeated measures experiment.
J. Cybersecur., January, 2024
2023
Skade - A Challenge Management System for Cyber Threat Hunting.
Proceedings of the Computer Security. ESORICS 2023 International Workshops, 2023
Automatic incident response solutions: a review of proposed solutions' input and output.
Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023
Automation of Cybersecurity Work.
Proceedings of the Artificial Intelligence and Cybersecurity: Theory and Applications, 2023
2022
Variables influencing the effectiveness of signature-based network intrusion detection systems.
Inf. Secur. J. A Glob. Perspect., 2022
2020
International Workshop on Cyber Range Technologies and Applications (CACOE 2020).
Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2020
2019
The Theory of Planned Behavior and Information Security Policy Compliance.
J. Comput. Inf. Syst., 2019
A meta-analysis of field experiments on phishing susceptibility.
Proceedings of the 2019 APWG Symposium on Electronic Crime Research, 2019
2018
Work-related groups and information security policy compliance.
Inf. Comput. Secur., 2018
Development and evaluation of information elements for simplified cyber-incident reports.
Proceedings of the International Conference On Cyber Situational Awareness, 2018
2017
Alert verification through alert correlation - An empirical test of SnIPS.
Inf. Secur. J. A Glob. Perspect., 2017
So long, and thanks for only using readily available scripts.
Inf. Comput. Secur., 2017
Development and validation of technique to measure cyber situation awareness.
Proceedings of the 2017 International Conference On Cyber Situational Awareness, 2017
2016
An empirical test of the perceived relationship between risk and the constituents severity and probability.
Inf. Comput. Secur., 2016
SVED: Scanning, Vulnerabilities, Exploits and Detection.
Proceedings of the 2016 IEEE Military Communications Conference, 2016
2015
A test of intrusion alert filtering based on network information.
Secur. Commun. Networks, 2015
An empirical test of the accuracy of an attack graph analysis tool.
Inf. Comput. Secur., 2015
The sufficiency of the theory of planned behavior for explaining information security policy compliance.
Inf. Comput. Secur., 2015
A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour.
Int. J. Inf. Secur. Priv., 2015
Social Groupings and Information Security Obedience Within Organizations.
Proceedings of the ICT Systems Security and Privacy Protection, 2015
Requirements engineering: The quest for the dependent variable.
Proceedings of the 23rd IEEE International Requirements Engineering Conference, 2015
Perceived Information Security Risk as a Function of Probability and Severity.
Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance, 2015
Human factors related to the performance of intrusion detection operators.
Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance, 2015
2014
Variables influencing information security policy compliance: A systematic review of quantitative studies.
Inf. Manag. Comput. Secur., 2014
Indicators of expert judgement and their significance: an empirical investigation in the area of cyber security.
Expert Syst. J. Knowl. Eng., 2014
Overview of Enterprise Information Needs in Information Security Risk Assessment.
Proceedings of the 18th IEEE International Enterprise Distributed Object Computing Conference, 2014
2013
The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures.
IEEE Syst. J., 2013
Intrusion detection and the role of the system administrator.
Inf. Manag. Comput. Secur., 2013
A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance.
Proceedings of the Security and Privacy Protection in Information Processing Systems, 2013
Effort Estimates on Web Application Vulnerability Discovery.
Proceedings of the 46th Hawaii International Conference on System Sciences, 2013
2012
A framework and theory for cyber security assessments.
PhD thesis, 2012
Success Rate of Remote Code Execution Attacks - Expert Assessments and Observations.
J. Univers. Comput. Sci., 2012
Estimates of success rates of remote arbitrary code execution attacks.
Inf. Manag. Comput. Secur., 2012
Cyber Security Exercises and Competitions as a Platform for Cyber Security Experiments.
Proceedings of the Secure IT Systems - 17th Nordic Conference, 2012
Effort Estimates for Vulnerability Discovery Projects.
Proceedings of the 45th Hawaii International International Conference on Systems Science (HICSS-45 2012), 2012
2011
Security mistakes in information system deployment projects.
Inf. Manag. Comput. Secur., 2011
A quantitative evaluation of vulnerability scanning.
Inf. Manag. Comput. Secur., 2011
Estimates of Success Rates of Denial-of-Service Attacks.
Proceedings of the IEEE 10th International Conference on Trust, 2011
Expert Assessment on the Probability of Successful Remote Code Execution Attacks.
Proceedings of the WOSIS 2011, 2011
Enterprise Architecture Management's Impact on Information Technology Success.
Proceedings of the 44th Hawaii International International Conference on Systems Science (HICSS-44 2011), 2011
A Tool for Automatic Enterprise Architecture Modeling.
Proceedings of the CAiSE Forum 2011, London, UK, June 22-24, 2011, 2011
2010
Development of an effort estimation model - a case study on delivery projects at a leading IT provider within the electric utility industry.
Int. J. Serv. Technol. Manag., 2010
A probabilistic relational model for security risk analysis.
Comput. Secur., 2010
A Tool for Enterprise Architecture Analysis Using the PRM Formalism.
Proceedings of the Information Systems Evolution, 2010
2009
Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models.
Proceedings of the 42st Hawaii International International Conference on Systems Science (HICSS-42 2009), 2009
Decision support oriented Enterprise Architecture metamodel management using classification trees.
Proceedings of the Workshops Proceedings of the 12th IEEE International Enterprise Distributed Object Computing Conference, 2009
A Tool for Enterprise Architecture Analysis of Maintainability.
Proceedings of the 13th European Conference on Software Maintenance and Reengineering, 2009
A Pattern-based Approach to Quantitative Enterprise Architecture Analysis.
Proceedings of the 15th Americas Conference on Information Systems, 2009
2008
Web Service-Based Business Process Development, Threat Modeling and Security Assessment Tool.
Proceedings of the 2008 IEEE World Congress on Services, 2008
Emergency Response Framework for Aviation XML Services on MANET.
Proceedings of the 2008 IEEE International Conference on Web Services (ICWS 2008), 2008
Combining Defense Graphs and Enterprise Architecture Models for Security Analysis.
Proceedings of the 12th International IEEE Enterprise Distributed Object Computing Conference, 2008
2007
A Tool for Enterprise Architecture Analysis.
Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007), 2007