Prof. Steven M. Furnell BSc(Hons) PhD CEng FBCS CITP SMIEEE F.Inst.ISP PFHEA
Professor of Information Security
Brief biographical information
steven.furnell@plymouth.ac.uk
Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University (UK), an Adjunct Professor with Edith Cowan University (Western Australia) and an Honorary Professor with Nelson Mandela University (South Africa). His interests include mobile device security, cybercrime, user authentication, and security usability. Prof. Furnell is the author of over 320 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). He is also the editor-in-chief of Information & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium (www.haisa.org). Steve is active in a variety of professional bodies, and is a Fellow of the BCS, a Senior Member of the IEEE, and a Board Member of the Chartered Institute of Information Security. Steve has also produced a variety of security podcasts, available via www.cscan.org/podcasts.
Research interests
- Cyber Security / IT Security
- User authentication and biometrics
- Cyber crime and abuse
- Intrusion detection and response
- Security awareness and culture
- Human aspects and usable security
Education/qualifications
1997-1998 SEDA Accredited Teacher of Higher Education, University of Plymouth
1992-1995 Ph.D., "Data Security in European Healthcare Information Systems"
1988-1992 B.Sc. (Hons) Computing and Informatics (1)
Professional memberships
Fellow, British Computer Society
Chartered Engineer
Chartered Information Technology Professional
Chair, IFIP Technical Committee 11 (TC11) - Security and Privacy Protection in Information Processing Systems
Member, IFIP TC11 Working Group 11.1 on Information Security Management
Member, IFIP TC11 Working Group 11.8 on Information Security Education
Member, IFIP TC11 Working Group 11.12 on Human Aspects of Information Security and Assurance
Senior Member, Institute of Electrical and Electronic Engineers
Fellow and Board Member, Chartered Institute of Information Security
Principal Fellow, Higher Education Academy
External appointments
Adjunct Professor, Edith Cowan University, Perth, Western Australia (2007-present)
Honorary Professor, Nelson Mandela University, South Africa (2015-present)
Visiting Professor, University of Suffolk, UK (2019-present)
Journal papers
Information security collaboration formation in organisations | |
Towards Bayesian-based Trust Management for Insider Attacks in Healthcare Software-Defined Networks | |
Enhancing security behaviour by supporting the user | |
The ABC of ransomware protection | |
Security education and awareness: just let them burn? | |
A toolkit approach to information security awareness and education | |
A novel privacy preserving user identification approach for network traffic | |
Can't get the staff? The growing need for cyber-security skills | |
AndroDialysis: Analysis of Android Intent Effectiveness in Malware Detection | |
Evaluating the effect of guidance and feedback upon password compliance | |
Literature Studies on Security Warnings Development | |
Identifying Users by Network Traffic Metadata | |
Graphical One-Time Password (GOTPass): A usability evaluation | |
Leveraging Biometrics for Insider Misuse Identification | |
The usability of security - revisited | |
Assessing Staff Acceptance and Compliance with Information Security | |
A suspect-oriented intelligent and automated computer forensic analysis | |
Awareness of Mobile Device Security: A Survey of User's Attitudes | |
A Novel Taxonomy for Mobile Applications Data | |
A Fine-Grained Analysis of User Activity on Mobile Applications: The Sensitivity Level Perception | |
A Conceptual Model for Cultivating an Information Security Culture | |
Secure Graphical One Time Password (GOTPass): An Empirical Study | |
A forensic acquisition and analysis system for IaaS | |
Continuous and transparent multimodal authentication: reviewing the state of the art | |
Continuous user authentication using multi-modal biometrics | |
The Price of Patching | |
Factors for Measuring Password-Based Authentication Practices | |
D-FICCA: A Density-based Fuzzy Imperialist Competitive Clustering Algorithm for Intrusion Detection in Wireless Sensor Networks | |
Investigating the Viability of Multifactor Graphical Passwords for User Authentication | |
Co-operative user identity verification using an Authentication Aura | |
A response selection model for intrusion response systems: Response Strategy Model (RSM) | |
Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM) | |
Power to the people? The evolving recognition of human aspects of security | |
Authentication Aura - A distributed approach to user authentication | |
Massively Multi-Player Online Role Playing Games: What’s the Risk? | |
Establishing A Personalized Information Security Culture | |
Comparing Intentions to Use University-Provided vs. Vendor-Provided Multibiometric Authentication in Online Exams | |
Online Addiction: A Cultural Comparison of Privacy Risks in Online Gaming Environments | |
A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm | |
Assessing image-based authentication techniques in a web-based environment | |
Mac security: An Apple that can't be bitten? | |
Social engineering: assessing vulnerabilities in practice | |
From culture to disobedience: Recognising the varying user acceptance of IT security | |
Scare tactics – A viable weapon in the security war? | |
A Friend Mechanism for Mobile Ad Hoc Networks | |
Securing the next generation: enhancing e-safety awareness among young people | |
From desktop to mobile: Examining the security experience | |
Security beliefs and barriers for novice Internet users | |
Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks | |
Who guides the little guy? Exploring security advice and guidance from retailers and ISPs | |
Self-preservation among online prey | |
It's a jungle out there: Predators, prey and protection in the online wilderness | |
Beyond the PIN: Enhancing user authentication for mobile devices | |
End-user security culture: A lesson that will never be learnt? | |
Testing our defences or defending our tests: the obstacles to performing security assessment | |
Identity impairment: The problems facing victims of identity fraud | |
Considering the potential of criminal profiling to combat hacking | |
A non-intrusive biometric authentication mechanism utilising physiological characteristics of the human head | |
Making security usable: Are things improving? | |
Assessing the security perceptions of personal Internet users | |
Phishing: can we spot the signs? | |
Public awareness and perceptions of biometrics | |
Analysis of security-relevant semantics of BPEL in cross-domain defined business processes | |
A new taxonomy for comparing intrusion detection systems | |
Advanced user authentication for mobile devices | |
Malicious or misinformed? Exploring a contributor to the insider threat | |
Securing the home worker | |
Risk and Restitution: Assessing how users establish online trust | |
Security mobile devices: technology and attitude | |
A Composite User Authentication Architecture for Mobile Devices | |
Towards an Insider Threat Prediction Specification Language | |
Authenticating Mobile Phone Users Using Keystroke Analysis | |
Safety in numbers? Early experiences in the age of chip and PIN | |
Usability pitfalls in Wireless LAN Security | |
The challenges of understanding and using security: A survey of end-users | |
Replacing passwords: In search of the secret remedy | |
The role of academic qualifications in the IT security profession | |
Barriers to usable security in end-user applications | |
Informing the decision process in an automated intrusion response system | |
Authentication of users on mobile telephones - A survey of attitudes and practices | |
Biometrics - The promise versus the practice | |
A Preliminary Model of End User Sophistication for Insider Threat Prediction in IT Systems | |
Why users cannot use security | |
An automated framework for managing security vulnerabilities | |
Biometrics: No silver bullets | |
Internet threats to end-users: Hunting easy prey | |
Handheld hazards: The rise of malware on mobile devices | |
Authenticating ourselves: will we ever escape the password? | |
E-commerce security: a question of trust | |
Qualified to help: In search of the skills to ensure security | |
Malware comes of age: The arrival of the true computer parasite | |
Getting caught in the phishing net | |
When vulnerability reports can work against us | |
IDS or IPS: what is best? | |
Multi-Dimensional-Personalisation for the online & offline world | |
A long-term trial of alternative user authentication technologies | |
Using security: easier said than done? | |
Helping us to help ourselves: assessing administrators? use of security analysis tools | |
Hacking begins at home: Are company networks at risk from home computers? | |
Vulnerability exploitation: the problem of protecting our weakest links | |
The Effects of Audio and Video Correlation and Lip Synchronization | |
Keystroke Dynamics on a Mobile Handset: A Feasibility Study | |
Endpoint study of Internet paths and web pages transfers | |
A Model for Monitoring and Migrating Web Resources | |
Considering the Problem of Insider IT Misuse | |
Enhancing Response in Intrusion Detection Systems | |
A prototype tool for information security awareness and training | |
Assessing the global accessibility of the Internet | |
An experimental comparison of secret-based user authentication | |
Insider Threat Prediction Tool: Evaluating the probability of IT misuse | |
Acceptance of subscriber authentication methods for mobile telephony | |
Categorising cybercrime and cybercriminals: The problem and potential approaches | |
The Resource Locator Service: Fixing a Flaw in the Web | |
The promise of Online Distance Learning: Addressing academic and institutional concerns | |
Network Quality of Service Monitoring for IP Telephony | |
Security analysers: Administrator Assistants or Hacker Helpers? | |
Authentication and Supervision: A survey of user attitudes | |
Internet-based security incidents and the potential for false alarms | |
A conceptual architecture for real-time intrusion monitoring | |
Computer Crime and Abuse: A Survey of Public Attitudes and Awareness | |
A new approach towards security training and awareness amongst the Healthcare Community | |
Security implications of Electronic Commerce: A Survey of Consumers and Businesses | |
Computer Hacking and Cyber Terrorism: The real threats in the new millenium? | |
Online Distance Learning: Expectations, Requirements and Barriers | |
Dissecting the 'Hacker Manifesto' | |
Strategies for Content Migration on the World Wide Web | |
The ISHTAR guidelines for healthcare security | |
A security framework for online distance learning and training | |
Network Resource Adaptation in the DOLMEN Service Machine | |
Assessing staff attitudes towards information security in a European healthcare establishment | |
ODESSA - A New Approach to Healthcare Risk Analysis | |
Computer abuse : Vandalising the information society | |
Development of Security Guidelines for Existing Healthcare Systems | |
A Generic Methodology for Health Care Data Security |
134 Journal papers
Conference papers
Good guidance or mistaken misdirection: Assessing the quality of password advice | |
Design Principles and Guidelines for Targeted Security Awareness | |
Enhancing Security Education Recognising Threshold Concepts and other influencing factors | |
iPads in Education: Positive Pedagogy versus Problematic Practicalities | |
Insider Misuse Attribution using Biometrics | |
Towards Targeted Security Awareness Raising | |
Information Security Behavior: Recognizing The Influencers | |
A Forensic Acquisition Based upon A Cluster Analysis of Non-Volatile Memory in IaaS | |
Insider Misuse Identification using Transparent Biometrics | |
Information Security Policies: A Review of Challenges and Influencing Factors | |
User profiling from network traffic via novel application-level interactions | |
A Forensic Acquisition and Analysis System for IaaS: Architectural Model and Experiment | |
Proactive Biometric-Enabled Forensic Imprinting | |
Information Security and Practice: The User's Perspective | |
Transparent Authentication Systems for Mobile Device Security: A Review | |
A Review of Graphical Authentication Utilising a Keypad Input Method | |
Towards Dynamic Adaption of User's Organisational Information Security Behaviour | |
Security, Privacy and Usability - A Survey of Users' Perceptions and Attitudes | |
A Survey of Continuous and Transparent Multibiometric Authentication Systems | |
The Current Use of Authentication Technologies: An Investigative Review | |
Cloud Forensics: A Review of Challenges, Solutions and Open Problems | |
Behavioral-Based Feature Abstraction from Network Traffic | |
Text-Based Active Authentication for Mobile Devices | |
A Forensically-Enabled IAAS Cloud Computing Architecture | |
A User-oriented Network Forensic Analyser: The Design of a High-Level Protocol Analyser | |
Performance Evaluation of A Technology Independent Security Gateway for Next Generation Networks | |
Towards A Unified OAI-PMH Registry | |
Alternative Graphical Authentication for Online Banking Environments | |
Cloud Forensics Challenges | |
Towards an Automated Forensic Examiner (AFE) Based upon Criminal Profiling & Artificial Intelligence | |
A Conceptual Model for Federated Authentication in the Cloud | |
A Technology Independent Security Gateway for Future Emergency Telecommunication Systems (ETS) | |
Challenges to Digital Forensics: A Survey of Researchers & Practitioners Attitudes and Opinions | |
Towards Continuous and Convenient User Authentication | |
E-Invigilator: A Biometric-Based Supervision System for e-Assessments | |
A Technology Independent Security Gateway for Real-Time Multimedia Communication | |
Assessing the usability of application level security warnings | |
A Response Strategy Model for Intrusion Response Systems | |
The Insider Threat Prediction and Specification Language | |
A Novel Security Architecture for a Space-Data DTN | |
Multi-Modal Behavioural Biometric Authentication for Mobile Devices | |
A Risk Index Model for Security Incident Prioritisation | |
A preliminary investigation of distributed and cooperative user authentication | |
Multifactor Graphical Passwords: An Assessment of End-User Performance | |
Quantifying the effect of graphical password guidelines for better security | |
SMS Linguistic Profiling Authentication on Mobile Devices | |
Emerging risks in massively multiplayer online role playing games | |
End-User Perception and Usability of Information Security | |
LUARM – An Audit Engine for Insider Misuse Detection | |
Towards a Flexible, Multi-Level Security Framework for Mobile Devices | |
Behavioural Biometric Authentication For Mobile Devices | |
Barriers to E-Safety Peer Education: An analysis of teacher concerns | |
Online Addiction: Privacy Risks in Online Gaming Environments | |
Assessing the Usability of End-User Security Software | |
A distributed and cooperative user authentication framework | |
An investigation and survey of response options for Intrusion Response Systems (IRSs) | |
Psycho-Analytical Considerations in Internet Marketing – Focusing on Human Needs and Personal Trust | |
Implications and Risks of MMORPG Addiction: Motivations, Emotional Investment, Problematic Usage and Personal Privacy | |
An Analysis of Information Security Awareness within Home and Work Environments | |
Playing safe: A prototype game for raising awareness of social engineering | |
Automated precautionary measures for managing system security vulnerabilities | |
The research on a patch management system for enterprise vulnerability update | |
Improving Awareness of Social Engineering Attacks | |
Evaluating Web-Based User Authentication using Graphical Techniques | |
An Assessment of People’s Vulnerabilities in Relation to Personal and Sensitive Data | |
Assessing the Usability of Personal Internet Security Tools | |
Risk culture influences in Internet safety and security | |
Using peer education to encourage safe online behaviour | |
E-Safety and E-Security: Raising security awareness among young people using peer education | |
Flexible and Transparent User Authentication for Mobile Devices | |
Evaluating the usability impacts of security interface adjustments in Word | |
Effective Information Assurance for SMEs | |
The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset | |
Investigating the problem of IDS false alarms: An experimental study using Snort | |
Neural Network Estimation of TCP Performance | |
A Practical Assessment of Social Engineering Vulnerabilities | |
Assessing the challenges of Intrusion Detection Systems | |
Transparent Facial Recognition for Mobile Devices | |
Device- versus Network-Centric Authentication Paradigms for Mobile Devices: Operational and Perceptual Trade-Offs | |
Building a Trusted Community for Mobile Ad Hoc Networks Using Friend Recommendation | |
Pre-execution Security Policy Assessment of Remotely Defined BPEL-Based Grid Processes | |
Utilising Biometrics for Transparent Authentication on Mobile Devices | |
A practical usability evaluation of security features in end-user applications | |
Security Policy Enforcement in BPEL-Defined Collaborative Business Processes | |
Perceptions of User Authentication on Mobile Devices | |
Assessing the usability of system-initiated and user-initiated security events | |
Considering the Usability of End-User Security Software | |
Assessing the usability of WLAN security for SOHO users | |
A New Taxonomy for Intrusion Detection | |
Security-Relevant Semantic Patterns of BPEL in Cross-Organisational Business Processes | |
From Page Ranking to Topic Sensitive Page Ranking: Implementation and Impact | |
Enhancing Privacy Through Anonymous Recommendation for Multi-Dimensional-Personalisation | |
A Two-Tier Intrusion Detection System for Mobile Ad Hoc Networks – A Friend Approach | |
Attack Pattern Analysis: Trends in Malware Variant Development | |
Considering the Security Challenges in Consumer-Oriented eCommerce | |
Considering the role of academic qualifications for IT security professionals | |
User Authentication for Mobile Devices: A Composite Approach | |
A protection profiles approach to risk analysis for small and medium enterprises | |
A Chinese Wall Approach for Anonymous Recommendation in a Multi-Dimensional-Personalisation Scenario | |
HTTP-Aware Anonymisation of Packet Traces | |
A Two-tier Intrusion Detection System for Mobile Ad Hoc Networks | |
Artificial Impostor Profiling for Keystroke Dynamics on a Mobile Handset | |
TCP Performance Estimation Using Neural Networks Modelling | |
A Security Infrastructure for Cross-Domain Deployment of Script-Based Business Processes in SOC Environments | |
Using Human Computer Interaction principles to promote usable security | |
Organisational Security Culture: Embedding Security Awareness, Education and Training | |
Intrusion Detection via Behavioural Profiling on Mobile and Wireless Networked Devices | |
Identifying the security requirements for virtual university environments | |
Effective IT Security for Small and Medium Enterprises | |
PassImages : an alternative method of user authentication | |
Insider Misuse Threat Survey: Investigating IT misuse from legitimate users | |
Behavioural Profiling In Wireless Networks | |
A Framework for Monitoring Insider Misuse of IT Applications | |
Automating the process of intrusion response | |
Approaches to IT Security in Small and Medium Enterprises | |
Attacks against Mobile Ad Hoc Networks Routing Protocols | |
A Framework For Role-Based Monitoring of Insider Misuse | |
A Long-term Trial of Keystroke Profiling using Digraph, Trigraph and Keyword Latencies | |
Optimising Video Layers to the Available Bandwidth Based for Packet Networks | |
Multi-Dimensional-Personalisation for the online and offline world | |
Architectural specifications and design for an automated vulnerability resolver | |
A Correlation Framework for Continuous User Authentication Using Data Mining | |
Factors affecting the adoption of IT risk analysis | |
The Adoption of Criminal | |
Using protection profiles to simplify risk management | |
Patient Consent Advisory System | |
A Conceptual Framework for Monitoring Insider Misuse | |
Application of Keystroke Analysis to Mobile Text Messaging | |
A Detection-Oriented Classification of Insider IT Misuse | |
Operational Characteristics of an Automated Intrusion Response System | |
Considering IT Risk Analysis in Small and Medium Enterprises | |
Interpolation of Packet Loss and Lip Sync Error on IP Media | |
Cybercrime: Vandalizing the Information Society | |
The Effects of Lip Synchronization in IP Conferencing | |
Data Gathering for Insider Misuse Monitoring | |
Improving Security Awareness And Training Through Computer-Based Training | |
Using Keystroke Analysis as a mechanism for Subscriber Authentication on Mobile Handsets | |
Assessing IT Security Culture: System Administrator and End-User | |
Evaluating the reliability of commercially available biometric devices | |
Biometric Authentication for Mobile Devices | |
Watching your own: The problem of insider IT misuse | |
Endpoint study of Internet paths and web pages transfers | |
Investigating Interaction of Audio and Video Quality as Perceived in Low-Cost Multimedia Conferencing Systems | |
WebRUM: A Model for Measuring Web-Wide Resource Usage | |
Critical awareness ? The problem of monitoring security vulnerabilities | |
Subscriber Authentication for Mobile Phones through the Implementation of | |
Advanced Subscriber Authentication Approaches For Third Generation Mobile | |
A Web-Based Resource Migration Protocol Using WebDAV | |
Addressing Internet security vulnerabilities - A benchmarking study | |
Keystroke Analysis as a Method of Advanced User Authentication and | |
An Integrated Network and System Management Framework based on Adapted Software Components | |
A Response-Oriented Taxonomy of IT System Intrusions | |
The problem of categorising cybercrime and cybercriminals | |
Security Vulnerabilities and System Intrusions ? The need for Automatic Response Frameworks | |
A Preliminary Investigation of User Authentication Using Continuous Keystroke Analysis | |
Performance Evaluation of Desktop Videoconferencing | |
Non-intrusive IP Network Performance Monitoring for TCP Flows | |
Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining | |
A Conceptual Security Framework to support Continuous Subscriber Authentication in Third Generation Mobile Networks | |
Practitioner Perception of Component Based Software Development | |
CORBA middleware services - Are they secure? | |
A Generic Taxonomy for Intrusion Specification and Response | |
Promoting security awareness and training within small organisations | |
An Integrated Management Architecture for Heterogeneous Networks: INSMware | |
A conceptual intrusion monitoring architecture and thoughts on practical implementation | |
Management of Service Level Agreements using INSMware | |
User authentication for keypad-based devices using keystroke analysis | |
Enhancing Operating System Authentication Techniques | |
IP Networks Performance Monitoring of Voice Flows for IP Telephony | |
Measurement of IP Transport Parameters for IP Telephony | |
Non-intrusive security requirements for third generation mobile systems | |
Developing tools to support online distance learning | |
Cyber Terrorism: The Political Evolution of the Computer Hacker | |
A Hyper Graphics Markup Language for optimising WWW access in wireless networks | |
Security considerations in online distance learning | |
Methods of responding to healthcare security incidents | |
Integration of ATM Management Procedures into Native Integrated Network and System Management Architectures | |
Content Migration on the World Wide Web | |
Electronic Commerce : Winners and Losers | |
Mobility Considerations for integrated Telecommunications Service Environments | |
A Software Platform for the Integration of a Mobile Client to Intranet Services | |
Using CORBA to Support Terminal Mobility | |
Internet information browsing using GSM data communications : A benchmarking study | |
A comprehensive authentication and supervision architecture for networked multimedia systems | |
Resource Adaptation in the TINA Service Environment | |
Addressing information security training and awareness within the European healthcare community | |
Addressing the problem of data security in healthcare information systems | |
A Telematics Security Training Application | |
Addressing security in an Integrated Service Engineering environment | |
Non-Intrusive Security Arrangements to support Terminal and Personal Mobility | |
POSEIDON - A Composite Multimedia Hospital Patient Records System | |
Approaches to security in healthcare multimedia systems | |
ODESSA - Intelligent Healthcare Security Risk Assessment | |
Provision of healthcare security information services using the World-Wide Web | |
Applications of keystroke analysis for improved login security and continuous user authentication | |
The SEISMED Guidelines for Host Systems Secuirty | |
Simulation of a multimedia patient records system | |
The use of Simulation in Computer-based Security Systems | |
Security Management in the Healthcare Environment | |
Secure Multimedia Systems in Healthcare and Medicine | |
The use of Keystroke Analysis for Continuous User Identity Verification and Supervision | |
An Expert System for Health Care Data Security : A Conceptual Outline | |
Data Security in Medical Information Systems using a Generic Model |
203 Conference papers
Books
Cybersecurity Education for Awareness and Compliance | |
 | E-mail Security: A Pocket Guide |
 | Mobile Security: A Pocket Guide |
 | ΚΥΒΕΡΝΟΕΓΚΛΗΜΑ (Cybercrime - Greek Edition) |
 | Computer Insecurity: Risking the System |
 | Cybercrime: Vandalizing the Information Society |
6 Books
Edited books
 | Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) |
 | Proceedings of the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018) |
 | Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017) |
Information Systems Security and Privacy | |
 | Trust, Privacy and Security in Digital Business - 13th International Conference, TrustBus 2016 |
 | Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) |
 | Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) |
 | Proceedings of the Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014) |
 | Proceedings of the Tenth International Network Conference (INC 2014) |
 | Trust, Privacy and Security in Digital Business - 10th International Conference, TrustBus 2013 |
 | Advances in Communications, Computing, Networks and Security Volume 10 |
 | Proceedings of the European Information Security Multi-Conference (EISMC 2013) |
 | Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012 |
 | Proceedings of the Ninth International Network Conference (INC 2012) |
 | Advances in Communications, Computing, Networks and Security Volume 9 |
 | Proceedings of the Sixth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2012) |
 | Trust, Privacy and Security in Digital Business - 8th International Conference, TrustBus 2011 |
 | Advances in Communications, Computing, Networks and Security Volume 8 |
 | Proceedings of the Fifth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2011) |
 | Advances in Communications, Computing, Networks and Security Volume 7 |
 | Proceedings of the Eighth International Network Conference (INC 2010) |
 | Proceedings of the South African Information Security Multi-Conference (SAISMC 2010) |
 | Advances in Communications, Computing, Networks and Security 6 |
 | Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009) |
 | Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009) |
 | Proceedings of the 11th IFIP TC 11.1 Working Conference on Information Security Management |
 | Advances in Communications, Computing, Networks and Security 5 |
 | Trust and Engagement in ICT Mediated Services: Understanding Public Perceptions |
 | Trust, Privacy and Security in Digital Business |
 | Proceedings of the Fourth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2008) |
 | Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008) |
 | Proceedings of the 7th International Network Conference (INC 2008) |
 | Securing Information and Communications Systems: Principles, Technologies, and Applications |
 | Advances in Networks, Computing and Communications 4 |
 | Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA 2007) |
 | Proceedings of the Third Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2007) |
 | Advances in Networks, Computing and Communications 3 |
 | Trust, Privacy, and Security in Digital Business |
 | Proceedings of the 6th International Network Conference (INC 2006) |
 | Security Management, Integrity, and Internal Control in Information Systems |
 | Advances in Network and Communications Engineering 2 |
 | Proceedings of the 5th International Network Conference (INC 2005) |
 | Advances in Network and Communications Engineering |
 | Proceedings of the 4th International Network Conference (INC 2004) |
 | Proceedings of the 8th Annual Scientific Conference (Euromedia 2003) |
 | Proceedings of the 3rd International Network Conference (INC 2002) |
 | Proceedings of the 2nd International Network Conference (INC 2000) |
 | Proceedings of the 1st International Network Conference (INC 98) |
48 Edited books
Contributions to edited books
"A Holistic View of Cybersecurity Education Requirements", in Cybersecurity Education for Awareness and Compliance | |
Personalising Security Education ‐ Factors influencing individual awareness and compliance | |
 | Delay-tolerant networks (DTNs) for deep-space communications |
 | Insider Threat Specification as a Threat Mitigation Technique |
| Securing the Human Factor |
 | Security usability challenges for end-users |
| User Authentication Technologies |
| Security Concepts, Services, and Threats |
Malware: An Evolving Threat | |
E-Commerce Security | |
A Model for Managing and Migrating Web Resources | |
Computer hacking and cyber terrorism: the real threats in the new millennium? | |
Online Learning and Security | |
The ISHTAR Security Guidelines | |
The ISHTAR World Wide Web Dissemination and Advisory Service for Healthcare Information Security | |
Baseline Security Guidelines for Health Care Management | |
Baseline Security Guidelines for Health Care IT and Security Personnel | |
Baseline Security Guidelines for Health Care System Users | |
18 Contributions to edited books
Posters
User Behaviour with Organisational Information Security Policies | |
A Framework of User Identification From Network Traffic | |
A Review of Cloud Forensics issues, solutions & open problems | |
Using a "Chinese Wall" for Anonymous Recommendation and the Protection of Privacy | |
Multi-Dimensional-Personalisation | |
Enhancing Intrusion Response in Networked System | |
Non-Intrusive Biometric Authentication for Mobile Devices | |
Non-Intrusive Subscriber Authentication for 3G Mopbile System | |
Advanced Authentication and Intrusion Detection Technologies |
9 Posters
Internal publications
Assessing the Feasibility of Security Metrics | |
Factors Affecting Information Security Behaviour | |
Improving the Usability of Security Features within Tools and Applications | |
Security Culture in the Context of National Culture | |
Improving the Usability of Security Features in Tools and Applications | |
Personality Type – A Valid Indicator of Security Champions? | |
Attack Vectors to Wireless ZigBee Network Communications - Analysis and Countermeasures | |
Implementing CSR-related KPIs into Business Intelligence Landscapes | |
Comparing Anti-Spyware Products | |
Improving User Awareness of Social Engineering | |
Online Security: Strategies for Promoting Home User Awareness | |
Accessing Spyware Awareness and Defences amongst Security Administrators | |
Internet User’s Awareness and Understanding of Spyware and Anti-Spyware | |
Agile Limitations and Model-Driven Opportunities for Software Development Projects | |
Towards a Classification of Information Technology Governance Frameworks | |
Evaluating the Effects of Security Usability Improvements in Word 2007 | |
An Assessment of Security Advisory Website | |
Internet Security: A View from ISPs and Retailers | |
Assessing the Usability of Security Features in Tools and Applications | |
Improving the Usability of Security Features - a Survey of End Users | |
Online Gaming: An Emerging Avenue for Exploitation? | |
Response Mechanisms for Intrusion Response Systems (IRSs) | |
Assessing Protection and Security Awareness amongst Home Users | |
Analysing the Extent that Children are Made Aware of Internet Security Issues Within UK Schools | |
Evolution of Wi-Fi and Security Issues | |
Cyber Terrorism – Electronic Activism and the Potential Threat to the United Kingdom | |
Online Security: Strategies for Promoting User Awareness | |
Multi Dimensional Personalisation Architecture Proposal for a Prototype | |
A Survey of User Opinions and Preference Towards Graphical Authentication | |
Strengthening the Human Firewall | |
User security awareness of social engineering and phishing | |
Improving protection and security awareness amongst home users | |
Security Technologies: Why are they not used correctly? | |
Public awareness of biometrics | |
User Awareness of Biometrics | |
Recording end-users security events: A step towards increasing usability | |
New architecture for a centralized next generation profile register in future mobile telecommunication networks | |
Security-relevance of semantic patterns in cross-organisational business processes using WS-BPEL | |
Prerequisites for monitoring insider IT misuse | |
Device versus network-centric authentication models for mobile devices – operational and perceptual trade-offs | |
Multi-dimensional-personalisation - in “whom” we trust? Perception of trust & privacy | |
Uses and dangers of peer-to-peer and instant messaging in a business environment | |
Changing Trends in Vulnerability Discovery | |
Social Engineering: A growing threat, with diverging directions | |
Attack Pattern Analysis: Trends in Malware Variant Development | |
Authentication based upon secret knowledge and its resilience to impostors | |
Security Usability: A Survey of End-Users | |
Survey of Wireless Access Point Security in Plymouth | |
World Wide Web Content Study Based on Anonymised Network Traces | |
The Interaction Between Mobile IPv6 and Firewalls | |
Security Technologies for a Virtual University | |
ISEduT: An Educational Tool for Information Security | |
Approaches to Establishing IT Security Culture | |
IT Security: A Human Computer Interaction Perspective | |
IT Risk Analysis for Small and Medium Enterprises | |
Passimages : An Alternative Method of User Authentication | |
Assessing Global Internet Accessibility | |
EduCQ : An Educational Tool for Information Security | |
Privacy Implications of Network Monitoring | |
Analysis of insider misuse in commercial applications | |
A Generic Framework for the Prevention and Detection of Insider Misuse | |
Security Analysis Tools - Do They Make Any Difference? | |
Artificial Impostor Profiling for Keystroke Analysis on a Mobile Handset |
63 Internal publications
Technical articles
Social Engineering: Exploiting the Weakest Links |
1 Technical articles
Other publications
The Christmas gifts that keep giving (your data away) — and how to prevent this |
1 Other publications
483 publication(s) - all categories.
Editorships / Refereeing for journals
Editor-in-Chief, Information and Computer Security
Associate Editor, Computers & Security
Associate Editor, Security and Communication Networks (until Aug. 2016)
Associate Editor, Journal of Information Systems Security
Editorial Board, The Computer Journal
Editorial Board, Journal of Information Warfare
Editorial Board, EAI Transactions on Security and Safety
Editorial Board, International Journal on Advances in Security
Editorial Board, International Journal for Information Security Research
Editorial Board, Future Internet
Editorial Advisory Board, Internet Research
Editorial Advisory Board, International Journal of Information and Learning Technology
Conferences organised
In progress
Program Co-Chair, 6th International Conference on Information Systems Security and Privacy (ICISSP 2020), Valletta, Malta, 25-27 February 2020.
Program Co-Chair, The 19th Annual Security Conference, Las Vegas, Nevada, March/April 2020.
Completed
Co-organiser, International Network Conference (INC ’98), Plymouth, UK, 7-9 July 1998.
Chair, International Network Conference 2000 (INC 2000), Plymouth, UK, 3-6 July 2000.
Chair, International Network Conference 2002 (INC 2002), Plymouth, UK, 16-18 July 2002.
Chair, EUROMEDIA 2003, Plymouth, UK, 14-16 April 2003.
Co-chair, Second European Conference on Information Warfare and Security, University of Reading, United Kingdom, 30 June - 1 July 2003.
Co-chair, The 3rd Security Conference, Las Vegas, Nevada, 14-15 April 2004.
Chair, International Network Conference 2004 (INC 2004), Plymouth, UK, 6-9 July 2004.
Co-chair, The 4th Security Conference, Las Vegas, Nevada, 30-31 March 2005.
Co-chair, International Network Conference 2005 (INC 2005), Samos, Greece, 5-7 July 2005.
Co-Chair, IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems, Fairfax, Virginia, 1-2 December 2005.
Co-chair, The 5th Annual Security Conference, Las Vegas, Nevada, 19-20 April 2006.
Co-chair, IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on Security Culture, Karlstad, Sweden, 22 May 2006.
Chair, International Network Conference 2006 (INC 2006), Plymouth, UK, 11-14 July 2006.
Co-chair, 3rd International Conference on Trust, Privacy, and Security of Digital Business (TrustBus’06), Krakov, Poland, 4-8 September 2006.
Co-chair, The 6th Annual Security Conference, Las Vegas, Nevada, 11-12 April 2007.
Co-chair, IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on Information Security, Sandton, South Africa, 15 May 2007.
Co-chair, International Symposium on Human Aspects of Information Security and Assurance (HAISA 2007), Plymouth, UK, 10 July 2007.
Co-chair, The 7th Annual Security Conference, Las Vegas, Nevada,2-3 June 2008.
Chair, 7th European Conference on Information Warfare and Security, Plymouth, United Kingdom, 30 June - 1 July 2008.
Chair, International Network Conference 2008 (INC 2008), Plymouth, UK, 8-10 July 2008.
Co-chair, Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), Plymouth, UK, 8-9 July 2008.
Co-chair, 5th International Conference on Trust, Privacy, and Security of Digital Business (TrustBus’08), Turin, Italy, 4-5 September 2008.
Co-chair, 11th Annual Working Conference on Information Security Management, Richmond, Virginia, 16-18 October 2008.
Co-chair, The 8th Annual Security Conference, Las Vegas, Nevada, 15-16 April 2009.
Co-chair, Third International Symposium on Human Aspects of Information Security and Assurance (HAISA 2009), Athens, Greece, 25-26 June 2009.
Co-chair, The 9th Annual Security Conference, Las Vegas, Nevada,7-8 April 2010.
Co-chair, South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, 17-18 May 2010.
Co-chair, Eighth International Network Conference (INC 2010), 6-8 July, Heidelberg, Germany.
Co-chair, The 10th Annual Security Conference, Las Vegas, Nevada,4-6 May 2011.
Co-chair, Fifth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2011), London, UK, 7-8 July 2011.
Co-chair, 8th International Conference on Trust, Privacy & Security in Digital Business (TrustBus’11), Toulouse, France, 29 Aug – 2 Sept 2011.
Local Chair, SecureComm 2011 - 7th International ICST Conference on Security and Privacy in Communications Network, London, UK, 7-9 September 2011.
International Chair, 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011), Abu Dhabi, UAE, 11-14 December 2011.
Co-chair, The 11th Annual Security Conference, Las Vegas, Nevada, 11-13 April 2012.
Programme Co-chair, 27th IFIP International Information Security and Privacy Conference (SEC 2012), Crete, Greece, 4-6 June 2012.
Co-chair, Sixth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2012), Crete, UK, 6-8 June 2012.
Co-chair, Ninth International Network Conference (INC 2012), Port Elizabeth, South Africa, 11-12 July 2012.
Co-Chair, Secure South West, Plymouth, UK, 20 September 2012.
Co-Chair, Secure South West 2, Plymouth, UK, 25 March 2013.
Co-Chair, The 12th Annual Security Conference, Las Vegas, Nevada, 10-12 April 2013.
Co-Chair, European Information Security Multi-Conference (EISMC 2013), Lisbon, Portugal, May 2013.
Co-Chair, 10th International Conference on Trust, Privacy & Security in Digital Business (TrustBus’13), Prague, Czech Republic, September 2013.
Co-Chair, Secure South West 3, Plymouth, UK, 16 December 2013.
Co-Chair, The 13th Annual Security Conference, Las Vegas, Nevada, 21-23 May 2014.
Co-Chair, Eighth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2014), Plymouth, UK, 8-9 July 2014.
Co-Chair, Secure South West 4, Plymouth, UK, 10 July 2014.
Co-Chair, Secure South West 5, Plymouth, UK, 2 April 2015.
Co-Chair, The 14th Annual Security Conference, Las Vegas, Nevada, 19-21 May 2015.
General Co-Chair, 30th IFIP TC-11 International Conference on ICT Systems Security and Privacy Protection (SEC 2015), Hamburg, Germany, 26–28 May 2015.
Co-Chair, Ninth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2015), Mytilene, Greece, 1-3 July 2015.
Program Co-Chair, 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), Rome, Italy, 19-21 February 2016.
Co-Chair, The 15th Annual Security Conference, Las Vegas, Nevada, 29-31 March 2016.
Co-organiser, Workshop on Security Fatigue, Denver, Colorado, 22-24 June 2016.
Co-Chair, Tenth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2016), Frankfurt, Germany, 19-21 July 2016.
Co-chair, 13th International Conference on Trust, Privacy & Security in Digital Business (TrustBus’16), Porto, Portugal, September 2016.
General Chair, 11th International Conference for Internet Technology and Secured Transactions (ICITST-2016, Barcelona, Spain, 5-7 December 2016.
Program Co-Chair, 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017), Porto, Portugal, 19-21 February 2017.
Program Co-Chair, The 17th Annual Security Conference, Las Vegas, Nevada, 18-20 April 2017.
Co-Chair, Eleventh International Symposium on Human Aspects of Information Security and Assurance (HAISA 2017), Adelaide, Australia, 28-30 November 2017.
Program Co-Chair, 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), Funchal, Madeira, Portugal, 22-24 January 2018.
Program Co-Chair, The 17th Annual Security Conference, Las Vegas, Nevada, 26-28 March 2018.
Co-Chair, Twelfth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2018), Dundee, Scotland, 29-31 August 2018.
Program Co-Chair, 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus´18), Regensburg, Germany, 5-6 September 2018.
Program Co-Chair, 5th International Conference on Information Systems Security and Privacy (ICISSP 2019), Prague, Czech Republic, 23-25 February 2019.
Program Co-Chair, The Annual Security Conference, Las Vegas, Nevada, 29 April – 1 May 2019.
General Conference Co-chair, 34th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2019), Lisbon, Portugal, 25-27 June 2019.
Program Co-Chair, 5th International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec 2019), Copenhagen, Denmark, 14-17 July 2019.
Co-Chair, Thirteenth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2019), Nicosia, Cyprus, 15-17 July 2019.
Programme Co-Chair, 14th International Conference on Availability, Reliability and Security (ARES 2019), Canterbury, UK, 26-29 August 2019.
Other international conference activities
- Referee and Session Chairman, EUROMEDIA 98, Leicester, UK, 5-7 January 1998.
- Referee, Healthcare Computing 99, Harrogate, UK, 22-24 March 1999
- Programme Committee, EUROMEDIA 99, Munich, Germany, 25-28 April 1999.
- Programme Committee, 2nd International Workshop on Innovative Internet Information Systems (IIIS’99), Copenhagen, Denmark, 21-22 June 1999
- Referee, Healthcare Computing 2000, Harrogate, UK, 20-22 March 2000
- Programme Committee, EUROMEDIA 2000, Antwerp, Belgium, 8-10 May 2000
- Workshop Committee, 1st Australian Information Security Management Workshop, Geelong, Australia, 7 November 2000.
- Referee, Healthcare Computing 2001, Harrogate, UK, 19–21 March, 2001.
- Programme Committee, EUROMEDIA 2001, Valencia, Spain, 19-10 April 2001.
- Reviewer, 8th Annual Working Conference on Information Security Management & Small Systems Security, Las Vegas, USA, 27-28 September 2001.
- Reviewer, 2nd International Information Warfare and Security Conference, Perth, Western Australia, 29-30 November 2001.
- Programme Committee, EUROMEDIA 2002, Modena, Italy, 14-16 April 2002.
- Conference Committee, European Conference on Information Warfare and Security, Brunel University, United Kingdom, 8-9 July 2002.
- Session Chair, 3rd Australian Information Warfare & Security Conference 2002, Perth, Australia, 28-29 November 2002.
- Programme Committee, 18th IFIP International Information Security Conference (IFIP SEC 2003), Athens, Greece, 26-28 May 2003.
- Programme Committee, IFIP WG11.1 9th Annual Working Conference on Information Security Management, Athens, Greece, 27 May 2003.
- Programme Committee, Third World Conference on Information Security Education (WISE 3), Monterey California, USA, 26-28 June 2003.
- Reviewer, 3rd Annual Information Security South Africa (ISSA) conference, Sandton, Gauteng, 9-11 July 2003.
- Programme Committee, International Conference on Web Engineering (ICWE'03), Oviedo, Spain, 16-18 July 2003.
- Programme Committee, Seventh IFIP Communications and Multimedia Security conference (CMS 2003), Turin, Italy, 2-3 October 2003.
- Programme Committee, 1st Australian Computer, Network & Information Forensics Conference, Perth, Australia, 24-28 November 2003.
- Programme Committee, 1st Australian Information Security Management Conference, Perth, Australia, 24-28 November 2003.
- Programme Committee, Information & Communication Technology (ICICT'03), Cairo, Egypt, 30 November-2 December 2003.
- Scientific Committee, Sciences of Electronic Technologies, Information and Telecommunications (SETIT) 2004, Susa, Tunisia, 15-20 March 2004.
- Associate Editor, ISOneWorld Conference & Convention, Las Vegas, Nevada, 14-16 April 200
- Programme Committee, EUROMEDIA 2004, Hasselt, Belgium, 19-21 April 2004.
- Programme Committee, 1st European PKI Workshop: Research and Applications, Samos, Greece, 25-26 June 2004.
- Conference Executive, 3rd European Conference on Information Warfare and Security, Royal Holloway, University of London, United Kingdom, 28-29 June 2004.
- Programme Committee, 4th Annual Information Security South Africa (ISSA) Conference, Gauteng Region (Johannesburg), South Africa, 1 – 3 July 2004
- Programme Committee, 18th IFIP International Information Security Conference (IFIP SEC 2004), Toulouse, France, August 2004
- International Programme Committee, Trust and Privacy in Digital Business (TrustBus´04), Zaragoza, Spain, 1-5 September 2004.
- Reviewer, 5th Australian Information Warfare & Security Conference, Perth, Western Australia, 25-26 November 2004.
- Reviewer, IEEE Wireless Communications and Networking Conference (WCNC) 2005, New Orleans, USA, 13-17 March 2005.
- Scientific Committee, Sciences of Electronic Technologies, Information and Telecommunications (SETIT) 2004, Susa, Tunisia, 27-31 March 2005.
- Programme Committee, EUROMEDIA 2005, Toulouse, France, 11-13 April 2005.
- Programme Committee, 14th EICAR Annual Conference, St Julians, Malta, 30 April – 3 May 2005.
- Programme Committee, Fourth World Conference on Information Security Education (WISE 4), Moscow, Russia, 18-20 May 2005.
- Reviewer, Workshop on Security In Information Systems (WOSIS-2005), Miami Beach, Florida, USA, 24-25 May 2005.
- Programme Committee, 20th IFIP International Information Security Conference (IFIP SEC 2005), Chiba, Japan, 30 May-1 June 2005.
- Programme Committee, Second SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA 2005), Vienna, Austria, 7–8 July 2005.
- Programme Committee, 5th Annual Information Security South Africa (ISSA) Conference, Gauteng Region (Johannesburg), South Africa, 29 June – 1 July 2005.
- Programme Committee, Second European PKI Workshop, Kent, UK, 30 June – 1 July 2005.
- Conference Executive, Fourth European Conference on Information Warfare and Security, Glamorgan, South Wales, 11-12 July 2005
- Programme Committee, TrustBus'05, Copenhagen, Denmark, 22-26 August 2005
- Programme Committee, International Conference on Internet Technologies and Applications (ITA 05), Wrexham, North Wales, 7-9 September 2005
- Programme Committee, International Conference on E-business and Telecommunication Networks, Reading, UK, 3-7 October 2005.
- Programme Committee, Third IASTED International Conference on Communications and Computer Networks (CCN 2005), Marina del Rey, California, USA, 24-26 October 2005.
- Programme Committee, 3rd Latin American Web Congress, Buenos Aires, Argentina, 31 October – 2 November 2005.
- Programme Committee, IASTED International Conference on Communications, Internet and Information Technology (CIIT 2005), Cambridge, USA, 31 October – November 2005.
- Reviewer, 6th Australian Information Warfare and Security Conference, Geelong, Victoria, Australia, 24-25 November 2005.
- Programme Committee, 1st European Conference on Computer Network Defence (EC2ND), Glamorgan, South Wales, 15-16 December 2005.
- Reviewer, 5th IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2005), Athens, Greece, 18-21 December 2005.
- Programme Committee, EUROMEDIA 2006, Athens, Greece, April 2006.
- Programme Committee, IEEE 20th International Conference on Advanced Information Networking and Applications (AINA2006), Vienna, Austria, 18-20 April 2006.
- Programme Committee, First International Conference on Availability, Reliability and Security (AReS) ARES 2006 - "The International Dependability Conference", Vienna, Austria, 20-22 April 2006.
- Programme Committee, 15th EICAR Annual Conference, Hamburg, Germany, 29 April – 2 May 2006.
- Programme Committee, Second IEEE International Conference DFMA 06 (Distributed framework for Multimedia Applications), Penang, 14-17 May 2006.
- Programme Committee, 21st IFIP International Information Security Conference (IFIP SEC 2006), Karlstad, Sweden, 22-24 May 2006
- Programme Committee, Fourth International Workshop on Security In Information Systems (WOSIS-2006), Paphos, Cyprus, May 2006.
- Conference Executive, Fifth European Conference on Information Warfare and Security, Helsinki, Finland, 1-2 June 2006.
- Programme Committee, Third European PKI Workshop (EuroPKI 2006), Turin, Italy, 19-20 June 2006.
- Programme Committee, 7th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, New York, 21-23 June 2006
- Programme Committee, International Symposium on Performance Evaluation and Modelling of Wireless Networks (PEMWN06), Toronto, Canada, June/July 2006.
- Programme Committee, Communication Systems and Applications (CSA 2006), Banff, Canada, 3-5 July 2006.
- Programme Committee, 1st Conference on Advances in Computer Security and Forensics (ACSF), Liverpool, 13-14 July 2006.
- Programme Committee, SECRYPT 2006, SetÏŠbal, Portugal, 7-10 August 2006.
- Programme Committee, 9th Information Security Conference (ISC 06), Samos Island, Greece, 30 August 30 – 2 September 2006.
- Programme Committee, 1st International Workshop on Critical Information Infrastructures Security (CRITIS'06), Samos Island, Greece, 30 August – 2 September 2006.
- Programme Committee, 5th International Conference on Entertainment Computing (ICEC 2006), Cambridge, UK, 20-22 September 2006.
- Programme Committee, IASTED International Conference on Communications and Computer Networks (CCN 2006), Lima, Peru, 4-6 October 2006
- Programme Committee, First International Workshop on Security (IWSEC2006), Kyoto, Japan, 23-24 October 2006.
- Programme Committee, 4th Latin American Web Congress (LA-Web 2006), Puebla, Mexico, 25-27 October 2006.
- Technical Programme Committee, First International Workshop on Information Security (IS'06), Montpellier, France, 29 October – 3 November 2006.
- Programme Committee, 8th International Symposium on System and Information Security (SSI´2006), Sao Jose dos Campos, Sao Paulo, Brazil, 8-10 November 2006.
- Programme Committee, Fifth IASTED International Conference on Communications, Internet and Information Technology (CIIT 2006), St Thomas, US Virgin Islands, 29 November – 1 December 2006.
- Programme Committee. IADIS e-commerce 2006, Barcelona, Spain, 9-11 December 2006.
- Programme Committee. 2nd European Conference on Computer Network Defence (EC2ND), Glamorgan, UK. 14-15 December 2006.
- Programme Committee, 2nd IEEE International Conference on Signal Image Technology & Internet Based Systems - Track II - Web-based Information Technologies and Distributed Systems, Hammamet, Tunisia, 17-21 December 2006.
- Programme Committee, The Second International Conference on Availability, Reliability and Security (AReS 2007), Vienna, Austria, 10-13 April 2007.
- Programme Committee, First International Workshop on Spoofing, Digital Forensics and Open Source Tools (SDFOST), Vienna, Austria, 10-13 April 2007.
- Programme Committee, ISOneWorld 2007 Conference and Convention, Las Vegas, Nevada, USA, 11-13 April 2007.
- Programme Committee, EUROMEDIA 2007, April 2007, Delft, The Netherlands.
- Programme Committee, 2007 International Conference on New Technologies, Mobility and Security (NTMS2007), Beirut, Lebanon, 30 April- 3 May 2007.
- Programme Committee, 22nd IFIP International Information Security Conference (IFIP SEC 2007), Sandton, South Africa, 14-16 May 2007.
- Programme Committee, 16th EICAR Annual Conference, 2007.
- Programme Committee, 2007 Information Resources Management Association (IRMA) International Conference, Vancouver, Canada, 19-23 May 2007.
- Programme Committee, 2nd International Conference on Information Science and Security, Seoul, South Korea, 23-26 May 2007.
- Programme Committee, IASTED International Conference on Wireless and Optical Communications (WOC 2007), Montreal, Canada, 30 May - 1 June 2007.
- Programme Committee, Fifth International Workshop on Security In Information Systems (WOSIS 2007), Madeira, Portugal, June 2007.
- Conference Executive, 6th European Conference on Information Warfare and Security, Shrivenham, UK, 2-3 July 2007.
- Programme Committee, Fifth IASTED International Conference on Communications, Internet, and Information Technology (CIIT 2007), Banff, Canada, 2-4 July 2007.
- Programme Committee, 2nd Conference on Advances in Computer Security and Forensics (ACSF), Liverpool, UK, 12-13 July 2007.
- Programme Committee, SECRYPT 2007, Barcelona, Spain 28-31 July 2007.
- Programme Committee, 2nd Annual Workshop on Digital Forensics and Incident Analysis (WDFIA 2007), Samos, Greece, 27-28 August 2007.
- Programme Committee, Third International Security Symposium on Information Assurance and Security (IAS07), Manchester, UK, 29-30 August 2007.
- Program Committee, 4th International Conference on Trust, Privacy and Security in Digital Business (TrustBus'07), Regensburg, Germany, 3-7 September 2007.
- Programme Committee, Second International Conference on Internet Technologies and Applications (ITA 07), Wrexham, North Wales, 4-7 September 2007.
- Programme Committee, IFIP 6th International Conference on Entertainment Computing (ICEC 2007), Shanghai Jiao Tong University, Shanghai, P. R. China, 20-22 September 2007.
- Programme Committee, Second International Workshop on Security (IWSEC 2007), Nara, Japan, October 2007.
- Program Committee, IASTED International Conference on Communication Systems, Networks and Applications (CSNA 2007), Beijing, China, 8-10 October 2007.
- Programme Committee, International Symposium on Information Security (IS'2007), Spain, 28 October - 2 November 2007.
- Programme Committee, Workshop on Authentication and Identification Techniques (WAIT), Oslo, Norway, 19 November 2007.
- Programme Committee, IADIS e-commerce 2006, Algarve, Portugal, 7-9 December 2007.
- Programme Committee, 4th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications (DRM 2008), Las Vegas, USA, 12 January 2008.
- Programme Committee, Third International Conference on Availability, Reliability and Security (ARES 2008), 4-7 March 2008, Barcelona, Spain.
- Programme Committee, 6th International Workshop on Security in Information Systems (WOSIS 2008), Barcelona, Spain, 12-13 June 2008.
- Programme Committee, Fifth European PKI Workshop (EuroPKI 2008), Trondheim, Norway, 16-17 June 2008.
- Review Committee, Information Security South Africa 2008 (ISSA 2008), University of Johannesburg, Gauteng, South Africa, 7-9 July 2008.
- Programme Committee, 3rd Advances in Computer Security and Forensics (ACSF) conference, Liverpool, UK, 10-11 July 2008.
- Programme Committee, IADIS International Conference e-Commerce 2008, Amsterdam, Netherlands, 25-27 July 2008.
- Programme Committee, SECRYPT 2008, 26-29 July, Porto, Portugal.
- Reviewer, UK Systems Society International Conference 2008, Oxford, UK, 1-3 September 2008.
- Programme Committee, 23rd International Information Security Conference (SEC 2008), Milan, Italy, 8-10 September 2008.
- Programme Committee, 4th International Conference on Information Assurance and Security (IAS 2008), Naples, Italy, 8-10 September 2008.
- Programme Committee, 7th International Conference on Entertainment Computing (ICEC 2008), Pittsburgh, USA, 25-27 September 2008.
- Programme Committee, Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2008), Wilderness, Garden Route, South Africa, 6-8 October 2008.
- Programme Committee, 3rd Annual Workshop on Digital Forensics and Incident Analysis (WDFIA 2008), Malaga, Spain, 9 October 2008.
- Programme Committee, International Workshop on War & Peace Driving: Wireless Security and Public Uptake, Avignon, France, 12 October 2008.
- Programme Committee, 10th International Conference on Information and Communications Security (ICICS 2008), Birmingham, UK, 20-22 October 2008.
- Programme Committee, LA-WEB 2008 - 6th Latin American Web Congress, Vila Velha, Brazil, 28-30 October 2008.
- Programme Committee, Third International Workshop on Security (IWSEC 2008), Kagawa, Japan, 25-27 November 2008.
- Programme Committee, 5th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications, Las Vegas, Nevada, 13 January 2009.
- Programme Committee, The Fourth International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, 16-19 March 2009.
- Programme Committee, EUROMEDIA 2009, Bruges, Belgium, 15-17 April 2009.
- Programme Committee, 7th International Workshop on Security in Information Systems (WOSIS), Milan, Italy, 6-7 May 2009.
- Programme Committee, 18th EICAR Annual Conference, Berlin, Germany, 11-12 May 2009.
- Programme Committee, 24th IFIP International Information Security Conference (SEC 2009), Pafos, Cyprus, 18-20 May 2009.
- Programme Committee, IFIP TC 8 International Workshop on Information Systems Security Research, Cape Town, South Africa, 29-30 May 2009.
- Review Panel. 8th Annual Information Security South Africa Conference (ISSA 2009), Johannesburg, South Africa, 6-8 July 2009.
- International Programme Committee, SECRYPT 2009, Milan, Italy, 7-10 July 2009.
- Programme Committee, Fifth International Conference on Information Assurance and Security (IAS09), Xi'an City, China, 18-20 August 2009.
- Programme Committee, 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria, 31 August - 4 September 2009.
- Programme Committee, 6th International Conference on Trust, Privacy & Security in Digital Business (TrustBus ’09), Linz, Austria, 31 August - 4 September 2009.
- Programme Committee, Third International Conference on Internet Technologies and Applications (ITA09), Wrexham, North Wales, 8-11 September 2009.
- Programme Committee, Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2009), Vaal River, South Africa, 13-14 October 2009.
- Programme Committee, 3rd International Conference on Network and System Security (NSS 2009), Gold Coast, Australia, 19-21 October 2009.
- Programme Committee, 4th International Workshop on Security (IWSEC 2009), Toyama, Japan, 28-30 October 2009.
- Programme Committee, FTRG International Workshop on Advances in Cryptography, Security and Applications (ACSA-09), Jeju, Korea, 11-12 December 2009.
- Reviewer, International Conference on "Developments in eSystems Engineering" (DeSE '09), Abu Dhabi, United Arab Emirates, 14-16 December 2009.
- Technical Programme Committee, 6th IEEE International Workshop on Digital Rights Management (IEEE CCNC DRM 2010), Las Vegas, Nevada, 13 January 2010.
- Programme Committee, 19th Annual EICAR Conference, Paris, France, 8-11 May 2010.
- Programme Committee, 2nd International Workshop on Managing Insider Security Threats (MIST 2010), Morioka, Iwate, Japan, 14-15 June 2010.
- Programme Committee, European Conference on i-Warfare and Security (ECIW 2010), Thessaloniki, Greece, 1-2 July 2010.
- Program Committee, International Conference on Security and Cryptography (SECRYPT 2010), Athens, Greece, 26-28 July 2010.
- Programme Committee, IADIS International Conference on e-COMMERCE 2010, Freiburg, Germany, 28-30 July 2010.
- Programme Committee, 9th Annual Information Security South Africa Conference (ISSA 2010), Johannesburg, South Africa, 2-4 August 2010.
- Programme Committee, Sixth International Conference on Information Assurance and Security (IAS 2010), Atlanta, USA, 23-25 August 2010.
- Programme Committee, 7th International Conference on Trust, Privacy and Security in Digital Business (TrustBus'10), Bilbao, Spain, 30 August - 3 September 2010.
- Programme Committee, 25th IFIP International Information Security Conference (SEC 2010), Brisbane, Australia, 20-23 September 2010.
- Programme Committee, 7th European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI’10), Athens, Greece, 23-24 September 2010.
- Programme Committee, 2010 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2010), Bela Bela, South Africa, 11-13 October 2010.
- Programme Committee, IFIP IDMAN 2010 - 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN’10), Oslo, Norway, 18-19 November 2010.
- Programme Committee, 5th International Workshop on Security (IWSEC 2010), Kobe, Japan, 22-24 November 2010.
- Programme Committee, FTRG 2010 International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA-10) Seoul, Korea, 9-11 December 2010.
- Technical Program Committee, 7th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications (DRM 2011), Las Vegas, Nevada, 9 January 2011.
- Technical Program Committee, Second International Conference on Technical and Legal Aspects of the e-Society (CYBERLAWS 2011), Gosier, Guadeloupe, France, 23-28 February 2011.
- Programme Committee, 20th Annual EICAR Conference (EICAR 2011), Krems, Austria, 9-10 May 2011.
- Programme Committee, 6th Annual Conference Security and Protection of Information (SPI), Brno, Czech Republic, 10-12 May 2011.
- Programme Committee, 26th IFIP International Information Security Conference (SEC2011) Lucerne, Switzerland, 7-9 June 2011.
- Programme Committee, Eighth Workshop on Security in Information Systems (WOSIS 2011), Beijing, China, 8-11 June 2011.
- Programme Committee, International Conference on Security and Cryptography - SECRYPT 2011, Seville, Spain, 18-21 July.
- Programme Committee, IADIS International Conference on e-COMMERCE 2011, Rome, Italy, 21-23 July 2011.
- Programme Committee, 2nd International Cyber Resilience Conference (ICR2011), Perth, Australia, 1-2 August 2011.
- Programme Committee, 10th Annual Information Security South Africa Conference (ISSA 2011), Johannesburg, South Africa, 15-17 August 2011.
- Programme Committee, Fourth International Conference on Internet Technologies and Applications (ITA11), Wrexham, North Wales, 6-9 September 2011.
- Programme Committee, 6th International Conference on Critical Information Infrastructures Security (CRITIS 2011), Lucerne, Switzerland, 8-9 September 2011.
- Programme Committee, 2011 European Intelligence and Security Informatics Conference (EISIC 2011), Athens, Greece, 12-14 September 2011.
- Program Committee, 8th European Workshop on PKI, services and applications (EUROPKI 2011), Leuven, Belgium, 15-16 September 2011.
- Program Committee, 2011 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2011), Cape Town, South Africa, 3-5 October 2011.
- Programme Committee, 6th International Workshop on Security (IWSEC 2011), Tokyo, Japan, 8-10 November 2011.
- Programme Committee, Fourth International Conference on Developments in E-Systems Engineering (DESE2011), Dubai, UAE, 6-8 December 2011.
- Programme Committee, 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), Sydney, Australia, 12-14 December 2011.
- Program Committee, Third International Conference on Technical and Legal Aspects of the e-Society (CYBERLAWS 2012), Valencia, Spain, 30 January – 4 February 2012.
- Programme Committee, 21stAnnual EICAR Conference (EICAR 2012), Lisbon, Portugal, 7-8 May 2012.
- Program Committee, Second International Workshop on Information Systems Security Engineering (WISSE’12), GdaÅ„sk, Poland, 26 June 2012.
- Programme Committee, 11th European Conference on i-Warfare and Security (ECIW 2012), Laval, France, 5-6 July 2012.
- Program Committee, Tenth International Conference on Privacy, Security and Trust (PST'2012), Paris, France, 16-18 July 2012.
- Programme Committee, International Conference on Security and Cryptography - SECRYPT 2012, Rome, Italy, 24-27 July 2012.
- Programme Committee, 7th International Conference on Availability, Reliability and Security (ARES 2012), Prague, Czech Republic, 20-24 August 2012.
- Programme Committee, 4th International Workshop on Managing Insider Security Threats (MIST 2012), Fukuoka, Japan, 8-9 November 2012.
- Programme Committee, IEEE Asia Pacific Cloud Computing Congress 2012, Shenzhen, China, 14-17 November 2012.
- Programme Committee, 4th International Symposium on Cyberspace Safety and Security (CSS 2012), Melbourne, Australia, 12-13 December 2012.
- Programme Committee, Workshop on Information Security and Privacy (WISP) 2012, Orlando, Florida, 15 December 2012.
- Programme Committee, 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN ’13), Royal Holloway, University of London, UK, 17-19 December 2012.
- Programme Committee, 7th International Conference Security and Protection of Information (SPI’2013), Brno, Czech Republic, 22-24 May 2013.
- Programme Committee, "Security and Privacy in Healthcare IT" track, 26th IEEE International Symposium on Computer-Based Medical Systems, Oporto University, Portugal, 20-22 June 2013.
- Program Committee, Tenth Workshop on Security in Information Systems (WOSIS 2013), Angers, France, 3-7 July 2013.
- Programme Committee, Eleventh International Conference on Privacy, Security and Trust (PST'13), Tarragona, Spain, 17-19 July 2013.
- Progamme Committee, IADIS International Conference on e-Commerce 2013, Prague, Czech Republic, 24-26 July.
- Programme Committee, 10th International Conference on Security and Cryptography - SECRYPT 2013, Reykjavik, Iceland, 29-31 July 2013.
- Programme Committee, 24th International Conference on Database and Expert Systems Applications (DEXA 2013), Prague, Czech Republic, 26-30 August 2013.
- Programme Committee, 8th International Conference on Availability, Reliability and Security (ARES 2013), Regensburg, Germany, 2-6 September 2013.
- Programme Committee, International Conference on Cloud Security Management (ICCSM-2013), George Washington University, Seattle, USA, 17-18 October 2013.
- Programme Committee, 5th International Workshop on Managing Insider Security Threats (MIST 2013), Pukyung National University, Busan, Korea, 24-25 October, 2013.
- Programme Committee, Workshop on Information Security and Privacy (WISP) 2013, Milan, Italy, 14 December 2013.
- Programme Committee, 11th Workshop on Security in Information Systems (WOSIS 2014), Lisbon, Portugal, 27 April 2014.
- Programme Committee, 29th IFIP International Information Security and Privacy Conference (SEC 2014), Marrakech, Morocco, 2-4 June 2014.
- Program Board, 2nd International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2014), Heraklion, Crete, Greece, 22 - 27 June 2014.
- Programme Committee, 11th International Conference on Security and Cryptography - SECRYPT 2014, Vienna, Austria, 28-30 August 2014.
- Program Committee, Emerging Aspects in Information Security (EAIS'14), Warsaw, Poland, 7-10 September 2014.
- Programme Committee, 9th International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, 8-12 September 2014.
- Program Committee, Second International Workshop on Emerging Cyberthreats and Countermeasures (ECTCM 2014), Fribourg, Switzerland, 8-12 September 2014.
- Programme Committee, 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS’2014), Aveiro, Portugal 25-26 September 2014.
- Program Committee, 8th International Conference on Network and System Security (NSS 2014), Xi'an, China, 15-17 October 2014.
- Reviewer, African Cyber Citizenship Conference 2014 (ACCC2014), Port Elizabeth, South Africa, 5-6 November 2014.
- Programme Committee, 6th International Workshop on Managing Insider Security Threats (MIST 2014), Republic of Korea, 21-22 November 2014.
- Programme Committee, 1st International Conference on Information Systems Security and Privacy (ICISSP 2015), Angers, France, 9-11 February 2015.
- Programme Committee, 2015 International Symposium on Advances in Computing, Communications, Security, and Applications for Future Computing (ACSA-15), Jeju, Korea, 24-26 February 2015.
- Program Committee, 12th International Workshop on Security in Information Systems (WOSIS 2015), Barcelona, Spain, 27 April 2015.
- Technical Programme Committee, 2nd Conference on Information Security (CIS 2015), Beijing, China, 24-26 May 2015.
- Programme Committee, Fifth International Workshop on Information Systems Security Engineering (WISSE’15), Stockholm, Sweden, 8-12 June 2015.
- Program Committee, 12th International Conference on Security and Cryptography (SECRYPT 2015), Colmar, France, 20-22 July 2015.
- Programme Committee, 12th International Conference on e-Commerce and Digital Marketing 2015, Las Palmas de Gran Canaria, Spain, 21-23 July 2015
- Program Board, 3rd International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2015), Los Angeles, CA, USA, 2-7 August 2015.
- Programme Committee, 7th International Symposium on Cyberspace Safety and Security (CSS 2015), New York, USA, 24-26 August 2015.
- Programme Committee, 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France, 24-28 August 2015.
- Programme Committee, Third International Workshop on Emerging Cyberthreats and Countermeasures (ECTCM 2015), Toulouse, France, 24-28 August 2015.
- Programme Committee, International Workshop on Multimedia Forensics and Security (MFSec 2015), Toulouse, France, 24-28 August 2015.
- Programme Committee, 26th International Conference on Database and Expert Systems Applications (DEXA 2015), Valencia, Spain, 1-4 September 2015.
- Programme Committee, 12th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2015), Valencia, Spain, 1-2 September 2015.
- Program Committee, 14th International Conference of the Biometrics Special Interest Group (BIOSIG 2015), Darmstadt, Germany, 9-11 September 2015.
- Program Committee, 2nd Workshop on Emerging Aspects in Information Security (EAIS'15), Lodz, Poland, 13-16 September 2015.
- Program Committee, 3rd International Conference on Innovative Network Systems and Applications (iNetSApp'15), Lodz, Poland, 13-16 September 2015.
- Program Committee, 2nd Workshop on Security in highly connected IT systems (SHCIS ’15), Vienna, Austria, 21-25 September 2015.
- Programme Committee, 7th ACM CCS International Workshop on Managing Insider Security Threats (MIST 2015), Denver, Colorado, 12-16 October 2015.
- Programme Committee, International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec 2015), Hangzhou, China, 16-18 November 2015.
- Programme Committee, 6th International Conference on e-Democracy (e-Democracy 2015), 10-11 December 2015, Athens, Greece.
- Reviewer, 2nd Biennial International Conference on the use of Pads in Higher Education (ihe2016), San Francisco, USA, 16-18 March 2016.
- Technical Programme Committee, 2016 International Conference on Information Resources Management, Cape Town, South Africa, 18-20 May 2016.
- Programme Committee, 31st International Conference on ICT Systems Security and Privacy Protection (SEC 2016), Ghent, Belgium, 20 May - 1 June 2016.
- Program Board, 4th International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2016), Toronto, Canada, 17-22 July 2016.
- Programme Committee, European Workshop on Usable Security (EuroUSEC), Darmstadt, Germany, 18 July 2016.
- Program Committee, “Trustworthy Authentication in Pervasive Computing" track, 13th IEEE International Conference on Advanced and Trusted Computing (ATC 2016), Toulouse, France, 18-21 July 2016.
- Program Committee, 13th International Conference on Security and Cryptography (SECRYPT 2016), Lisbon, Portugal, 26-28 July 2016.
- Programme Committee, 11th International Conference on Availability, Reliability and Security (ARES 2016), Salzburg, Austria, 31 August – 2 September 2016.
- Programme Committee, 27th International Conference on Database and Expert Systems Applications (DEXA 2016), Porto, Portugal, 5-8 September 2016.
- Programme Committee, 11th International Workshop on Data Privacy Management (DPM 2016), Heraklion, Crete, Greece, 26-30 September 2016.
- Program Committee, 2016 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2016), Johannesburg, South Africa, 26-28 September 2016.
- Programme Committee, 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST 2016), Vienna, Austria, 24-28 October 2016.
- Program Committee, 7th Annual Workshop on Information Security and Privacy (WISP 2016), Dublin, Ireland, 10 December 2016.
- Programme Committee, 1st International Workshop on Cyber Deviance Detection (CyberDD 2017), Cambridge, UK, 10 February 2017.
- Program Committee, 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), Rome, Italy, 29-31 May 2017.
- Program Board, 5th International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2017), Vancouver, Canada, 9-14 July 2017.
- Program Committee, 14th International Conference on Security and Cryptography (SECRYPT 2017), Madrid, Spain, 26-28 July 2017.
- Technical Programme Committee, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-17), Sydney, Australia, 1-4 August, 2017.
- Program Committee, 14th IEEE Conference on Advanced and Trusted Computing (ATC 2017), San Francisco, USA, 4-8 August 2017.
- Programme Committee, 16th International Information Security for South Africa Conference (ISSA 2017), Johannesburg, South Africa, 16-17 August 2017.
- Programme Committee, 28th International Conference on Database and Expert Systems Applications (DEXA 2017), Lyon, France, 28-31 August 2017.
- Program Committee, 12th International Conference on Availability, Reliability and Security (ARES 2017), Reggio Calabria, Italy, 29 August – 2 September 2017.
- Program Committee, 1st International Conference on Security, Privacy, and Trust (INSERT'17), Prague, Czech Republic, 4-7 September 2017.
- Programme Committee. 2017 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2017), Bloemfontein, South Africa, 26-28 September 2017.
- Programme Committee, Second International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2017 committee, Barcelona, Spain, 12-16 November 2017.
- Programme Committee, International Workshop on Cloud Computing Security: Threats, Intelligence, and Mitigation (CCSTIM), Austin, Texas, USA, 5-8 December 2017.
- Program Committee, 8th Annual Workshop on Information Security and Privacy (WISP 2017), Seoul, Korea, 9 December 2017.
- Program Committee, 7th International Conference on e-Democracy (eDemocracy 2017), Athens, Greece, 14-15 December 2017.
- Technical Program Committee, International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT), Beijing, China, 30 May – 1 June 2018.
- Program Committee, KM Conference 2018, Pisa, Italy, 20-23 June 2018.
- Program Committee, 15th International Conference on Security and Cryptography (SECRYPT 2018), Porto, Portugal, 26-28 July 2018.
- Programme Committee, 29th International Conference on Database and Expert Systems Applications (DEXA 2018), Regensburg, Germany, 3-6 September 2018.
- Program Committee, Twelfth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2018), Venice, Italy, 16-20 September 2018.
- Program Committee, 11th World Conference on Information Security Education (WISE 11), Poznan, Poland, 18-21 September 2018.
- Program Committee, 15th IEEE Conference on Advanced and Trusted Computing (ATC 2018), Guangzhou, China, 8-12 October 2018.
- Technical Program Committee, The Third International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2018), Athens, Greece, 18-22 November 2018.
- Programme Committee, KM Conference 2019, Warsaw, Poland, 26-29 June 2019.
- Program Board,1st International Conference on HCI for Cybersecurity, Privacy and Trust (HCI-CPT), Walt Disney World Swan and Dolphin Resort, Orlando, Florida, USA, 26-31 July 2019.
- Technical Program Committee, Fourth International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2019), Porto, Portugal, 22-26 September 2019.
- Program Committee, 8th International Conference on e-Democracy (eDemocracy 2019), Athens, Greece, 12-13 December 2019.
- Technical Program Committee, Seventh International Symposium on Security in Computing and Communications (SSCC'19), Trivandrum, Kerala, India, 18-21 December 2019.
- Technical Program Committee, 1st International Conference on Cyber Security, Privacy and Networking (ICSPN 2020), Jaipur, India, 20-22 March 2020.
- International Advisory Committee, Second International Conference on Emerging Trends in Information Technology (ICETIT-2020), Janakpuri, New Delhi, India, 19-20 June 2020.
- Program Board, 2nd International Conference on HCI for Cybersecurity, Privacy and Trust (HCI-CPT 2020), Copenhagen, Denmark, 19-24 July 2020.
Current MPhil/PhD Supervisions
- Mr Fayez Alotaibi, Human Aspects of Information Security
- Ms Moneerah Alotaibi, Usable security for young users
- Mrs Norah Alqahtani, Online Gaming Risks for Children: Developing a Dynamic Awareness Framework
- Mr Abdulrahman Alruban, Applying biometrics to digital forensics
- Mr Abdulaziz Altamimi, Author Identification of of Text Limited Messages
- Mr Rami Alzahrani, Privacy Preserving Schemes for Mobile and Wearable Devices
- Mr Craig Banyard, Learning Analytics
- Mr Zinnar Ghasem, A framework for tailored cyber security training
- Mr Ram Herkanaidu, To investigate effective learning strategies to raise awareness around security and privacy issues amongst young people
- Nirosha Holton, Motivating security engagement and compliance
- Mr Dany Joy, An Intelligent Network Forensic Analyzer
- Mr Klaus Mairon, Agile and Model-Driven Methods
- Mr Jurgen Markert, Attack Vectors to Wireless ZigBee Network Communications - Analysis Countermeasures
- Mr Artur Mertens, Competencies in Digital Brand Management
- Mrs Alaa Tolah, Factors influencing security expenditure
- James Weston, The impact of effective cyber security awareness within Critical National Infrastructure Operational Technology environments
Completed MPhil/PhD Supervisions
- Dr Abdulwahid Al Abdulwahid, Federated Authentication using the Cloud (Cloud Aura) (2017)
- Dr Mahmood Al Fahdi, Automated Digital Forensics & Cybercrime Profiling (2016)
- Dr Hiba Al-Kawaz, Facial Identification for Digital Forensics (2019)
- Dr Abdualaziz Alayed, Active security vulnerability notification and resolution (2006)
- Dr Manal Alohali, A Model for User-centric Information Security Risk Assessment and Response (2019)
- Dr Faisal Alotaibi, Evaluation and Enhancement of Public Cyber Security Awareness (2019)
- Dr Mutlaq Alotaibi, User's behaviour with Organisational Information Security Policies (2017)
- Dr Saud Nejr Alotaibi, Transparent User Authentication For Mobile Applications (2019)
- Dr Gaseb Alotibi, Behavioural Monitoring via Network Communications (2017)
- Dr Saad Alqahtany, A Forensically-Enabled Cloud Computing Architecture (2017)
- Dr Hussain Alsaiari, Graphical One-Time-Password Authentication (2016)
- Dr Thorsten Alxneit, Sustainability Reporting Process Model using Business Intelligence (2014)
- Dr Nathan L Clarke, Advanced User Authentication for Mobile Devices (2004)
- Dr Jeff Crume, Advancing User Authentication and Access Management (2019)
- Dr Vassilis Dimopoulos, Effective Information Assurance with Risk Management (2007)
- Dr Paul S Dowland, User authentication and supervision in networked systems (2004)
- Dr Michael P Evans, A Model for Managing Information Flow on the World Wide Web (2001)
- Dr Klaus-Peter Fischer, Security Policy Enforcement in Application Environments using Distributed Script-Based Control Structures (2007)
- Dr Bogdan V Ghita, Performance characterisation of IP networks (2005)
- Dr Samuel Goebert, Decentralised Hosting and Preservation of Digital Collections (2019)
- Dr Lena Gribel, Drivers of Wearable Computing Adoption: An Empirical Study of Success Factors Including IT Security and Consumer Behaviour-Related Aspects (2018)
- Dr Chris Hocking, Authentication Aura: A cooperative and distributed approach to user authentication on mobile devices (2015)
- Dr Tarik Ibrahim, Improving Intrusion Prevention, Detection and Response (2011)
- Dr Mohd Zalisham Jali, Enhancing User Authentication using Graphical Techniques (2011)
- Dr Elizabeth M Joyce, Security aspects of Distributed Processing Environments (2002)
- Dr Nor Badrul Anuar Jumaat, Incident Prioritisation for Intrusion Response Systems (2012)
- Dr Sevasti Karatzouni, Non-Intrusive Continuous User Authentication for Mobile Devices (2014)
- Dr Martin H Knahl, A Generic Network and System Management Framework (2002)
- Dr Janet Kneller, Multiple Stakeholder Perspectives of Complex Online Services: An e-Government Case Study (2016)
- Dr Peter Korovessis, Establishing an Information Security Awareness and Culture (2015)
- Dr Mike Krey, IT Governance in the Health Care Sector (2013)
- Dr George Magklaras, An Insider Misuse Threat Detection and Prediction Language (2012)
- Mr George Magklaras, A generic architecture for intrusion specification and misuse detection in IT systems (2005)
- Dr Najem Mahmoud, An Evaluation of Targeted Security Awareness for End Users (2019)
- Dr Natalia Miloslavskaya, Network Security Intelligence Centres for Information Security Incident Management (2019)
- Dr Licha Mued, A model for predicting the performance of IP videoconferencing (2004)
- Dr Maria Papadaki, Classifying and responding to network intrusions (2004)
- Dr Andrew D Phippen, Component Technologies and their impact upon Software Development (2001)
- Dr Aung Phyo, A Generic Architecture for Insider Misuse Monitoring in IT Systems (2007)
- Mr Joerg Preuss, Profiling methods for computer crime and abuse (2008)
- Dr Shukor Razak, Two-Tier Intrusion Detection System for Mobile Ad Hoc Networks (2007)
- Dr Donna Reid, The social and psychological impact of SMS text messaging (2007)
- Dr Felix Rimbach, Internet-marketing for profit organizations: A framework for the implementation of strategic Internet marketing (2010)
- Dr Philip M Rodwell, Non-Intrusive Subscriber Authentication for Next Generation Mobile Communication Systems (2006)
- Dr Hataichanok Saevanee, Continuous User Authentication Using Multi-Modal Biometrics (2014)
- Dr Nichola J Salmons, Composite and Comprehensive Multimedia Electronic Health Care Records (2000)
- Dr Benjamin G Sanders, Opportunities and Risks in Online Gaming Environments (2016)
- Dr Steffen W. Schilke, Multi-Dimensional-Personalization in Mobile Contexts (2013)
- Dr Harjit Singh, Behavioural Profiling and Intrusion Detection Systems Using Data Mining (2004)
- Dr Ulrike Spierling, 'Implicit Creation' - Non-Programmer Conceptual Models for Authoring in Interactive Digital Storytelling (2010)
- Dr Shuhaili Talib, Personalising Information Security Education (2014)
- Dr Aruna Thakur, Feed forward controller for layered video coding (2007)
- Dr Gina C Tjhai, Anomaly-Based Correlation of IDS Alarms (2011)
- Dr Chris Tucker, Performance Metrics for Network Intrusion Systems (2013)
- Dr Zarul Fitri Zaaba, Enhancing Usability using Automated Security Interface Adaptation (ASIA) (2014)
- Dr Ibrahim Zincir, Behavioural Profiling In Wireless Networks (2011)
Examination of research degrees
2019 The Economics of Information-Systems Defense Capability, PhD thesis, University of Lausanne, Switzerland.
2019 The socio-organisational factors that shape guardianship experience of information security management in organisations, PhD thesis, Abertay University, UK.
2019 Designing for Cyber Security Risk-based Decision Making, PhD thesis, Bournemouth University, UK.
2018 Human Behaviour Analysis Using Smartphone Sensor Data, PhD thesis, IIT Indore, India.
2018 A National Framework of Common Operational Procedure to Mandate Cyber Security Information Sharing in the United Arab Emirates, PhD thesis, Bournemouth University, UK.
2018 An Intrusion Detection Scheme for Identifying Known and Unknown Web Attacks (I-WEB), PhD thesis, University of Warwick, UK.
2017 A Bring Your Own Device Information Security Behavioural Model: a case study at a Zimbabwean commercial bank, PhD thesis, University of Fort Hare, South Africa.
2017 Security Modeling of Web Applications in Wireless Local Area Networks through Bio-Cryptography, PhD thesis, National Institute of Technology Jamshedpur, India.
2017 A Framework for Fostering Cyber Security Culture at a Social Level, PhD thesis, Nelson Mandela Metropolitan University, South Africa.
2017 Exploiting the self-similarity of inter-packet timings to detect and investigate network attacks and identify abnormalities, EngD thesis, University of Reading, UK.
2017 Towards a Smartphone Application User Security Competency Evolution Model, PhD Thesis, University of Johannesburg, South Africa.
2017 APIC: A Method for Automated Pattern Identification and Classification, PhD Thesis, University of Cape Town, South Africa.
2017 Illegitimate Traffic Detection in Encrypted Tunnel using Ensemble Classification Technique, PhD thesis, Universiti Putra Malaysia, Malaysia.
2017 Digital Forensics Practices: A Road Map for Building Digital Forensics Capability, PhD thesis, De Montfort University, UK.
2017 Improving the Security of Real World Identity Management Systems, PhD thesis, Royal Holloway University of London, UK.
2016 Encouraging Employee Compliance with Information Security Policies in Cloud Computing in Hong Kong, Doctor of Business Administration thesis, University of Newcastle, Australia.
2016 Passive video forgery detection using Frame correlation statistical features, Doctoral thesis, University of Malaya, Malaysia.
2016 Security Demands, Organisational and Personal Resources: A Stress-Based Security Compliance Model, PhD thesis, RMIT University, Australia.
2016 A Hierarchical Group Key Management with Host Mobility Protocol in Wireless Mobile Environments, Doctoral thesis, University of Malaya, Malaysia.
2016 A Critical Analysis of End-User Security Behaviour, PhD thesis, University of South Wales, UK.
2015 The development and evaluation of an Information Security Awareness Capability Model: Linking ISO/IEC 27002 controls with Awareness Importance, Capability and Risk, PhD thesis, University of Southern Queensland, Australia
2015 MobiLeak: Security and Privacy of Personal Data in Mobile Applications. PhD thesis, Royal Institute of Technology, Sweden.
2015 A Biometric Security System Using Dorsal Hand Vein Patterns and Palmprints, PhD thesis, University of Mauritius, Mauritius.
2015 Multi Provision Service based Internet charging Scheme, PhD thesis, University of Technology Sydney, Australia.
2015 Exploring the Memorability of Multiple Recognition-Based Graphical Passwords and Their Resistance to Guessability Attacks, PhD thesis, University of Glasgow, UK.
2014 Information security risk management in Australian real estate sectors, PhD thesis, University of South Australia, Australia.
2014 A Model to improved Smartphone Information Security Awareness, PhD thesis, University of Fort Hare, South Africa
2014 A Noun-Based Approach to Support Location and Recency of Developers’ Activities for Improving Automatic Bug Assignment, PhD thesis, University of Malaya, Malaysia.
2014 A Secure and Scalable Communication Framework for Inter-Cloud Services, PhD thesis, City University, UK.
2014 On Methodologies to Select Systems for Automated Personal Identification, PhD thesis, Royal Holloway University of London, UK.
2014 Secure Management of Multi-Application Mobile Platforms, PhD thesis, KTH Royal Institute of Technology, Sweden (assessed as Quality Reviewer, post-examination)
2014 A Value Framework for Information and Communication Technology in South African Higher Education Institutions, PhD thesis, Nelson Mandela Metropolitan University, South Africa.
2014 Energy-Efficient Data Security Schemes for Mobile Users in Cloud Environment, PhD thesis, University of Malaya, Malaysia.
2013 Trusted Channels and Roots of Trust in Distributed Embedded Systems, PhD thesis, Macquarie University, Australia.
2013 An Exploration of the Factors Influencing Home Users’ Cybersecurity Behaviours, PhD thesis, Victoria University of Wellington, New Zealand.
2013 Risk Analysis Using “Conflicting Incentives” as an Alternative Notion of Risk, PhD thesis, Gjovik University College, Norway.
2013 An Ecologically Valid Evaluation of an Observation-Resilient Graphical Authentication Mechanism, PhD thesis, University of Glasgow, UK.
2013 Investigating Information Systems Security Management Maturity for Small Medium Industries and Enterprises Electronic Commerce Using Technology, Organization and Enterprise Framework, PhD thesis, University of Malaya, Malaysia.
2013 A method for analysing Value–Based Compliance in Information Systems Security, PhD thesis, Orebro University, Sweden.
2013 Adaptable Middleware Framework for Interactive Services in Pervasive Computing, PhD thesis, Anna University, India.
2013 Effective Online Privacy Mechanisms with Persuasive Communication, PhD thesis, Cranfield University, UK.
2012 A Baseline for Information Security Knowledge for End Users, MTech thesis, Nelson Mandela Metropolitan University, South Africa.
2012 A Code of Conduct for Computer Forensic Investigators, Professional Doctorate, University of East London, UK.
2012 An Examination of Information System Risk Perception Using the Repertory Grid Technique, PhD Thesis, University of Adelaide, Australia.
2012 Security Awareness in Western Australian Online Banking Users of Phishing Attacks, Professional Doctorate, Edith Cowan University, Australia.
2012 A Method for Securing Online Community Service: A Study of Selected Western Australian Councils, Professional Doctorate, Edith Cowan University, Australia.
2012 A Framework for the development of a Personal Information Security Agent. MTech thesis, Nelson Mandela Metropolitan University, South Africa.
2011 Valuation and Reporting of Security Assurance at Operational Systems Level, PhD thesis, University of East London, UK.
2011 A Scalable, Distributed and Secure Position-based Routing Protocol for Ad-Hoc Networks, PhD thesis, University of Malaya, Malaysia.
2011 Towards an Information Security Framework for Government to Government: A Perspective from East Africa, PhD thesis, University of South Africa, South Africa.
2011 Educating users about information security by means of game play, MTech thesis, Nelson Mandela Metropolitan University, South Africa.
2011 A Model for Privacy-Aware Presence Management in Mobile Communications, PhD thesis, Nelson Mandela Metropolitan University, South Africa.
2011 A Tactical Management Model of Forensic Evidence Processes, PhD thesis, University of Western Australia.
2010 Analysis Avoidance Techniques of Malicious Software, PhD thesis, Edith Cowan University, Australia.
2010 Securing Home & Correspondent Registrations in Mobile IPv6 Networks, PhD thesis, University of Manchester, UK.
2010 Authentication in Health Services, PhD thesis, University of Oslo, Norway.
2009 Vulnerabilities in Class One Electronic Product Code Radio Frequency Identification Systems, PhD thesis, Edith Cowan University, Australia.
2009 A Framework for Assessing Certification Schemes for IT Security Professionals, PhD thesis, Deakin University, Australia.
2009 Network Firewalls Dynamic Performance Evaluation and Formalisation, PhD thesis, Napier University, UK.
2009 E-Business Information Systems Security Design Paradigm and Model, Royal Holloway University of London, UK.
2008 Authentication and Privacy in Mobile Web Services, PhD thesis, City University, UK.
2008 Enhancing Password based authentication by incorporating typing dynamics, MPhil to PhD transfer, University of Mauritius, Mauritius.
2008 Cultivating and Assessing Information Security Culture, PhD thesis, University of Pretoria, South Africa.
2008 A Systems Analysis Method for Online Teaching and Learning Systems, PhD thesis, Deakin University, Australia.
2008 Assessing the Risk to Information Systems and Processes from Malicious Electromagnetic Threats – Through the Development of Diagnostic and Detection Techniques, PhD thesis, University of Glamorgan, UK.
2008 Optimization in Multi-Agent Systems, PhD thesis, Cork Institute of Technology, Ireland.
2008 Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Australia, PhD Thesis, Monash University, Australia.
2007 On the Identification of Security Vulnerabilities, PhD thesis, Royal Holloway, University of London, UK.
2007 An investigation into information security in general medical practice, PhD thesis, Edith Cowan University, Australia.
2007 An Approach Towards Standardising Vulnerability Categories, MSc by research, University of Pretoria, South Africa.
2007 Usable Security Policies in Runtime Environments. PhD thesis, Linköping University, Sweden.
2007 Masquerader Detection in Mobile Context based on Behaviour and Environment Monitoring. PhD thesis, University of Jyvaskyla, Finland.
2006 An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer Networks. PhD thesis, University of Surrey, UK.
2006 Program Behaviour Modelling with Flexible Logical Entity Abstraction, PhD thesis, University of Ballarat, Australia.
2006 Multi-Party Non-Repudiation Protocols and Applications, PhD thesis, University of Malaga, Spain.
2006 Digital Forensic Evidence Collection by System Activity Logs, PhD thesis. University of Melbourne, Australia.
2006 Towards a Framework for Corporate Information Governance, MTech dissertation, Nelson Mandela Metropolitan University, South Africa.
2005 Delegating Signing Power to Mobile Agents: Algorithm and Protocol Designs. PhD thesis. University of Manchester, UK.
2005 The Australian Small to Medium Enterprise E-Business Security Methodology. PhD thesis. Deakin University, Australia.
2005 Changing the Way the World Thinks about Computer Security. PhD by publication. Middlesex University, London, UK.
2005 An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer Networks. MPhil to PhD transfer, University of Surrey, UK.
2005 A Simulation Study of Traffic Conditioner Performance. MSc by research. University of Pretoria, South Africa.
2005 Holistic Information Security Management Framework. Doctoral Thesis. Karlstad University, Sweden.
2005 Intrusion Detection and Protection of Application Servers. Licentiate thesis. Chalmers University, Sweden.
2004 Secure and Distributed Multicast Address Allocation on IPv6 Networks. MSc by research. University of Pretoria, South Africa.
2004 A Tool-kit for XML-based and process-oriented Application Integration. PhD thesis. Cork Institute of Technology, Ireland
2004 Threats to Information Systems and Effective Countermeasures. PhD by publication. University of Glamorgan, UK
2004 DiDDeM: A system for early detection of denial-of-service attacks. PhD thesis. Liverpool John Moores University, UK.
2004 Protecting agents against malicious host attack. PhD thesis. Aston University, UK.
2004 Comprehensive strategy on security of electronic networks. MPhil thesis. University of Bradford, UK.
2004 NeGPAIM: A model for the proactive detection of information security intrusions. PhD thesis. Port Elizabeth Technikon (South Africa)
2003 Inferential analysis of incomplete audit data sets. PhD thesis. University of Glamorgan, UK.
2003 Interactive Generation of Uniformly Random Samples of World Wide Web Pages. MSc by Research thesis. Kingston University, UK.
2003 Enterprise IT Security Data Model and security of the Internet. MPhil thesis. Coventry University, UK.
2002 Distributed Failure Restoration for ATM Tactical Communication Networks. Ph.D. thesis. De Montfort University, UK.
2002 An Anomaly Intrusion Detection System Based on Intelligent User Recognition. Ph.D. thesis. University of Jyvaskyla, Finland.
2002 The evolving nature of fraud investigation and prevention. Ph.D. thesis. Deakin University, Australia.
2001 Design and Implementation of an Intranet-Solution especially with Workflow Aspects. M.Sc. thesis. Cork Institute of Technology, Ireland.
2000 Methods for Intelligent User Recognition Based on Machine Learning Techniques in Anomaly Intrusion Detection. Licentiate thesis. University of Jyvaskyla, Finland.
2000 Human-Computer Interaction via Telephone. M.Sc. thesis. Cork Institute of Technology, Ireland.
2000 Software Component Reuse by Adaptation. Ph.D. thesis. Cork Institute of Technology, Ireland.
Invited Presentations, Lectures, etc.
- “Usability and Supporting the User”, invited speaker, CriM 2019 Cyber Security Seminar and Workshops), Oulu, Finland, 30 October 2019.
- “Cyber Security: Why should I care?”, invited talk, Met Office, Exeter, UK, 4 October 2019.
- “Cybersecurity for the individual”, MBA guest lecture, University of Nevada Reno, 2 May 2019.
- “Cybersecurity Illiteracy”, keynote talk, 18th Annual Security Conference, Las Vegas, USA, 30 April 2019.
- “Perpetuating a Culture of Cybersecurity Ignorance“, invited talk, CAMS Research Consortium, MIT Sloan School of Management, 15 February 2019.
- “Connect, Connect, Connect – Have we forgotten Stop and Think?”, Keynote talk, Digital Differences Conference, University of Suffolk, Ipswich, UK, 5 February 2019.
- “Passwords: The Keys to your (Online) Kingdom“, Invited webcast with David Emm (Kaspersky Lab), BrightTALK, 18 December 2018.
- “Passwords: Nurture not nature”, invited speaker, IDM 2018 - Identity Management Conference, London, UK, 15 November 2018.
- “Cybercrime: Are we keeping up?”, invited speaker, CriM 2018 Cyber Security seminar and workshops), Oulu, Finland, 1 November 2018.
- “How we’re helping cyber criminals”, UK-German Cyber Security Forum, British Consulate, Munich, Germany, 23 October 2018.
- “From practitioner to professional: Securing the right cyber skills”, Cyber Re:coded, Tobacco Dock, London, 15 October 2018.
- “Essential steps – How much do they cover?”, invited talk, Huntsman Cyber Security Breakfast Briefing, HQS Wellington, London, UK, 12 September 2018.
- “Authenticating Ourselves – Frontline Protection in the i-Society”, keynote speaker, International Conference on Information Society (i-Society 2018), Dublin, Ireland, 17 July 2018.
- “New technology, Static Security”, Closing morning keynote, Cyber Security Future 2018, London, 10 July 2018.
- “Retro Gaming – The games we played”, Guest lecture, European Council of Georgia Study Abroad Program, London, 10 July 2018.
- “User Authentication – What you know, what you have and what you are”, Guest lecture, University of Piraeus, Greece, 14 June 2018.
- “Is This the Year of the Cyber Professional?”, Security Workshop, InfoSecurity Europe 2018, London, 7 June 2018.
- “They never learn – Why bother with cyber security awareness?”, invited talk, Institute of Information Security Professionals Annual General Meeting, London, UK, 22 May 2018.
- “Retro Gaming – Yesterday’s Technology Rebooted”, invited talk, BCS South West Branch, Plymouth, UK, 21 May 2018.\
- “User Authentication: From Secrets to Biometrics”, invited talk, Trends in Cybersecurity, Austrian Computer Society, Vienna, Austria, 17 May 2018.
- “Minimising Cyber Risk – Do we do the basics?”, invited presentation and panellist, Reinforcing Cyber Security: Building Security, Confidence and Capability in the Cyber Domain, Public Policy Exchange, London, 10 May 2018.
- “The Rise of the Biometric Society”, Opening Keynote, 1st International Conference on Networking, Information Systems & Security (NISS 2018), Tangier, Morocco, 27 April 2018.
- “Security policy compliance in organisations”, invited seminar, Department of Information Systems, University of Lausanne, Switzerland, 10 April 2018.
- “Cybersecurity: The Impossible Lesson?”, Opening Keynote, 17th Annual Security Conference, Las Vegas, 26 March 2018.\
- “Why Your Business Can't Ignore the Need for a Password Manager Any Longer”, Invited panellist, InfoSecurity Magazine Webinar, 22 March 2018.
- “Proactive versus reactive: Developing an effective cyber security strategy”, invited talk, Insurance Innovators Counter Fraud 2018. London, UK, 14 March 2018.
- “Careering towards a secure future?”, IISP Cyber Career Development Event, Manchester, 28 February 2018.
- “Cyber Security: What does it mean?”, invited talk, IET Devon and Cornwall Network, Plymouth, UK, 8 February 2018.
- “Cyber Security: Defined and Demystified”, invited talk, South West Information Compliance Group Annual Seminar and Annual General Meeting, Exeter, UK, 6 February 2018.
- “Malware – A never ending battle?”, Panel chair, ICISSP 2018 - 4th International Conference on Information Systems Security and Privacy, Funchal, Madeira, Portugal, 22 January 2018.
- “Taming Security Technology”, Keynote speaker, 12th International Conference for Internet Technology and Secured Transactions (ICITST-2017), Cambridge, UK, 12 December 2017.
- “Careering towards a secure future?”, IISP Cyber Career Development Event, Edinburgh, 23 November 2017.
- “Usability of security”, invited speaker, CriM 2017 Cyber Security seminar and workshops), Oulu, Finland, 8 November 2017.
- “Build it and they will come? Questioning our provision of security technologies”, invited opening talk, Security and Protection of Information 2017 (SPI 2017), Brno, Czech Republic, 1 June 2017.
- “Vulnerable and Exploitable - A Patchy approach to security?”, Closing Keynote, BCS Configuration Management Specialist Group Annual Conference, London, 9 May 2017.
- “Enhancing Passwords: Life support for cybersecurity’s walking dead”, invited talk, Security Forum 2017, Hagenberg, Austria, 5 April 2017.
- “Not quite dead yet: password authentication revisited”, Panel discussion, 50th Hawaii International Conference on System Sciences (HICSS-50), Hilton Waikoloa Village, Hawaii, 5 January 2017
- “Careering towards a secure future?”, IISP Cyber Career Development Event, London, 25 November 2016.
- “Usable Security: Getting better by design?”, Keynote speaker, Sixteenth International Crisis Management Workshop (CriM’16), Oulu, Finland, 2 November 2016.
- “BYOD: Their Device, Your Problem?”, Mobile Working and Device Management in the Public Sector Conference, Salford, UK, 1 November 2016.
- “Vulnerability management: Not a patch on where we should be?”, Invited talk, Lancaster University, 30 June 2016.
- “Mobile device security: Providing protection where the user meets the network”, invited talk, 2016 European Future of Wireless Technology Workshop, Stockholm, Sweden, 14 June 2016.
- “User Authentication – Knowing, Having and Being”, Guest lecture, University of Piraeus, Greece, 16 May 2016.
- “The First 72 Hours - Dealing with the Crucial Time in Incident Response”, Invited panellist, InfoSecurity Magazine Webinar, 28 April 2016.
- “Addressing the Security Challenges Presented by Mobile Technology”, Keynote Presentation, Realising the Benefits of Mobile Technology and Learning in Higher and Further Education Forum, London, UK, 14 April 2016.
- “Cybersecurity – What’s in a name?”, Panel Chair, 15th Annual Security Conference, Las Vegas, 29 March 2016.
- “Why are we so emotional in security?!”, invited panel chair, CRESTCon and IISP Congress 2016, Royal College of Surgeons, London, 10 March 2016.
- “Usable Security”, Guest lecture, University of Kent, 26 January 2016.
- “Assessing current & future threats“, Invited Discussant, CERRE Expert Workshop – Cybersecurity: Safeguarding Europe’s Essential Infrastructure, Brussels, Belgium, 19 November 2015.
- “Securing the i-Society”, Keynote presentation, IEEE i-Society 2015, London, UK, 9 November 2015. Invited event chair, 5th Annual Payments Conference 2015, London, UK, 22 October 2015.
- “Educating Towards Cyber Security Professionalism”, Invited speaker, 4th International Conference on Cyber Security and Education, Alloa, Scotland, 16 October 2015.
- “Controlling Privacy – User expectations versus usability”, Invited speaker, CriM15 / Oulu Winter School, Oulu, Finland, 13 October 2015.
- “How to Articulate Risk to Senior Management”, Invited panelist, InfoSecurity Magazine Fall Virtual Conference - North America, 30 September 2015.
- “Mobile devices, immobile security?”, Keynote presentation, 9th International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2015), Cambridge, UK, 10 September 2015.
- “Addressing the Security Risks of Negligent Insiders”, Invited panellist, InfoSecurity Magazine Webinar, 31 July 2015.
- “Mobile Device Security – Whose Device? Whose Data? Whose Problem?”, Special Keynote Presentation, Maximising Mobile Technology and Learning Forum, London, UK, 8 July 2015.
- “Creating a Company-Wide Information Security Culture”, Invited panellist, InfoSecurity Magazine Webinar, 19 June 2015.
- “Getting the measure of cybercrime?”, invited talk, University of Oxford, 5 June 2015.
- “Building national cybersecurity workforces”, invited panellist, 9th IFIP WG 11.8 World Conference (WISE 9). Hamburg, Germany, 26 May 2015.
- “Security and Privacy – All under control?”, Guest talk, 14th Annual Security Conference, Las Vegas, 19 May 2015.
- “Examining the Security Experience”, invited talk, Birmingham City University, Birmingham, UK, 7 May 2015.
- “Biometric Authentication: Feasibility and Fallout”, invited talk, PAY-SEC Payment Security Summit, London, UK, 21 April 2015.
- “Mobile biometrics: Who you are, wherever you go”, invited talk, European Biometrics Symposium, Teddington, UK, 25 February 2015.
- “From Passwords to Biometrics: In Pursuit of a Panacea”, Keynote Presentation, 1st International Conference on Information Systems Security and Privacy (ICISSP 2015), Angers, France, 9-11 February 2015.
- “Privacy and Trust in Digital Societies”, Invited panelist, 1st International Conference on Information Systems Security and Privacy (ICISSP 2015), Angers, France, 9-11 February 2015.
- “Spotlight on mobile technology: Utilising and integrating to improve teaching and learning”, Invited panellist, Bett 2015, London, UK, 22 January 2015.
- “Safeguarding Devices and Data - Reinforcing the Need for Security In Mobile Learning”, Special Keynote Presentation, Transforming Further and Higher Education Through Mobile and Technology Enhanced Learning, London, UK, 9 December 2014.
- “Mobile Security: The Challenge of Liberation”, Keynote Presentation, International Conference for Internet Technology and Secured Transactions (ICITST-2014), London, UK, 8 December 2014.
- Invited event chair, 4th Annual Payments Conference 2014, London, UK, 6 November 2014.
- “In Defence of the Password”, invited talk, Public Research Centre Henri Tudor, Luxembourg, 22 October 2014.
- “Cyber Security: Can we keep up?”, Guest lecture, European Council of Georgia Study Abroad Program, London, 14 July 2014.
- Invited event chair, 2nd Annual Omnichannel Banking Conference 2014, London, UK, 19 June 2014.
- “Ensuring Security within Mobile Learning Strategies: Safeguarding Data and Devices”, invited presentation, Mobile Learning 2014: Transforming the Delivery of Further and Higher Education, London, UK,18 June 2014.
- “How to develop a strong authentication strategy to enhance security, business performance and user experience”, Invited panellist, Infosecurity Magazine Summer Virtual Conference 2014, 17 June 2014.
- “Flexible and Non-Intrusive Authentication”, invited presentation, Cloud Computing Security and Identity Workshop National Museum of Computing, Bletchley, UK, 3-4 April 2014.
- Invited track chair, Technology Innovation Track, The 11th Annual Retail Fraud Conference 2014, London, 2 April 2014.
- “Ensuring our Digital Security”, invited presentation, Employability for the Digital Age, British Council, Johor Bahru, Malaysia, 26 March 2014.
- “Bitcoin and other Crypto-currencies – Will they thrive once regulated?”, Panel session, Kaspersky Academy CyberSecurity for the Next Generation – Asia-Pacific and MEA, Seoul, South Korea, 12 March 2014.
- “Biometrics: A Triumph of Convenience over Security?”, invited presentation, Kaspersky Academy CyberSecurity for the Next Generation – Asia-Pacific and MEA, Seoul, South Korea, 12 March 2014.
- ”Your Device - Everybody’s Problem?”, HEA Changing the Learning Landscape – Bring your Own Device conference, University of Southampton, 7 March 2014.
- “Recognising and Responding to Mobile Device Threats”, International Islamic University Malaysia, Kuala Lumpur, 20 February 2014.
- “Cyber Security: Power to the People?”, IET Devon and Cornwall Cyber Security event, Plymouth University, 29November 2013.
- “Convenient to Carry, Difficult to Defend: The Security Challenge of Smartphones and Tablets”, Invited webcast, BrightTALK Application Security Summit, 12 November 2013.
- “Making Security Tolerable”, University of Malaya, Kuala Lumpur, 1 November 2013.
- Invited event chair, Payments Conference 2013, London, UK, 30 October 2013.
- “Are we finally getting past passwords“, Orebro University, Sweden, 15 May 2013.
- “More than just technology hype: recognising the Big Risk of Big Data”, Panel Chair, Telco Cloud World Forum, London, 17 April 2013.
- “Vulnerability Management – The Never-Ending Story”, Invited webcast, BrightTALK Application Security Summit, 17 April 2013.
- “Can we keep up with the Cyber Arms Race?”, Panel session, Kaspersky Lab Asia Pacific & MEA Cup 2013, Singapore, 22 March 2013.
- “2020 Vision: Enabling and Securing the Enterprise of the Future”, Invited panellist, Infosecurity Webinar, 19 February 2013.
- “Is Security Awareness a Waste of Time?”, Invited panellist, Infosecurity Webinar, 24 January 2013.
- “Infosec: Lots of safeguards and no protection?”, Keynote presentation, secau Security Congress, Perth, Western Australia, 5 December 2012.
- “Delivering OERs to an international audience via iTunes U”, invited presentation, Opening up: New horizons and institutional strategies, London, 4 October 2012.
- “My mobile device is jailbroken - will you secure it?”, Invited panellist, Infosecurity UK Virtual Conference, 27 September, 2012.
- “Next-Generation Threats: Old Problems in a New Guise?”, Invited webcast, BrightTALK Next-Generation Threat Protection Summit, 5 September 2012.
- “iTunes U”, Invited presentation, Apple Executive Briefing Center, London, 24 August 2012.
- “The Long Shadow of Cyber Crime”, Webinar Panel, Business Tech Debate, Financial Times, London, 16 August 2012.
- “Cyber Security for SMBs”, Webinar Panel, Kaspersky Lab, London, 28 June 2012.
- “Mobile Malware: Finally hitting the moving target?”, Invited webcast, BrightTALK Hackers and Threats Summit, 21 June 2012.
- Invited event co-chair, Secure Information Conference 2012, London, UK, 15 March 2012.
- “Phishing deeper: An increasing threat in the evolving Web”, Invited webcast, BrightTALK Web 2.0 Security Summit, 8 February 2012.
- “New Approaches to New Dangers”, Panel sessions, Kaspersky Lab US Cup 2011, New York, United States, 10 November 2011.
- “21st Century Threats Facing End-Users”, Keynote presentation, Information Security South Africa (ISSA) 2011, Johannesburg, South Africa, 15 August 2011.
- “Are We High In The Clouds?”, Panel session, Kaspersky Lab International Cup 2011, Munich, Germany, 15 April 2011.
- “Beyond Security Awareness: Achieving culture and avoiding fatigue”, Keynote presentation, Security Forum 2011, Hagenberg, Austria, 6 April 2011.
- “Usable Security: Can it be too easy?”, University of Kent, 22 March 2011.
- “Single Sign On: Convenience or Risk?”, Invited Online Panel, BrightTALK Web 2.0 Security Summit, 16 March 2011.
- “Preparing for the future Internet: IT-Security in a connected world”, Panel session, Kaspersky Lab Asia Pacific & MEA Cup 2011, Shah Alam, Selangor, Malaysia, 5 March 2011.
- “Meeting new demands for user authentication”, Invited webcast, BrightTALK Authentication Summit, 7 October 2010.
- “Getting tricky: The many faces of social engineering”, Symposium on Security and Cybercrime: Vision and Foresight, Edinburgh, UK, 25 June 2010.
- “Security and Usability: Where technology meets the people”, Khalifa University of Science, Technology and Research, Sharjah, UAE, 14 June 2010.
- “The threat on the net: Attacking technology and those who need”, Invited Speaker, Critical National Infrastructure Protection Workshop (CNIP2010), Mumbai, India, 15 May 2010.
- “Online identity and authentication: The varying degree of being me”, Invited webcast, BrightTALK Identity and Access Management Summit, 6 May 2010.
- “Essential Mobile Data Security: Keeping data safe and accessible for mobile workers”, Invited Speaker, Public Sector Mobile and Flexible Working: Achieving Real Efficiencies, Birmingham, UK, 25 February 2010.
- “The Irreversible March of Technology”, Invited Speaker, Human Factors in Information Security Conference, London, UK, 23 February 2010.
- “Securing mobile devices: Concepts, policies and technologies”, Middlesex University, 29 January 2010.
- “Usability of Security”, University of Piraeus, Greece, 18 December 2009.
- “Protecting your network from portable devices”, Invited webcast, BrightTALK Endpoint Security Summit,8 December 2009.
- “Are we really Managing the Threat“, Expert Panel, 2009SECAU Security Congress, Perth, Western Australia, 3 December 2009.
- "Going, going, gone? The challenges of mobile security", Invited Speaker, International Conference on Information Security and Digital Forensics 2009, City University, London, 8 September 2009.
- “Global Cyber Threats”, Invited seminar, University College London, 22 June 2009.
- “Protected or Perplexed? The challenge of usable security”, Invited talk, IT-security for the new generation, Kaspersky Lab, Moscow, 29 April 2009.
- “Effective Peer Strategies”, Invited speaker, Safeguarding Cyberworld Conference, Plymouth, UK, 10 February 2009.
- “Enhancing User Authentication for Mobile Devices“, Invited talk, INDIA-SIM 2009, Bangalore, India, 22-23 January 2009.
- “Social Engineering: Exploiting the Weakest Links”, University of Portsmouth, 16 January 2009.
- “Web 3.0: Third time lucky for e-Safety and Security”, Invited speaker, South West Grid for Learning eSafety Conferences, Torquay, Bristol and Bournemouth, 25-27 November 2008.
- “Cybercrime: Hackers, Malware and other online threats”, Keynote Lecture, IT-Speicher, Regensburg, Germany, 24 July 2008.
- “Securing the end-user: What they know and what they do”, Keynote Lecture, Third International Conference on Usability Engineering, University of Oviedo, Spain, 20 May 2008.
- “Cybercrime: A Clear and Present Danger”, University of Exeter, 13 May 2008.
- “Keystroke dynamics: An authentication enhancement for mobile devices”, Gjøvik University College, Gjøvik, Norway, 31 January 2008.
- “Combating Identity Theft: Recognising contributors to the problem”, Invited speaker, Net Focus UK 2007, Southampton, 2 October 2007.
- “How Do You Secure Mobile Devices in a World Where Data Leakage is Pervasive”, Invited workshop moderator, Net Focus UK 2007, Southampton, 2 October 2007.
- “Cybercrime: The continuing threat”, University of Exeter, 18 May 2007.
- “Are You Even Remotely Secure? The Mobile Device Dilemma”, Keynote Panel presentation, Infosecurity Europe 2007, Olympia, London, 25 April 2007.
- “Usability Challenge - Why users can’t use security”, Aston University, 1 November 2006.
- “Managing the security of information assets”, Managing Information Throughout the Organisation Conference, Guernsey, 13 September 2006.
- Invited panellist, Security Panel. Mobility Summit 2006, London, 4 July 2006.
- “Protected or confused: Assessing whether end-users can understand and use security”, Invited speaker, End Point Security 2006, London, 28 June 2006.
- “Cybercrime and investigation”, University of Exeter, 10 May 2006.
- “Mitigating the Enemy Within”, Keynote Panel presentation, Infosecurity Europe 2006, Olympia, London, 25 April 2006.
- “Continuous user identify verification using keystroke analysis”, BCS SGAI Symposium/Colloquium on Intelligence in Security and Forensic Computing, Edinburgh, 3 April 2006.
- “The Challenge of Usable IT Security”, Keynote presentation, Usability Engineering, University of Oviedo, Spain, 23-24 March 2006.
- “The way forward – Where to from here?”, Expert Panel, 1st Colloquium for Information Systems Security Education – Asia Pacific, Adelaide, Australia, 22 November 2005.
- “Hitting easy targets: The Internet threats facing end-users”, University of Malaga, Spain, 28 October 2005.
- “Internet insecurity: Who's trying to spoil your day today?”, Keynote presentation at ITA 2005 - International conference on Internet Technologies and Applications, Wrexham, North Wales, 8 September 2005.
- “Fostering the usability of information security solutions“, APEC-OECD Workshop on the Security of Information Systems and Networks, Seoul, Korea, 6 September 2005.
- "Educating And Raising Awareness Of Governance Company Wide", Keynote Panel, Infosecurity Europe 2005, Olympia, London, 26 April 2005.
- "Get patched or get punched: Plugging the security holes before the attackers hit you", Northampton BCS, 8 March 2005.
- "The requirements and challenges of automated intrusion response", University of Birmingham, 20 January 2005.
- "Enemies within? : Managing the problem of insider attacks and misuse", Keynote presentation at InfoSec 2004, Fremantle, Western Australia, 26th November 2004"
- "Cyber Parasites: The ongoing march of malware", Australian Institute of Professional Intelligence Officers, Perth, Western Australia, 19th November 2004.
- "Malware Evolution: The arrival of the true computer parasite?", University of Wales, 3 November 2004.
- "Biometric user authentication using keystroke dynamics", University of Bristol, 2 November 2004.
- "Cyber Threats: What are the issues and who sets the agenda?", 5th International Relations Conference, The Hague, The Netherlands, 9-11 September 2004.
- "The Darker Side of Innovation", Expert Panel, 7th Working Conference on IT Innovation for Adaptability and Competitiveness, Leixlip, Ireland, 30 May-2 June 2004.
- "E-commerce Security: Getting Consumers to Trust the Net", Keynote Presentation, IV Jornadas Internacionales sobre comercio electronico, Oviedo, Spain, 25-27 November 2003.
- "Cybercrime", Keynote Presentation, International Conference on Web Engineering (ICWE'03), Oviedo, Spain, 16-18 July 2003.
- "Insider IT Misuse", Interpol IT Crime Forum, The Hague, 21 May 2003.
- "Cybercrime", Faculty Research Seminar, Middlesex University, 26 March 2003.
- "Cybercrime Expert Panel", SecurIT Summit, Montreux, Switzerland, 19-21 October 2002.
- "Security requirements for online distance learning", ELATnet modules for multimedia netbased teaching International Workshop, Munich, Germany, 18-20 September 2002.
- "Mobile Security Biometrics", Global Information Society Forum.31, Tokyo, Japan, 23 May 2002.
- "Cybercrime: Vandalising the Information Society", Guest lecture, Middlesex University, 23 April 2002.
- "User Authentication Methods for Mobile Systems", Managing the Mobile Workforce, The Open Group Conference, Paris, France, 9 April 2002.
- "Security issues in Online Distance Learning", JCALT Workshop on Security in Virtual Learning Environments, South Bank University, UK. 23 October 2000.
- "E-commerce: Consumer security fears and expectations", British Computer Society – South West Branch, University of Plymouth, UK. 11 April 2000.
- "Realising Security Policy within the Healthcare Environment", University of Cambridge, UK. 3 December 1998.
- "Computer Abuse: Vandalising the Information Society", British Computer Society – South West Branch, University of Plymouth, UK. 21 January 1997.