Adversarial risks in social experiments with new technologies. Experimentation beyond the laboratory: new perspectives on technology.. 2017.
The Attack Navigator (Invited). Graphical Models for Security - Revised Selected Papers. 9390:1–17.. 2016.
Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.. 2016.
Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications. 11th International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France.. 2016.
The Navigation Metaphor in Security Economics. IEEE Security & Privacy. 14:14–21.. 2016.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2016.
Understanding Bifurcation of Slow Versus Fast Cyber-Attackers. 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Greece. 9963:19–33.. 2016.
Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers. 9th International Workshop on Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance (DPM), Wroclaw, Poland. 8872:201–215.. 2015.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. 22:3–16.. 2015.
From Cybercrime to Cyborg Crime: Botnets as Hybrid Criminal Actor-Networks. British journal of Criminology. 55:1–18.. 2015.
"If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.. 2015.
The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.. 2015.
Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.. 2015.
Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace. Science and Engineering Ethics. N/A. 2015.
Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports. 4:1–28.. 2015.
Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.. 2015.
Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.. 2014.
Cyber Security as Social Experiment. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms, NSPW 2014, Victoria, BC, Canada. :15–24.. 2014.
Effectiveness of qualitative and quantitative security obligations. Journal of Information Security and Applications. to appear:1–14.. 2014.
Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.. 2014.
Proceedings First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014. EPTCS. 148. 2014.
Quantitative Penetration Testing with Item Response Theory. Journal of Information Assurance and Security. 9:118–127.. 2014.
Reconciling Malicious and Accidental Risk in Cyber Security. Journal of Internet Services and Information Security. 4:4–26.. 2014.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
Attack navigator vindt en verhelpt zwakke plekken. Bits en chips. 4. 2013.