Publications

Some of the downloadable files are authors' versions or pre-prints. See also the respective disclaimers.

2021

1. Goeke, L.; Pape, S. and Tsakirakis, G.: THREAT-ARREST serious games v2. Technical Report Deliverable 4.9, Threat-Arrest, 2021.
   
2. Schmitz, C.; Schmid, M.; Harborth, D. and Pape, S.: Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners' Assessment Capabilities. In Computers & Security, 108, 2021.
   
3. Pape, S. and Kipker, D-K.: Case Study: Checking a Serious Security-Awareness Game for its Legal Adequacy. In Datenschutz und Datensicherheit, 45 (5): 310-314, 2021.
   

2020

4. Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security. In Computers & Security, 90, 2020.
   
5. Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.: On the use of Information Security Management Systems by German Energy Providers. In Presented at the Fourteenth IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, 2020.
   
6. Miller, V. M.; Miller, M.; Rannenberg, K.; Niknia, A.; Arastouei, N.; Pape, S.; Skarmeta, A.; Ferreira, A.; Markatos, E.; Matyas, V.; Crabu, M.; Lopez, J.; Fernandez, C.; Pasic, A.; Omerovic, A.; Lafuente, A. L.; Angelini, M.; Hemetsberger, L.; Halunen, K.; Krenn, S.; Annicchino, P.; Kamm, L.; Goodman, D.; Goodman, R.; Surinx, D.; Preuveneers, D.; Sterlini, P.; Kadenko, N.; Douligeris, C. and Benzekri, A.: Clustering results and SU-ICT-03 project CONCERTATION conference year 1. Technical Report, CyberSec4Europe, 2020.
   
7. Halunen, K.; Cheminod, M.; Beckerle, M.; Durante, L.; Preuveneers, D.; Kompara, M.; Martinie, C.; Bernabe, J. B.; Garofalo, G.; Tesfay, W. B.; Pape, S.; Palanque, P.; Crispo, B. and Gupta, S.: Usable security & privacy methods and recommendations. Technical Report, CyberSec4Europe, 2020.
   
8. Crispo, B.; Gupta, S.; Halunen, K.; Kompara, M.; Preuveneers, D.; Palanque, P.; Beckerle, M.; Martinie, C.; Hita, A. and Pape, S.: Usability Requirements Validation. Technical Report, CyberSec4Europe, 2020.
   
9. Frati, F. and Braghin, C., ed.: The Stakeholders' Engagement & Online Channels Report. Technical Report, Threat-Arrest, 2020.
   
10. Sofia, S.; Konstantina, K.; Tsantekidis, M.; Pape, S.; Leftheriotis, G.; Chieti, A.; Oikonomou, F. and Bravos, G.: The THREAT-ARREST dissemination and exploitation report v.1 1. Technical Report Deliverable 8.5, Threat-Arrest, 2020.
    
11. Koshutanski, H.; Frati, F.; Hildebrandt, T.; Hatzivasilis, G.; Fysarakis, K.; Smyrlis, M.; Spanoudakis, G.; Blinder, O.; Goeke, L.; Pape, S.; Leftheriotis, G.; Tsakirakis, G.; Bravos, G. and Kunc, M.: Initial Prototype of Integrated THREAT-ARREST Platform. Technical Report, Threat-Arrest, 2020.
    
12. Koshutanski, H.; Frati, F.; Hildebrandt, T.; Hatzivasilis, G.; Fysarakis, K.; Smyrlis, M.; Spanoudaki, S.; Spanoudakis, G.; Blinder, O.; Goeke, L.; Quintanar, A.; Pape, S.; Tsakirakis, G. and Bravos, G.: Initial installation and usage guidelines for the THREAT-ARREST platform. Technical Report, Threat-Arrest, 2020.
    
13. Pape, S.; Paci, F.; Juerjens, J. and Massacci, F.: Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach. In Information, 11 (5), 2020.
    
14. Schmitz, C.; Sekulla, A. and Pape, S.: Asset-centric analysis and visualisation of attack trees. In Graphical Models for Security - 7th International Workshop, GraMSec@CSF 2020, Boston, MA, USA, Virtual Conference, June 22, 2020, Revised Selected Papers, pages 45-64, Springer, LNCS 12419, 2020.
    
15. Hazilov, V. and Pape, S.: Systematic Scenario Creation for Serious Security-Awareness Games. In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.
    
16. Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz. In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
    
17. Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
    
18. Canavese, D.; Lioy, A.; Pedone, I.; Regano, L.; Hatamian, M.; Löbner, S.; Pape, S.; Arastouei, N.; Skarmeta, A.; Hita, A. and Bernal, J.: Cybersecurity outlook 1. Technical Report, CyberSec4Europe, 2020.
    

2019

19. Hatamian, M.; Pape, S. and Rannenberg, K.: ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 165-179, 2019, Acceptance rate: 26 / 142 = 18.3%.
    
20. Schmid, M. and Pape, S.: A structured comparison of the corporate information security. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.
    
21. Hamm, P.; Harborth, D. and Pape, S.: A Systematic Analysis of User Evaluations in Security Research. In Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, August 26-29, 2019, ACM, 2019.
    
22. Schmid, M.; Akarkach, K. and Pape, S.: Comparison of different aggregated information security control maturities from AHP ranked companies (Extended abstract). In Preproceedings of IFIP Summer School on Privacy and Identity Management - Data for Better Living: AI and Privacy 2019 (IFIPSC2019), 2019.
    
23. Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks. In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
    
24. Pape, S. and Stankovic, J.: An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security. In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 287-306, Springer International Publishing, Cham, LNCS 11980, 2019.
    
25. Sekulla, A.; Schmitz, C.; Pape, S. and Pipek, V.: Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur. In Human Practice. Digital Ecologies. Our Future. 14. Internationale Tagung Wirtschaftsinformatik (WI 2019), February 24-27, 2019, Siegen, Germany, pages 1978, 2019.
    
26. Schmid, M. and Pape, S.: Aggregating Corporate Information Security Maturity Levels of Different Assets. In Privacy and Identity Management. Data for Better Living: AI and Privacy - 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19-23, 2019, Revised Selected Papers, pages 376-392, Springer Boston, IFIP Advances in Information and Communication Technology , 2019.
    
27. Koshutanski, H.; Tsantekidis, M.; Damiani, E.; Frati, F.; Cimato, S.; Riccobene, E.; Hatzivasilis, G.; Fysarakis, K.; Spanoudakis, G.; Blinder, O.; Vinov, M.; Hildebrandt, T.; Wortmann, D.; Rompoti, V.; Bravos, G.; Chatzigiannakis, V.; Beckers, K.; Pape, S.; Kunc, M. and Bašta, P.: THREAT-ARREST platform's initial reference architecture. Technical Report Deliverable 1.3, Threat-Arrest, 2019.
    
28. Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1. Technical Report Deliverable 4.2, Threat-Arrest, 2019.
    

2018

29. Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game. In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
    
30. Dax, J.; Hamburg, D.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE). In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 29, Universität der Bundeswehr, Neubiberg, 2018.
    
31. Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 69-74, Universität der Bundeswehr, Neubiberg, 2018.
    
32. Dax, J.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Das SIDATE-Portal im Einsatz. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 145-150, Universität der Bundeswehr, Neubiberg, 2018.
    
33. Hamburg, D.; Niephaus, T.; Noll, W.; Pape, S.; Rannenberg, K. and Schmitz, C.: SIDATE: Gefährdungen und Sicherheitsmassnahmen. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 51, Universität der Bundeswehr, Neubiberg, 2018.
    
34. Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings. In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
    
35. Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Stand zur IT-Sicherheit deutscher Stromnetzbetreiber : technischer Bericht. Technical Report, Universität Siegen, 2018.
    
36. Pape, S. and Rannenberg, K.: Cyber-Gefahren auf dem Radar. In ManagementKompass: Unternehmen schützen -- Risiken minimieren, November (03): pages 9-12, 2018.
    
37. Schmitz, C.; Sekula, A.; Pape, S.; Pipek, V. and Rannenberg, K.: Easing the Burden of Security Self-Assessments. In 12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ,Dundee, Scotland, August 29-31, 2018, Proceedings., 2018.
    

2017

38. Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment. In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
    
39. Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.: A Structured Comparison of Social Engineering Intelligence Gathering Tools. In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
    
40. Dax, J.; Ivan, A.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: IT Security Status of German Energy Providers. Technical Report, Cornell University, arXiv, 2017.
    
41. Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand zur IT-Sicherheit deutscher Stromnetzbetreiber : technischer Bericht. Technical Report, Universität Siegen, 2017.
    
42. Pape, S.: Technische Bedingungen wirksamer Verschlüsselung. In Jahrbuch 2016, Deutsche Gesellschaft für Recht und Informatik, 2017, available via https://www.dgri.de/55/Publikationen/Schriftenreihe-der-DGRI.htm.
    
43. Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie. In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
    
44. Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies. In Information and Computer Security, 25 (2): 206-222, 2017.
    

2016

45. Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements. In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
    
46. Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering. In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
    
47. Dax, J.; Hamburg, D.; Kreusch, M.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Terhaag, F.: Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger. In Multikonferenz Wirtschaftsinformatik (MKWI) -- Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.
    
48. Dax, J.; Ley, B.; Pape, S.; Schmitz, C.; Pipek, V. and Rannenberg, K.: Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions. In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    
49. Schaab, P.; Beckers, K. and Pape, S.: A systematic Gap Analysis of Social Engineering Defence Mechanisms considering Social Psychology. In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
    

2014

50. Pape, S.: Authentication in Insecure Environments -- Using Visual Cryptography and Non-Transferable Credentials in Practise. Springer Vieweg, Research , 2014.
    

2013

51. Bleikertz, S.; Mastelic, T.; Pape, S.; Pieters, W. and Dimkov, T.: Defining the Cloud Battlefield -- Supporting Security Assessments by Cloud Customers. In Proceedings of IEEE International Conference on Cloud Engineering (IC2E), pages 78-87, 2013, Acceptance rate: 22 / 107 = 20.6%.
    
52. Pape, S.: The Challenge of Authentication in Insecure Environments.
    

2012

53. Ochoa, M.; Pape, S.; Ruhroth, T.; Sprick, B.; Stenzel, K. and Sudbrock, H.: Report on the RS3 Topic Workshop "Security Properties in Software Engineering". Technical Report, Universitätsbibliothek der Universität Augsburg, Universitätsstr. 22, 86159 Augsburg, 2012.