Context-sensitive Information security Risk identification and evaluation techniques. 22nd IEEE International Requirements Engineering Conference (RE14), Karlskrona, Sweden. :485–488.. 2014.
Value-Driven Risk Analysis of Coordination Models. 9th IFIP WG 8.1. Working Conference, PoEM 2015, Proceedings, Skovde, Sweden. 267:102–116.. 2016.
Tangible Modelling to Elicit Domain Knowledge: An Experiment and Focus Group. 34th International Conference, ER 2015, Stockholm, Sweden. 9381:558–565.. 2015.
Argumentation-Based Security Requirements Elicitation: The Next Round. Proceedings of the 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden. :7–12.. 2014.
Automated Identification and Prioritization of Business Risks in e-service Networks. Proceedings of the 7th International Conference on Exploring Service Science, IESS 2016, Bucharest, Romania. 247:547–560.. 2016.
Using Value Models for Business Risk Analysis in e-Service Networks. 8th IFIP WG 8.1. Working Conference, PoEM 2015, Valencia, Spain. 235:239–253.. 2015.
ArgueSecure: Out-of-the-box Risk Assessment. Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Beijing, China.. 2016.
A study on tangible participative enterprise modelling. ER 2016 Workshops AHA, MoBID, MORE-BI, MReBA, QMMQ, and WM2SP, Gifu, Japan, November 14-17, 2016, Proceedings, Gifu, Japan. 9975:139–148.. 2016.
Attack Tree Generation by Policy Invalidation. 9th IFIP WG 11.2 International Conference on Information Security Theory and Practice, WISTP 2015, Heraklion, Crete, Greece. 9311:249–259.. 2015.
Externalizing Behaviour for Analysing System Models. Journal of Internet Services and Information Security. 3:52–62.. 2013.
Transforming Graphical System Models To Graphical Attack Models. The Second International Workshop on Graphical Models for Security (GraMSec 2015), Verona, Italy. :1–15.. 2015.
A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece. 9871:138–153.. 2016.
Automating Cyber Defence Responses Using Attack-Defence Trees and Game Theory. European Conference on Cyber Warfare and Security, ECCWS 2016, Munich, Germany. :163–172.. 2016.
Attack Trees with Sequential Conjunction. International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany.. 2015.
Enterprise Architecture-Based Risk and Security Modelling and Analysis. Third International Workshop, GraMSec 2016, Lisbon, Portugal. 9987:94–101.. 2016.
Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior. 66:75–87.. 2017.
Fault trees on a diet: automated reduction by graph rewriting. Formal Aspects of Computing. online pre-publication:1–53.. 2017.
Uncovering dynamic fault trees. Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2016), Toulouse, France. :299–310.. 2016.
Fault Trees on a Diet - Automated Reduction by Graph Rewriting. Proceedings of the First International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA 2015), Nanjing, China. 9409:3–18.. 2015.
Invalidating policies using structural information. IEEE Security and Privacy Workshops (SPW 2013), San Francisco, CA. :76–81.. 2013.
Modeling and Verification of Insider Threats Using Logical Analysis. IEEE Systems Journal.. 2016.