@inproceedings{gafic_novel_2022, title = {A {Novel} {Approach} {Integrating} {Design} {Thinking} {Techniques} in {Cyber} {Exercise} {Development}}, url = {https://link.springer.com/chapter/10.1007/978-3-030-95918-0_11}, doi = {10.1007/978-3-030-95918-0_11}, abstract = {The increasing cyber security compliance requirements (e.g. NIS directive or GDPR in the EU) and the growing dependence on ICT systems have made cyber resilience to a top priority around the globe. Especially during the pandemic, the demand for secure and constantly available systems increased as companies had to change the way they work using home office and remote working capabilities. For satisfying the compelling need for resilient systems, it is vital to ensure that systems work even under adverse events. A key element in this context are cyber exercises. However, planning and conducting an effective cyber exercise is a complex and challenging task. To support this endeavor, in this paper we introduce a novel approach, which integrates design thinking techniques in planning process to improve the exercise development and to tailor exercises to the specific requirements of the organisations. To gain first insights, we evaluated the approach with 50 part-time cyber security students.}, language = {Englisch}, booktitle = {Proceedings of the {International} {Conference} on {Applied} {CyberSecurity} ({ACS}) 2021}, publisher = {Springer Link}, author = {Gafic, Melisa and Tjoa, Simon and Kieseberg, Peter}, year = {2022}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Vortrag, Wiss. Beitrag, peer-reviewed}, pages = {103--113}, } @inproceedings{gafic_cyber_2022, title = {Cyber {Exercises} in {Computer} {Science} {Education}}, copyright = {CC BY-NC-ND}, isbn = {978-989-758-553-1}, url = {https://www.scitepress.org/Link.aspx?doi=10.5220/0010845800003120}, doi = {10.5220/0010845800003120}, abstract = {Due to the strong dependence of companies on their ICT and the high relevance of stable services to remain competitive in the global market, cyber security and resilience play an increasingly important role. However, information security is not only an important issue in the corporate context but also in the societal context. For this reason, nearly all computer science programs at higher education institutions (HEI) incorporate this topic. In this paper, we introduce a table-top cyber security exercise lecture format and the experiences gathered over the last years. The approach is currently used to teach computer science students as well as information security students at two higher education institutions in Austria. Additionally, we briefly highlight how the approach was adapted in order to satisfy the compelling need to teach the course remotely due to Corona restrictions}, language = {Englisch}, booktitle = {Proceedings of the 8th {International} {Conference} on {Information} {Systems} and {Privacy} ({ICISSP})}, publisher = {SCITEPRESS}, author = {Gafic, Melisa and Tjoa, Simon and Kieseberg, Peter and Hellwig, Otto and Quirchmayer, Gerald}, year = {2022}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Vortrag, Wiss. Beitrag, peer-reviewed}, pages = {404--411}, } @inproceedings{zanol_what_2022, title = {What is "{AI}"? {Exploring} the scope of the "{Artificial} {Intelligence} {Act}"}, copyright = {Copyright}, url = {https://jusletter-it.weblaw.ch/dam/publicationsystem_leges/iris2022/zanoal_et_al_what_is_ai.pdf}, booktitle = {Tagungsband {IRIS} 2022}, author = {Zanol, Jakob and Buchelt, Alexander and Tjoa, Simon and Kieseberg, Peter}, month = feb, year = {2022}, keywords = {FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Vortrag, peer-reviewed}, } @article{hense_fighting_2022, title = {Fighting {Cybercrime} through {Education}: {Integration} of an {Educational} {Cyber} {Defence} {Centre} into {Cyber} {Security} {Curricula}}, volume = {129}, copyright = {CC-BY}, url = {https://ercim-news.ercim.eu/images/stories/EN129/EN129-web.pdf}, language = {en}, journal = {ERCIM News}, author = {Hense, Jochen and Tjoa, Simon and Kieseberg, Peter}, month = jan, year = {2022}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {38--39}, } @article{kieseberg_guest_2022, title = {Guest {Editorial}: {Special} {Issue} on the {ARES}-{Workshops} 2021}, volume = {13}, url = {http://jowua.com/vol13no1.php}, doi = {DOI:/10.22667/JOWUA.2022.03.31.001}, number = {1}, journal = {JoWUA}, author = {Kieseberg, Peter and Tjoa, Simon}, month = mar, year = {2022}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, ⛔ No DOI found}, pages = {1--3}, } @article{kieseberg_guest_2021, title = {Guest {Editorial}: {Special} {Issue} on the {ARES}-{Workshops} 2020}, volume = {12}, url = {https://web.archive.org/web/20210605055311id_/http://isyou.info/jowua/papers/jowua-v12n1-1.pdf}, doi = {10/gn4zmk}, number = {1}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications}, author = {Kieseberg, Peter and Tjoa, Simon}, month = mar, year = {2021}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security}, pages = {1--2}, } @inproceedings{eigner_towards_2021, address = {Rhodes, Greece}, title = {Towards {Resilient} {Artificial} {Intelligence}: {Survey} and {Research} {Issues}}, url = {https://ieeexplore.ieee.org/document/9527986}, doi = {10.1109/CSR51186.2021.9527986}, booktitle = {Proceedings of the 2021 {IEEE} {International} {Conference} on {Cyber} {Security} and {Resilience}}, publisher = {IEEE}, author = {Eigner, Oliver and Eresheim, Sebastian and Kieseberg, Peter and Klausner, Lukas Daniel and Pirker, Martin and Priebe, Torsten and Tjoa, Simon and Marulli, Fiammetta and Mercaldo, Francesco and Priebe, Torsten}, year = {2021}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Data Intelligence, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, SP IT Sec System \& Application Security, Vortrag, Wiss. Beitrag, best, peer-reviewed}, pages = {536--542}, } @inproceedings{kieseberg_evaluation_2021, address = {Penn State University Altoona, Pennsilvania, USA}, title = {Evaluation of {Password} {Replacement} {Schemes}}, abstract = {The digital world has developed very rapidly over the past few decades. Laptops, smartphones and tablets have become objects of daily use and many users use dozens of services on these devices. But the login procedure for devices and services has not changed - especially for web applications. The combination of username and password has always been the most common method of logging in. The aim of this work is to explain why the password is still the most popular method of logging in users, despite the large number of alternatives and known weaknesses. For this purpose, different methods were evaluated in a fixed schema of 12 rating-criteria in the categories: usability, security and applicability for continuous authentication. No method was able to fulfil all criteria and it shows that higher security is mainly achievable in exchange for usability. Keywords-authentication, passwords, alternative authentication methods}, booktitle = {Proceedings 2021 {International} {Conference} on {Software} {Security} and {Assurance} ({ICSSA}), {IEEE}}, author = {Kieseberg, Peter and Bechtel, Thomas and Tjoa, Simon}, month = oct, year = {2021}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, Vortrag, Wiss. Beitrag, peer-reviewed}, } @article{kieseberg_security_2021, title = {Security {Management} and the {Slow} {Adoption} of {Blockchains}}, volume = {125}, journal = {ERCIM News}, author = {Kieseberg, Peter and Tjoa, Simon and Geyer, Herfried}, month = jun, year = {2021}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, peer-reviewed, ⛔ No DOI found}, pages = {47--48}, } @article{tjoa_cyber-security-studium_2021, title = {Cyber-{Security}-{Studium} an der {FH} {St}. {Pölten}}, journal = {Cyber-Security-Guide}, author = {Tjoa, Simon}, month = mar, year = {2021}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, ⛔ No DOI found}, } @article{tjoa_penetration_2020, title = {Penetration {Testing} {Artificial} {Intelligence}}, volume = {123}, url = {https://phaidra.fhstp.ac.at/o:4338}, journal = {ERCIM News}, author = {Tjoa, Simon and Buttinger, Christina and Holzinger, Katharina and Kieseberg, Peter}, month = jan, year = {2020}, keywords = {Center for Artificial Intelligence, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, ⛔ No DOI found}, pages = {36--37}, } @inproceedings{fischer_novel_2012, address = {Vienna, Austria}, title = {A {Novel} {Palm} {Vein} {Recognition} {Approach} {Based} on {Enhanced} {Local} {Gabor} {Binary} {Patterns} {Histogram} {Sequence}}, url = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6208168}, booktitle = {19th {International} {Conference} on {Systems}, {Signals} and {Image} {Processing} ({IWSSIP}'12)}, publisher = {IEEE}, author = {Fischer, Matthias and Rybnicek, Marlies and Tjoa, Simon}, year = {2012}, note = {Projekt: SmartphoneSec}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, pages = {429--432}, } @inproceedings{rieger_readiness_2018, title = {A {Readiness} {Model} for {Measuring} the {Maturity} of {Cyber} {Security} {Incident} {Management}}, publisher = {Springer}, author = {Rieger, David and Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{luh_robert_apt_2018, title = {{APT} {RPG}: {Design} of a {Gamified} {Attacker}/{Defender} {Meta} {Model}}, booktitle = {International {Workshop} on {FORmal} methods for {Security} {Engineering}}, author = {{Luh, Robert} and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @article{tjoa_formal_2011, title = {A {Formal} {Approach} {Enabling} {Risk}-aware {Business} {Process} {Modeling} and {Simulation}}, volume = {4}, doi = {10/cg8knv}, language = {Englisch}, number = {2}, journal = {IEEE Transactions on Services Computing}, author = {Tjoa, Simon and Jakoubi, Stefan and Goluch, Gernot and Kitzler, Gerhard and Goluch, Sigrun and Quirchmayr, Gerald}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {153--166}, } @inproceedings{rybnicek_simulation-based_2014, address = {Thessaloniki, Griechenland}, title = {Simulation-based {Cyber}-{Attack} {Assessment} of {Critical} {Infrastructures}}, doi = {10/gnt2vb}, booktitle = {Lecture {Notes} in {Business} {Information} {Processing}}, publisher = {Springer}, author = {Rybnicek, Marlies and Tjoa, Simon and Poisel, Rainer}, year = {2014}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @inproceedings{koinig_contrology_2015, address = {Larcana, Cyprus}, title = {Contrology - an ontology-based cloud assurance approach}, doi = {10/gnt2vc}, booktitle = {{IEEE} {International} {Conference} on {Enabling} {Technologies}: {Infrastructure} for {Collaborative} {Enterprises} ({WETICE})}, publisher = {IEEE}, author = {Koinig, Ulrich and Tjoa, Simon and Ryoo, Jungwoo}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{temper_touch_2015, address = {Korea}, title = {Touch to {Authenticate} – {Continuous} {Biometric} {Authentication} on {Mobile} {Devices}}, doi = {10/gnt2t9}, publisher = {IEEE Computer Society}, author = {Temper, Marlies and Tjoa, Simon and Kaiser, Manfred}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed}, } @inproceedings{tjoa_role_2016, title = {The {Role} of {ICT} to {Achieve} the {UN} {Sustainable} {Development} {Goals} ({SDG})}, url = {http://link.springer.com/chapter/10.1007/978-3-319-44447-5_1/fulltext.html}, doi = {10/gnt2t4}, booktitle = {{ICT} for {Promoting} {Human} {Development} and {Protecting} the {Environment}}, publisher = {Springer}, author = {Tjoa, A Min and Tjoa, Simon}, year = {2016}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {3--13}, } @inproceedings{tjoa_reference_2011, address = {Wien, Austria}, title = {A reference architecture for a scalable digital forensics toolkit}, booktitle = {5. {Forschungsforum} der Österreichischen {Fachhochschulen}}, publisher = {FH Campus Wien}, author = {Tjoa, Simon and Poisel, Rainer}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, ⛔ No DOI found}, } @inproceedings{poisel_roadmap_2011, address = {Wien, Austria}, title = {Roadmap to {Approaches} for {Carving} of {Fragmented} {Multimedia} {Files}}, language = {Deutsch}, booktitle = {Proceedings of {The} {Fourth} {International} {Workshop} on {Digital} {Forensics} ({WSDF}’11)}, publisher = {IEEE}, author = {Poisel, Rainer and Tjoa, Simon}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, ⛔ No DOI found}, pages = {752--757}, } @inproceedings{poisel_forensics_2011, address = {Stuttgart, Germany}, title = {Forensics {Investigations} of {Multimedia} {Data}: {A} {Review} of the {State}-of-the-{Art}}, language = {Englisch}, booktitle = {Proceedings of the 6th {International} {Conference} on {IT} {Security} {Incident} {Management} \& {IT} {Forensics}}, publisher = {IEEE Computer Society}, author = {Poisel, Rainer and Tjoa, Simon}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, ⛔ No DOI found}, pages = {48--61}, } @inproceedings{rybnicek_automatisierte_2013, address = {Dornbirn, Austria}, title = {Automatisierte {Akquise} und {Auswertung} kinderpornographischer {Inhalte}}, language = {Deutsch}, booktitle = {7. {Forschungsforum} der Österreichischen {Fachhochschulen}}, author = {Rybnicek, Marlies and Poisel, Rainer and Tjoa, Simon}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed, ⛔ No DOI found}, } @inproceedings{rybnicek_facebook_2013, address = {Manchester, England}, title = {Facebook {Watchdog}: {A} {Research} {Agenda} {For} {Detecting} {Online} {Grooming} and {Bullying} {Activities}}, doi = {10/gnt2tq}, language = {Englisch}, booktitle = {{IEEE} {International} {Conference} on {Systems}, {Man}, and {Cybernetics} ({SMC})}, publisher = {IEEE}, author = {Rybnicek, Marlies and Poisel, Rainer and Tjoa, Simon}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed}, } @inproceedings{rybnicek_generic_2012, address = {Washington, DC}, title = {A {Generic} {Approach} to {Critical} {Infrastructures} {Modeling} and {Simulation}}, doi = {10/gnt2tt}, booktitle = {{ASE} {International} {Conference} on {Cyber} {Security}}, publisher = {IEEE}, author = {Rybnicek, Marlies and Poisel, Rainer and Ruzicka, Manfred and Tjoa, Simon}, year = {2012}, keywords = {2012\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{schrattenholzer_wer_2013, address = {Nürnberg, Deutschland}, title = {Wer spielt gewinnt}, language = {Deutsch}, booktitle = {D-{A}-{CH} {Security}}, author = {Schrattenholzer, Matthias and Ruzicka, Manfred and Rybnicek, Marlies and Poisel, Rainer and Tjoa, Simon}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed, ⛔ No DOI found}, } @inproceedings{poisel_game-based_2013, address = {Barcelona, Spain}, title = {Game-based {Simulation} of {Distributed} {Denial} of {Service} ({DDoS}) {Attack} and {Defense} {Mechanisms} of {Critical} {Infrastructures}}, doi = {10/gnt2ts}, booktitle = {International {Conference} on {Advanced} {Information} {Networking} and {Applications} ({AINA})}, publisher = {IEEE}, author = {Poisel, Rainer and Rybnicek, Marlies and Tjoa, Simon}, year = {2013}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @article{poisel_advanced_2011, title = {Advanced {File} {Carving} {Approaches} for {Multimedia} {Files}}, volume = {2}, number = {4}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)}, author = {Poisel, Rainer and Tjoa, Simon and Tavolato, Paul}, year = {2011}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, ⛔ No DOI found}, pages = {40--57}, } @inproceedings{poisel_taxonomy_2014, address = {Moscow, Russia}, title = {Taxonomy of {Data} {Fragment} {Classification} {Technique}}, volume = {132}, booktitle = {Lecture {Notes} of the {Institute} for {Computer} {Sciences}, {Social} {Informatics} and {Telecommunications} {Engineering}}, publisher = {Springer}, author = {Poisel, Rainer and Rybnicek, Marlies and Tjoa, Simon}, year = {2014}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed, ⛔ No DOI found}, pages = {67--85}, } @article{poisel_evidence_2013, title = {Evidence and {Cloud} {Computing}: {The} {Virtual} {Machine} {Introspection} {Approach}}, volume = {4}, number = {1}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)}, author = {Poisel, Rainer and Malzer, Erich and Tjoa, Simon}, year = {2013}, keywords = {2013\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed, ⛔ No DOI found}, pages = {135--152}, } @article{poisel_classification_2013, title = {Classification and {Recovery} of {Fragmented} {Multimedia} {Files} using the {File} {Carving} {Approach}}, volume = {5}, number = {3}, journal = {International Journal of Mobile Computing and Multimedia Communications (IJMCMC)}, author = {Poisel, Rainer and Rybnicek, Marlies and Schildendorfer, Bernhard and Tjoa, Simon}, year = {2013}, keywords = {2013\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed, ⛔ No DOI found}, } @article{luh_penquest_2019, title = {{PenQuest}: a gamified attacker/defender meta model for cyber security assessment and education}, issn = {2263-8733}, url = {https://doi.org/10.1007/s11416-019-00342-x}, doi = {10/gh378z}, abstract = {Attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. At the same time, the complex interplay of attack techniques and possible countermeasures makes it difficult to appropriately plan, implement, and evaluate an organization’s defense. More often than not, the worlds of technical threats and organizational controls remain disjunct. In this article, we introduce PenQuest, a meta model designed to present a complete view on information system attacks and their mitigation while providing a tool for both semantic data enrichment and security education. PenQuest simulates time-enabled attacker/defender behavior as part of a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP 800-53. Attack patterns, vulnerabilities, and mitigating controls are mapped to counterpart strategies and concrete actions through practical, data-centric mechanisms. The gamified model considers and defines a wide range of actors, assets, and actions, thereby enabling the assessment of cyber risks while giving technical experts the opportunity to explore specific attack scenarios in the context of an abstracted IT infrastructure. We implemented PenQuest as a physical serious game prototype and successfully tested it in a higher education environment. Additional expert interviews helped evaluate the model’s applicability to information security scenarios.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian and Janicke, Helge}, month = nov, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Paper, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{geko_ontology_2018, address = {Ljubljana, Slovenia}, title = {An {Ontology} {Capturing} the {Interdependence} of the {General} {Data} {Protection} {Regulation} ({GDPR}) and {Information} {Security}}, doi = {10/gfxqw4}, booktitle = {{CECC} 2018: {Proceedings} of the {Central} {European} {Cybersecurity} {Conference} 2018}, publisher = {ACM}, author = {Geko, Melisa and Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{temper_applicability_2016, title = {The {Applicability} of {Fuzzy} {Rough} {Classifier} for {Continuous} {Person} {Authentication}}, doi = {10/gh3747}, publisher = {IEEE}, author = {Temper, Marlies and Tjoa, Simon}, year = {2016}, note = {Projekt: SmartphoneSec}, keywords = {Department Technologie, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{ouedraogo_keeping_2014, title = {Keeping an {Eye} on {Your} {Security} {Through} {Assurance} {Indicators}}, doi = {10/gh375c}, language = {Englisch}, publisher = {Scitpress DigitalLibrary}, author = {Ouedraogo, Moussa and Kuo, Chien-Ting and Tjoa, Simon and Preston, David and Dubois, Eric and Simoes, Paulo and Tiago, Cruz}, year = {2014}, note = {Projekt: SmartphoneSec}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Präsentation, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{wegerer_defeating_2016, title = {Defeating the {Database} {Adversary} {Using} {Deception} – {A} {MySQL} {Database} {Honeypot}}, doi = {10/gh3745}, publisher = {IEEE}, author = {Wegerer, Mathias and Tjoa, Simon}, year = {2016}, note = {Projekt: TARGET}, keywords = {Department Technologie, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @inproceedings{ryoo_ioe_2017, title = {{IoE} {Security} {Threats} and {You}}, doi = {10/gh374c}, booktitle = {International {Conference} on {Software} {Security} and {Assurance} ({ICSSA})}, publisher = {IEEE}, author = {Ryoo, Jungwoo and Kim, Soyoung and Cho, Junsung and Kim, Hyoungshick and Tjoa, Simon and Derobertis, Christopher}, year = {2017}, } @inproceedings{tjoa_open_2015, address = {Toulouse, France}, title = {An {Open} {Source} {Code} {Analyzer} and {Reviewer} ({OSCAR}) {Framework}}, doi = {10/gh3733}, booktitle = {2nd {International} {Workshop} on {Software} {Assurance}}, publisher = {IEEE}, author = {Tjoa, Simon and Kochberger, Patrick and Malin, Christoph and Schmoll, Andreas}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, } @article{kauspadiene_high-level_2017, title = {High-{Level} {Self}-{Sustaining} {Information} {Security} {Management} {Framework}}, volume = {5}, doi = {10/gh372r}, journal = {Baltic J. Modern Computing}, author = {KAUSPADIENE, Laima and CENYS, Antanas and GORANIN, Nikolaj and TJOA, Simon and RAMANAUSKAITE, Simona}, year = {2017}, keywords = {Department Technologie, FH SP Cyber Security, Institut für IT Sicherheitsforschung, Publiktationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, peer-reviewed}, pages = {107--123}, } @misc{tjoa_nostradamus_2019, address = {FH St. Pölten}, title = {Nostradamus 4.0 – {Die} {Wissenschaft} hinter {Vorhersagen}}, author = {Tjoa, Simon}, month = jan, year = {2019}, keywords = {FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science}, } @misc{tjoa_data_2018, address = {Wien}, title = {Data {Science} and {Business} {Analytics} - {Staune} was mit {Daten} alles möglich ist}, author = {Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Vortrag, SP IT Sec Applied Security \& Data Science}, } @incollection{poisel_discussion_2012, series = {Lecture {Notes} in {Computer} {Science}}, title = {Discussion on the {Challenges} and {Opportunities} of {Cloud} {Forensics}}, volume = {7465}, booktitle = {Multidisciplinary {Research} and {Practice} for {Information} {Systems}}, publisher = {Springer}, author = {Poisel, Rainer and Tjoa, Simon}, year = {2012}, keywords = {FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security}, pages = {593--608}, } @incollection{poisel_discussion_2012-1, series = {Lecture {Notes} in {Computer} {Science}}, title = {Discussion on the {Challenges} and {Opportunities} of {Cloud} {Forensics}}, volume = {7465}, booktitle = {Multidisciplinary {Research} and {Practice} for {Information} {Systems}}, publisher = {Springer}, author = {Poisel, Rainer and Tjoa, Simon}, year = {2012}, keywords = {2012\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, pages = {593--608}, } @incollection{jakoubi_risk-aware_2010, series = {Springer {Optimization} and {Its} {Applications}}, title = {Risk-{Aware} {Business} {Process} {Management} - {Establishing} the {Link} {Between} {Business} and {Security}}, volume = {41}, language = {Englisch}, booktitle = {Complex {Intelligent} {Systems} and {Their} {Applications}}, publisher = {Springer-Verlag}, author = {Jakoubi, Stefan and Tjoa, Simon and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, pages = {109--135}, } @incollection{tjoa_modellierung_2015, series = {Xpert.press}, title = {Modellierung und {Simulation} kritischer {IKT} {Infrastrukturen} und deren {Abhängigkeiten}}, booktitle = {Cyber {Attack} {Information} {System} - {Erfahrungen} und {Erkenntnisse} aus der {IKT}-{Sicherheitsforschung}}, publisher = {Vieweg+Teubner Verlag}, author = {Tjoa, Simon and Rybnicek, Marlies}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy}, } @inproceedings{poisel_inhaltsbasierte_2012, address = {Graz, Österreich}, title = {Inhaltsbasierte {Wiederherstellung} multimedialer {Dateien}}, isbn = {3-902103-37-X}, booktitle = {6. {Forschungsforum} der Österreichischen {Fachhochschulen} - {Tagungsband} 1 {Informationstechnologie} als {Produktionsfaktor}}, publisher = {Eigenverlag FH Joanneum GmbH}, author = {Poisel, Rainer and Tjoa, Simon}, year = {2012}, keywords = {2012\_depT\_IT-Sec\_schrift, Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec System \& Application Security, peer-reviewed}, pages = {119--123}, } @misc{tjoa_neuer_2018, address = {Fachhochschule St. Pölten}, title = {Neuer {Studiengang} „{Data} {Science} and {Business} {Analytics}}, author = {Tjoa, Simon}, month = feb, year = {2018}, keywords = {FH SP Cyber Security, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec Applied Security \& Data Science, Vortrag}, } @misc{tjoa_data_2018-1, address = {FH St. Pölten}, title = {Data {Science} {Innovations}}, author = {Tjoa, Simon and Temper, Marlies}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, Vortrag}, } @misc{tjoa_campus_2018, title = {Campus {Talk} "{Data} {Science} studieren"}, url = {https://soundcloud.com/fhstp/campus-talk-data-science-studieren-mit-simon-tjoa}, author = {Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Interview, SP IT Sec Applied Security \& Data Science}, } @misc{tjoa_big_2018, address = {Seoul, South Korea}, title = {Big {Challenges} – {Future} cyber-security challenges and the role of software security and assurance in the era of {IoT}, industry 4.0 and big data}, abstract = {In our modern society, every company is dependent on correct and reliable operation of information systems. The wide application of software products in critical processes can result in serious risks when vulnerabilities are exploited. Software security and assurance are therefore vital to ensure certain level of security and confidence of written software artefacts. In his talk, Prof. Tjoa will highlight future challenges in cyber-security and how the relate to the conference themes software security and assurance.}, author = {Tjoa, Simon}, year = {2018}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Vortrag, SP IT Sec Applied Security \& Data Science, SP IT Sec Security Management \& Privacy, SP IT Sec System \& Application Security}, } @inproceedings{jakoubi_formal_2010, address = {Krakow, Poland}, title = {A {Formal} {Approach} {Towards} {Risk}-{Aware} {Service} {Level} {Analysis} and {Planning}}, language = {Englisch}, booktitle = {International {Conference} on {Availability}, {Reliability}, and {Security} ({ARES}'10)}, publisher = {IEEE Computer Society}, author = {Jakoubi, Stefan and Tjoa, Simon and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {180--187}, } @inproceedings{jakoubi_roadmap_2009, address = {Biopolis, Singapore}, title = {A roadmap to risk-aware business process management.}, booktitle = {{IEEE} {Asia}-{Pacific} {Services} {Computing} {Conference} ({IEEE} {APSCC}'09)}, publisher = {IEEE Computer Society}, author = {Jakoubi, Stefan and Neubauer, Thomas and Tjoa, Simon}, year = {2009}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, Studiengang Physiotherapie, ⛔ No DOI found}, pages = {23--27}, } @inproceedings{tjoa_planning_2010, address = {Krakow, Poland}, title = {Planning {Dynamic} {Activity} and {Resource} {Allocations} {Using} a {Risk}-{Aware} {Business} {Process} {Management} {Approach}}, booktitle = {International {Conference} on {Availability}, {Reliability}, and {Security} ({ARES}'10)}, publisher = {IEEE Computer Society}, author = {Tjoa, Simon and Jakoubi, Stefan and Goluch, Sigrun and Kitzler, Gerhard}, year = {2010}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Security Management \& Privacy, ⛔ No DOI found}, pages = {268--274}, }