Modelling Social-Technical Attacks with Timed Automata. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST), Denver, Colorado, US. :21–28.. 2015.
Experimenting with Incentives: Security in Pilots for Future Grids. IEEE Security & Privacy. 12:59–66.. 2014.
Deciding Bisimilarities on Distributions. 10th International Conference on Quantitative Evaluation of Systems (QEST), Buenos Aires, Argentina. 8054:72–88.. 2013.
The Quest for Minimal Quotients for Probabilistic Automata. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Rome, Italy. 7795:16–31.. 2013.
A tighter bound for the self-stabilization time in Herman's algorithm. Information processing letters. 113:486–488.. 2013.
Information Security Maturity as an Integral Part of ISMS based Risk Management Tools. SECURWARE 2016, The Tenth International Conference on Emerging Security Information, Systems and Technologies, Nice, France. :295–298.. 2016.
Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures. New Security Paradigms Workshop (NSPW), Colorado, USA.. 2016.
Using attack-defense trees to analyze threats and countermeasures in an ATM: A case study. 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM), Skövde, Sweden. 267:326–334.. 2016.
Modelling Attack-defense Trees Using Timed Automata. 14th International Conference on Formal Modeling and Analysis of Timed Systems, FORMATS 2016, Quebec, QC, Canada. 9884:35–50.. 2016.
Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees. Third International Workshop GraMSec 2016, Lisbon, Portugal. :80–93.. 2016.
Automating Defence Generation for Risk Assessment. 1st European Symposium on Security and Privacy, Saarbrücken, Germany. :Number6.. 2016.
Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. 13th International Conference on Quantitative Evaluation of Systems, QEST 2016, Quebec City, QC, Canada. 9826:159–162.. 2016.
How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems. Second International Workshop GraMSec 2015, Verona, Italy. 9390:55–65.. 2016.
Towards Empirical Evaluation of Automated Risk Assessment Methods. 11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France.. 2016.
Socio-Technical Security Metrics (Dagstuhl Seminar 14491). Dagstuhl Reports. 4:1–28.. 2015.
Understanding How Components of Organisations Contribute to Attacks. 21st Nordic Conference, NordSec 2016, Oulu, Finland. 10014:54–66.. 2016.
Modelling and analysis of Markov reward automata. Proceedings of the 12th International Symposium on Automated Technology for Verification and Analysis, ATVA 2014, Sydney, NSW, Australia. 8837:168–184.. 2014.
Critical visualization: a case for rethinking how we visualize risk and security. Journal of Cybersecurity. 1:93–108.. 2015.
Examining the Contribution of Critical Visualisation to Information Security. New Security Paradigm Workshop (NSPW), Twente, The Netherlands. :1–14.. 2015.
Logical Lego? Co-constructed perspectives on service design Proceedings of NordDesign 2014, Melbourne, Australia. :416–425.. 2014.
"If you were attacked, you'd be sorry": Counterfactuals as security arguments. New Security Paradigm Workshop (NSPW), Twente, Netherlands. :1–12.. 2015.
The Value of Attack-Defence Diagrams. Proceedings of the 5th International Conference on Principles of Security and Trust, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, Netherlands. 9635:163–185.. 2016.
Meer vrouwen in de ict, waarom eigenlijk? Bits en chips. 9:20–21.. 2014.