On thinging things and serving services: technological mediation and inseparable goods. Ethics and information technology. 15:195–208.. 2013.
Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports. 4:1–28.. 2015.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2016.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2015.
Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.. 2014.
Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.. 2014.
The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.. 2015.
The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.. 2016.
From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology. 55:1–18.. 2015.
Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.. 2014.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.. 2014.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.. 2015.
Attack navigator vindt en verhelpt zwakke plekken. Bits en chips. 4. 2013.
Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.. 2015.
Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece. 9963:19–33.. 2016.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.. 2015.
Quantitative penetration testing with item response theory. 9th International Conference on Information Assurance and Security, IAS 2013, Gammarth, Tunisia. :49–54.. 2013.
Obligations to enforce prohibitions: on the adequacy of security policies. SIN '13 - Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey. :54–61.. 2013.
Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. 11th International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France.. 2016.
"If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.. 2015.
Defining "The Weakest Link" Comparative Security in Complex Systems of Systems. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, CloudCom, Bristol, United Kingdom. :39–44.. 2013.