@inproceedings{luh_robert_apt_2018, title = {{APT} {RPG}: {Design} of a {Gamified} {Attacker}/{Defender} {Meta} {Model}}, booktitle = {International {Workshop} on {FORmal} methods for {Security} {Engineering}}, author = {{Luh, Robert} and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian}, year = {2018}, note = {Projekt: TARGET}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Josef Ressel Zentrum TARGET, Publikationstyp Schriftpublikation, peer-reviewed, ⛔ No DOI found}, } @inproceedings{temper_biome_2015, address = {Bonn Germany}, title = {{BioMe} - {Kontinuierliche} {Athentifikation} mittels {Smartphone}}, booktitle = {{DACH} {Security} 2015}, author = {Temper, Marlies and Kaiser, Manfred}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed, ⛔ No DOI found}, } @inproceedings{temper_touch_2015, address = {Korea}, title = {Touch to {Authenticate} – {Continuous} {Biometric} {Authentication} on {Mobile} {Devices}}, doi = {10/gnt2t9}, publisher = {IEEE Computer Society}, author = {Temper, Marlies and Tjoa, Simon and Kaiser, Manfred}, year = {2015}, keywords = {Department Technologie, FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, SP IT Sec Applied Security \& Data Science, peer-reviewed}, } @article{luh_penquest_2019, title = {{PenQuest}: a gamified attacker/defender meta model for cyber security assessment and education}, issn = {2263-8733}, url = {https://doi.org/10.1007/s11416-019-00342-x}, doi = {10/gh378z}, abstract = {Attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. At the same time, the complex interplay of attack techniques and possible countermeasures makes it difficult to appropriately plan, implement, and evaluate an organization’s defense. More often than not, the worlds of technical threats and organizational controls remain disjunct. In this article, we introduce PenQuest, a meta model designed to present a complete view on information system attacks and their mitigation while providing a tool for both semantic data enrichment and security education. PenQuest simulates time-enabled attacker/defender behavior as part of a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP 800-53. Attack patterns, vulnerabilities, and mitigating controls are mapped to counterpart strategies and concrete actions through practical, data-centric mechanisms. The gamified model considers and defines a wide range of actors, assets, and actions, thereby enabling the assessment of cyber risks while giving technical experts the opportunity to explore specific attack scenarios in the context of an abstracted IT infrastructure. We implemented PenQuest as a physical serious game prototype and successfully tested it in a higher education environment. Additional expert interviews helped evaluate the model’s applicability to information security scenarios.}, journal = {Journal of Computer Virology and Hacking Techniques}, author = {Luh, Robert and Temper, Marlies and Tjoa, Simon and Schrittwieser, Sebastian and Janicke, Helge}, month = nov, year = {2019}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Paper, SP IT Sec Security Management \& Privacy, peer-reviewed}, } @inproceedings{temper_applicability_2016, title = {The {Applicability} of {Fuzzy} {Rough} {Classifier} for {Continuous} {Person} {Authentication}}, doi = {10/gh3747}, publisher = {IEEE}, author = {Temper, Marlies and Tjoa, Simon}, year = {2016}, note = {Projekt: SmartphoneSec}, keywords = {Department Technologie, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, Publikationstyp Schriftpublikation, peer-reviewed}, } @misc{tjoa_data_2018, address = {FH St. Pölten}, title = {Data {Science} {Innovations}}, author = {Tjoa, Simon and Temper, Marlies}, month = jan, year = {2018}, keywords = {FH SP Cyber Security, Forschungsgruppe Data Intelligence, Forschungsgruppe Secure Societies, Institut für IT Sicherheitsforschung, SP IT Sec System \& Application Security, Vortrag}, } @misc{temper_is_2018, address = {Wien}, title = {Is the future near? {Future} of real-time processing of {Big} {Data}}, author = {Temper, Marlies}, year = {2018}, keywords = {Department Technologie, FH SP Data Analytics \& Visual Computing, Forschungsgruppe Data Intelligence, Institut für IT Sicherheitsforschung, Präsentationstyp Präsentation, SP IT Sec Applied Security \& Data Science}, } @misc{temper_big_2018, address = {Wien}, title = {Big {Data} {Analytics} - {Kann} {Big} {Data} irren?}, author = {Temper, Marlies}, year = {2018}, keywords = {Department Technologie, Forschungsgruppe Data Intelligence, Institut für IT Sicherheitsforschung, Präsentationstyp Präsentation, Vortrag}, }