Cost-effectiveness of Security Measures: A model-based Framework. Approaches and Processes for Managing the Economics of Information Systems. :139–156.. 2014.
Applying the Lost-Letter Technique to Assess IT Risk Behaviour. Proceedings of the 3rd Workshop on Socio-Technical Aspects in Security and Trust, New Orleans, USA. :2–9.. 2013.
Regression Nodes: Extending attack trees with data from social sciences. Workshop on Socio-Technical Aspects in Security and Trust (STAST), Verona, Italy.. 2015.
Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Singapore Cyber Security R&D Conference (SG-CRC), Singapore, Singapore. 1:1–6.. 2016.
TREsPASS: Plug-and-Play Attacker Profiles for Security Risk Analysis (Poster). 35th IEEE Symposium on Security and Privacy, San Jose, California.. 2014.
The TREsPASS project. ICTOpen2013, Eindhoven. :1–1.. 2013.
The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology. 11:97–115.. 2015.