Team

FH-Prof. Mag. Dr. Simon Tjoa

  • Head of Department
  • Academic Director Cyber Security and Resilience (MA)
  • Head of Research Institute
    Institute of IT Security Research
  • Department of Computer Science and Security
Location: B - Campus-Platz 1
M: +43/676/847 228 641

Study programmes

  • Cyber Security and Resilience (MA)
  • Digital Innovation and Research (MA)
  • Management and Digital Business (BA)
  • Digital Healthcare (MA)
  • IT Security (BA)
  • IT-Security Expert (acad.)
  • Information Security (MA)

Departments

  • Computer Science and Security
  • Media and Digital Technologies
  • Digital Business and Innovation

Publications

Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Cyber Resilience Fundamentals (Vol. 1). Springer.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Testing and Improving Cyber Resilience. In Cyber Resilience Fundamentals (pp. 105–124). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Building Cyber Resilience. In Cyber Resilience Fundamentals (pp. 61–79). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Cyber Resilience Fundamentals. In Cyber Resilience Fundamentals (pp. 13–21). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Resilient Operations. In Cyber Resilience Fundamentals (pp. 81–89). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Managing the Cyber Resilience Process. In Cyber Resilience Fundamentals (pp. 37–46). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Standards and Best Practices. In Cyber Resilience Fundamentals (pp. 23–35). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Reacting to Cyber Incidents. In Cyber Resilience Fundamentals (pp. 91–104). Springer International Publishing.
Tjoa, S., Gafic, M., & Kieseberg, P. (2024). Analyzing the Organization. In Cyber Resilience Fundamentals (pp. 47–59). Springer International Publishing.
Kieseberg, P., Tjoa, S., & Holzinger, A. (2024). Controllable Artificial Intelligence. ERCIM News, 136, 46–47.
König, L., Pirker, M., Geyer, H., Feldmann, M., Tjoa, S., & Kieseberg, P. (2023). DISA - A Blockchain-Based Distributed Information Security Audit. Information Integration and Web Intelligence, 27–34. https://doi.org/10.1007/978-3-031-48316-5_4
Kieseberg, P., Tjoa, S., & Holzinger, A. (2023). AI kontrolliert einsetzen – Trustworthy AI, Controllable AI und Beschaffung sicherer AI. USANCEN, 1, 15–17.
Kieseberg, P., Tjoa, S., & Holzinger, A. (2023). Procurement of Secure AI – A Practical Guide. ERCIM-News, 135, 36–37.
Tjoa, S., Temper, P. K. M., Temper, M., Zanol, J., Wagner, M., & Holzinger, A. (2022). AIRMan: An Artificial Intelligence (AI) Risk Management System. 2022 International Conference on Advanced Enterprise Information System (AEIS), 72–81. https://doi.org/10.1109/AEIS59450.2022.00017
Kieseberg, P., Buttinger, C., Kaltenbrunner, L., Temper, M., & Tjoa, S. (2022, July 18). Security considerations for the procurement and acquisition of Artificial Intelligence (AI) systems. 2022 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), Padua.
Thron, R., Dirnberger, H., Tjoa, S., & Quirchmayer, G. (2022). Requirements and Challenges for Digital Forensic Readiness in Industrial Automation and Control Systems. IEIM 2022: 2022 The 3rd International Conference on Industrial Engineering and Industrial Management, 232–238. https://doi.org/10.1145/3524338.3524374
Hense, J., Tjoa, S., & Kieseberg, P. (2022). Fighting Cybercrime through Education: Integration of an Educational Cyber Defence Centre into Cyber Security Curricula. ERCIM News, 129, 38–39. https://ercim-news.ercim.eu/images/stories/EN129/EN129-web.pdf
König, L., & Tjoa, S. (2022). A Design Thinking Approach on Information Security. AINA 2022: Advanced Information Networking and Applications, 503–515. https://doi.org/10.1007/978-3-030-99587-4_42
Lang-Muhr, C., Tjoa, S., Machherndl, S., & Haslinger, D. (2022). Business Continuity & Disaster Recovery A simulation game for holistic cyber security education. 2022 IEEE Global Engineering Education Conference (EDUCON), 1296–1302. https://doi.org/10.1109/EDUCON52537.2022.9766714
Kieseberg, P., & Tjoa, S. (2022). Guest Editorial: Special Issue on the ARES-Workshops 2021. JoWUA, 13(1), 1–3. https://doi.org/DOI:/10.22667/JOWUA.2022.03.31.001
Zanol, J., Buchelt, A., Tjoa, S., & Kieseberg, P. (2022, February 24). What is "AI"? Exploring the scope of the "Artificial Intelligence Act." Tagungsband IRIS 2022. IRIS Internationales Rechtsinformatik Symposium. https://jusletter-it.weblaw.ch/dam/publicationsystem_leges/iris2022/zanoal_et_al_what_is_ai.pdf
Thron, R., Dirnberger, H., Tjoa, S., & Quirchmayr, G. (2022). Requirements and Challenges for Digital Forensic Readiness in Industrial Automation and Control Systems. 2022 The 3rd International Conference on Industrial Engineering and Industrial Management, 232–238. https://doi.org/10.1145/3524338.3524374
Gafic, M., Tjoa, S., & Kieseberg, P. (2022). A Novel Approach Integrating Design Thinking Techniques in Cyber Exercise Development. Proceedings of the International Conference on Applied CyberSecurity (ACS) 2021, 103–113. https://doi.org/10.1007/978-3-030-95918-0_11
Gafic, M., Tjoa, S., Kieseberg, P., Hellwig, O., & Quirchmayer, G. (2022). Cyber Exercises in Computer Science Education. Proceedings of the 8th International Conference on Information Systems and Privacy (ICISSP), 404–411. https://doi.org/10.5220/0010845800003120
Lang-Muhr, C., Tjoa, S., Machherndl, S., & Haslinger, D. (2022). Business Continuity & Disaster Recovery A simulation game for holistic cyber security education. 2022 IEEE Global Engineering Education Conference (EDUCON), 1296–1302. https://doi.org/10.1109/EDUCON52537.2022.9766714
Kieseberg, P., Bechtel, T., & Tjoa, S. (2021, October 11). Evaluation of Password Replacement Schemes. Proceedings 2021 International Conference on Software Security and Assurance (ICSSA), IEEE. 2021 International Conference on Software Security and Assurance (ICSSA), IEEE, Penn State University Altoona, Pennsilvania, USA.
Kieseberg, P., Tjoa, S., & Geyer, H. (2021). Security Management and the Slow Adoption of Blockchains. ERCIM News, 125, 47–48.
Kieseberg, P., & Tjoa, S. (2021). Guest Editorial: Special Issue on the ARES-Workshops 2020. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 12(1), 1–2. https://doi.org/10/gn4zmk
Tjoa, S. (2021). Cyber-Security-Studium an der FH St. Pölten. Cyber-Security-Guide.
Eigner, O., Eresheim, S., Kieseberg, P., Klausner, L. D., Pirker, M., Priebe, T., Tjoa, S., Marulli, F., Mercaldo, F., & Priebe, T. (2021). Towards Resilient Artificial Intelligence: Survey and Research Issues. Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, 536–542. https://doi.org/10.1109/CSR51186.2021.9527986
König, L., Korobeinikova, Y., Kieseberg, P., & Tjoa, S. (2020). Comparing Blockchain Standards and Recommendations. Future Internet 2020, Future Internet 2020. https://doi.org/10.3390/fi12120222
Tjoa, S., Buttinger, C., Holzinger, K., & Kieseberg, P. (2020). Penetration Testing Artificial Intelligence. ERCIM News, 123, 36–37. https://phaidra.fhstp.ac.at/o:4338
König, L., Unger, S., Kieseberg, P., & Tjoa, S. (2020). The Risks of the Blockchain A Review on Current Vulnerabilities and Attacks. Journal of Internet Services and Information Security (JISIS), Volume: 10, Number: 3, Volume 10, 110–127. https://doi.org/10.22667/JISIS.2020.08.31.110
Luh, R., Temper, M., Tjoa, S., Schrittwieser, S., & Janicke, H. (2019). PenQuest: a gamified attacker/defender meta model for cyber security assessment and education. Journal of Computer Virology and Hacking Techniques. https://doi.org/10/gh378z
Tjoa, S. (2019, January 29). Nostradamus 4.0 – Die Wissenschaft hinter Vorhersagen. Security Day, FH St. Pölten.
Tjoa, S. (2018, February 20). Neuer Studiengang „Data Science and Business Analytics. Studiengangbeirat, Fachhochschule St. Pölten.
Geko, M., & Tjoa, S. (2018). An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security. CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018. CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018, Ljubljana, Slovenia. https://doi.org/10/gfxqw4
Tjoa, S. (2018). Data Science and Business Analytics - Staune was mit Daten alles möglich ist. BEST, Wien.
Luh, Robert, Temper, M., Tjoa, S., & Schrittwieser, S. (2018). APT RPG: Design of a Gamified Attacker/Defender Meta Model. International Workshop on FORmal Methods for Security Engineering. International Workshop on FORmal methods for Security Engineering.
Rieger, D., & Tjoa, S. (2018). A Readiness Model for Measuring the Maturity of Cyber Security Incident Management. International Conference on Intelligent Networking and Collaborative Systems (INCoS-2018).
Tjoa, S. (2018). Campus Talk "Data Science studieren" [Campus & City Radio 94.4]. https://soundcloud.com/fhstp/campus-talk-data-science-studieren-mit-simon-tjoa
Tjoa, S., & Temper, M. (2018, January 30). Data Science Innovations. Security Day, FH St. Pölten.
Tjoa, S. (2018). Big Challenges – Future cyber-security challenges and the role of software security and assurance in the era of IoT, industry 4.0 and big data. ICSSA Konferenz, Seoul, South Korea.
Ryoo, J., Kim, S., Cho, J., Kim, H., Tjoa, S., & Derobertis, C. (2017). IoE Security Threats and You. International Conference on Software Security and Assurance (ICSSA). ICSSA 2017. https://doi.org/10/gh374c
KAUSPADIENE, L., CENYS, A., GORANIN, N., TJOA, S., & RAMANAUSKAITE, S. (2017). High-Level Self-Sustaining Information Security Management Framework. Baltic J. Modern Computing, 5, 107–123. https://doi.org/10/gh372r
Tjoa, A. M., & Tjoa, S. (2016). The Role of ICT to Achieve the UN Sustainable Development Goals (SDG). ICT for Promoting Human Development and Protecting the Environment, 3–13. https://doi.org/10/gnt2t4
Temper, M., & Tjoa, S. (2016). The Applicability of Fuzzy Rough Classifier for Continuous Person Authentication. the 2016 International Conference on Software Security and Assurance (ICSSA). https://doi.org/10/gh3747
Wegerer, M., & Tjoa, S. (2016). Defeating the Database Adversary Using Deception – A MySQL Database Honeypot. 2016 International Conference on Software Security and Assurance (ICSSA). https://doi.org/10/gh3745
Temper, M., Tjoa, S., & Kaiser, M. (2015). Touch to Authenticate – Continuous Biometric Authentication on Mobile Devices. International Conference on Software Security and Assurance (ICSSA), Korea. https://doi.org/10/gnt2t9
Koinig, U., Tjoa, S., & Ryoo, J. (2015). Contrology - an ontology-based cloud assurance approach. IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). https://doi.org/10/gnt2vc
Tjoa, S., & Rybnicek, M. (2015). Modellierung und Simulation kritischer IKT Infrastrukturen und deren Abhängigkeiten. In Cyber Attack Information System - Erfahrungen und Erkenntnisse aus der IKT-Sicherheitsforschung. Vieweg+Teubner Verlag.
Tjoa, S., Kochberger, P., Malin, C., & Schmoll, A. (2015). An Open Source Code Analyzer and Reviewer (OSCAR) Framework. 2nd International Workshop on Software Assurance. https://doi.org/10/gh3733
Rybnicek, M., Tjoa, S., & Poisel, R. (2014). Simulation-based Cyber-Attack Assessment of Critical Infrastructures. Lecture Notes in Business Information Processing. 10th International Workshop on Enterprise & Organizational Modeling and Simulation (EOMAS 2014), Thessaloniki, Griechenland. https://doi.org/10/gnt2vb
Poisel, R., Rybnicek, M., & Tjoa, S. (2014). Taxonomy of Data Fragment Classification Technique. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 132, 67–85.
Ouedraogo, M., Kuo, C.-T., Tjoa, S., Preston, D., Dubois, E., Simoes, P., & Tiago, C. (2014). Keeping an Eye on Your Security Through Assurance Indicators. 12th International Conference on Security and Cryptography (SECRYPT). https://doi.org/10/gh375c
Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Automatisierte Akquise und Auswertung kinderpornographischer Inhalte. 7. Forschungsforum der Österreichischen Fachhochschulen.
Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Facebook Watchdog: A Research Agenda For Detecting Online Grooming and Bullying Activities. IEEE International Conference on Systems, Man, and Cybernetics (SMC). https://doi.org/10/gnt2tq
Schrattenholzer, M., Ruzicka, M., Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Wer spielt gewinnt. D-A-CH Security.
Poisel, R., Rybnicek, M., & Tjoa, S. (2013). Game-based Simulation of Distributed Denial of Service (DDoS) Attack and Defense Mechanisms of Critical Infrastructures. International Conference on Advanced Information Networking and Applications (AINA). https://doi.org/10/gnt2ts
Poisel, R., Rybnicek, M., Schildendorfer, B., & Tjoa, S. (2013). Classification and Recovery of Fragmented Multimedia Files using the File Carving Approach. International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 5(3).
Poisel, R., Malzer, E., & Tjoa, S. (2013). Evidence and Cloud Computing: The Virtual Machine Introspection Approach. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 4(1), 135–152.
Poisel, R., & Tjoa, S. (2012). Inhaltsbasierte Wiederherstellung multimedialer Dateien. 6. Forschungsforum Der Österreichischen Fachhochschulen - Tagungsband 1 Informationstechnologie Als Produktionsfaktor, 119–123.
Rybnicek, M., Poisel, R., Ruzicka, M., & Tjoa, S. (2012). A Generic Approach to Critical Infrastructures Modeling and Simulation. ASE International Conference on Cyber Security. https://doi.org/10/gnt2tt
Poisel, R., & Tjoa, S. (2012). Discussion on the Challenges and Opportunities of Cloud Forensics. In Multidisciplinary Research and Practice for Information Systems (Vol. 7465, pp. 593–608). Springer.
Poisel, R., & Tjoa, S. (2012). Discussion on the Challenges and Opportunities of Cloud Forensics. In Multidisciplinary Research and Practice for Information Systems (Vol. 7465, pp. 593–608). Springer.
Fischer, M., Rybnicek, M., & Tjoa, S. (2012). A Novel Palm Vein Recognition Approach Based on Enhanced Local Gabor Binary Patterns Histogram Sequence. 19th International Conference on Systems, Signals and Image Processing (IWSSIP"12), 429–432. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6208168
Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., & Quirchmayr, G. (2011). A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation. IEEE Transactions on Services Computing, 4(2), 153–166. https://doi.org/10/cg8knv
Tjoa, S., & Poisel, R. (2011). A reference architecture for a scalable digital forensics toolkit. 5. Forschungsforum Der Österreichischen Fachhochschulen.
Poisel, R., & Tjoa, S. (2011). Roadmap to Approaches for Carving of Fragmented Multimedia Files. Proceedings of The Fourth International Workshop on Digital Forensics (WSDF"11), 752–757.
Poisel, R., & Tjoa, S. (2011). Forensics Investigations of Multimedia Data: A Review of the State-of-the-Art. Proceedings of the 6th International Conference on IT Security Incident Management & IT Forensics, 48–61.
Poisel, R., Tjoa, S., & Tavolato, P. (2011). Advanced File Carving Approaches for Multimedia Files. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2(4), 40–57.
Jakoubi, S., Tjoa, S., Goluch, S., & Kitzler, G. (2010). A Formal Approach Towards Risk-Aware Service Level Analysis and Planning. International Conference on Availability, Reliability, and Security (ARES"10), 180–187.
Tjoa, S., Jakoubi, S., Goluch, S., & Kitzler, G. (2010). Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach. International Conference on Availability, Reliability, and Security (ARES"10), 268–274.
Jakoubi, S., Tjoa, S., Goluch, S., & Kitzler, G. (2010). Risk-Aware Business Process Management - Establishing the Link Between Business and Security. In Complex Intelligent Systems and Their Applications (Vol. 41, pp. 109–135). Springer-Verlag.
Jakoubi, S., Neubauer, T., & Tjoa, S. (2009). A roadmap to risk-aware business process management. IEEE Asia-Pacific Services Computing Conference (IEEE APSCC"09), 23–27.

Click here for the complete profile on www.fhstp.ac.at