Steven Furnell

Job title: Head of School, School of Computing and Mathematics (Faculty of Science and Technology)
Address: A310, Portland Square, Drake Circus,
Plymouth, Devon, PL4 8AA
Telephone: +44 (0)1752 586234
Facsimile: +44 (0)1752 233520
Email: S.Furnell@plymouth.ac.uk

Role
Head of School of Computing and Mathematics
Leader of Centre for Security, Communications & Network Research
Adjunct Professor, Edith Cowan University, Perth, Western Australia

Qualifications & background

Chartered Information Technology Professional (CITP)

Chartered Engineer (CEng)

SEDA Accredited Teacher of Higher Education, University of Plymouth

PhD in information systems security, University of Plymouth

Professional membership
Fellow, British Computer Society
Senior Member, Institute of Electrical and Electronic Engineers

Full Member of the Institute of Information Security Professionals (M.Inst.ISP)

Roles on external bodies

Societies and international groups

Chair, IFIP Technical Committee 11, Working Group 11.12 - Human Aspects of Information Security & Assurance
Chair, British Computer Society, South West Branch
Member, IFIP TC 11, Working Group 11.1 - Information Security Management
Member, IFIP TC 11, Working Group 11.8 - Information Security Education

Editorships and Refereeing for Journals

Editor-in-Chief, Information Management and Computer Security
Associate Editor, Computers & Security
Associate Editor, Security and Communication Networks
Associate Editor, Journal of Information Systems Security
Co-Editor, Journal of Information Warfare
Member of Editorial Advisory Board, Internet Research
Member of Editorial Advisory Board, Campus-Wide Information Systems
Referee, IEE Proceedings Information Security
Referee, Medical Informatics and the Internet in Medicine
Referee, IEEE Transactions on Biomedical Computing
Referee, International Journal of Healthcare Technology and Management (IJHTM)
Referee, IEEE Transactions on Wireless Communications
Referee, IBM Systems Journel
Referee, Software: Practice and Experience
Referee, IEEE Internet Computing
Referee, Quarterly Review of Distance Education
Referee, Computers & Operations Research
Referee, International Journal of Continuing Engineering Education and Lifelong Learning

Other external activities

External Assessor for professorial promotions at University of Malaya (2009-present).
External evaluator for Department of Computer Science, Drexel University, Philadelphia (2006)
Advisory board member, Teenangels.org (2005-)
Project evaluator for Science and Technology Foundation – Portugal (2005)
Invited participant in Information Assurance Expert Panel for Henley Management College / Qinetiq (2004)
UK Home Office NetCrime Expert Panel Participant (2002)
External evaluator for Computer Science Department, Bucknell University, Pennsylvania (2002)
Referee for South African National Research Foundation (2001-present)
Project reviewer for Sultan Qaboos University (project SCI/00/12) (2000)
Manuscript reviewer for Pearson Education (1999-present)

Teaching interests

Undergraduate teaching commitments:

CNET115 - Introduction to Security
CNET232 - System Security*
CNET334 - Information Security Management*
CNET335 - Cybercrime and Forensic Investigation

Postgraduate teaching commitments:

CNET522 - Cybercrime and Investigation
CNET526 - Information Security Management*

* denotes module leadership

Course development activity:

Co-Architect of BSc (Hons) Computer & Information Security (2007)
Architect of the MSc/MRes Information Systems Security (2003-04)
Co-Architect of the MSc/MRes Network Systems Engineering (2002-03)

Staff serving as external examiners
2011

Valuation and Reporting ofSecurity Assurance at Operational Systems Level, PhD thesis, University ofEast London, UK.
A Scalable, Distributed andSecure Position-based Routing Protocol for Ad-Hoc Networks, PhD thesis,University of Malaya, Malaysia.
Towards an InformationSecurity Framework for Government to Government: A Perspective from East Africa,PhD thesis, University of South Africa, South Africa.
Educating users aboutinformation security by means of game play, MTech thesis, Nelson MandelaMetropolitan University, South Africa.
A Model for Privacy-AwarePresence Management in Mobile Communications, PhD thesis, Nelson MandelaMetropolitan University, South Africa.
A Tactical Management Modelof Forensic Evidence Processes, PhD thesis, University of WesternAustralia.

2010

Analysis Avoidance Techniques of Malicious Software, PhD thesis, Edith Cowan University, Australia
Securing Home & Correspondent Registrations in Mobile IPv6 Networks, PhD thesis, University of Manchester, UK
Authentication in Health Services, PhD thesis, University of Oslo, Norway.

2009

Vulnerabilities in Class One Electronic Product Code Radio Frequency Identification Systems, PhD thesis, Edith Cowan University, Australia.
A Framework for Assessing Certification Schemes for IT Security Professionals, PhD thesis, Deakin University, Australia.
Network Firewalls Dynamic Performance Evaluation and Formalisation, PhD thesis, Napier University, UK.
E-Business Information Systems Security Design Paradigm and Model, Royal Holloway University of London, UK.

2008

Authentication and Privacy in Mobile Web Services, PhD thesis, City University, UK.
Enhancing Password based authentication by incorporating typing dynamics, MPhil to PhD transfer, University of Mauritius, Mauritius.
Cultivating and Assessing Information Security Culture, PhD thesis, University of Pretoria, South Africa.
A Systems Analysis Method for Online Teaching and Learning Systems, PhD thesis, Deakin University, Australia.
Assessing the Risk to Information Systems and Processes from Malicious Electromagnetic Threats – Through the Development of Diagnostic and Detection Techniques, PhD thesis, University of Glamorgan, UK.
Optimization in Multi-Agent Systems, PhD thesis, Cork Institute of Technology, Ireland.
Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Australia, PhD Thesis, Monash University, Australia.

2007

On the Identification of Security Vulnerabilities, PhD thesis, Royal Holloway University of London, UK.
An investigation into information security in general medical practice, PhD thesis, Edith Cowan University, Australia.
An Approach Towards Standardising Vulnerability Categories, MSc by research, University of Pretoria, South Africa.
Usable Security Policies in Runtime Environments. PhD thesis, Linköping University, Sweden.
Masquerader Detection in Mobile Context based on Behaviour and Environment Monitoring. PhD thesis, University of Jyvaskyla, Finland.

2006

An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer Networks. PhD thesis, University of Surrey, UK.
Program Behaviour Modelling with Flexible Logical Entity Abstraction, PhD thesis, University of Ballarat, Australia.
Multi-Party Non-Repudiation Protocols and Applications, PhD thesis, University of Malaga, Spain.
Digital Forensic Evidence Collection by System Activity Logs, PhD thesis. University of Melbourne, Australia.
Towards a Framework for Corporate Information Governance, MTech dissertation, Nelson Mandela Metropolitan University, South Africa.

2005

Delegating Signing Power to Mobile Agents: Algorithm and Protocol Designs. PhD thesis. University of Manchester, UK.
The Australian Small to Medium Enterprise E-Business Security Methodology. PhD thesis. Deakin University, Australia
Changing the Way the World Thinks about Computer Security. PhD by publication. Middlesex University, London, UK.
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer Networks. MPhil to PhD transfer, University of Surrey, UK.
A Simulation Study of Traffic Conditioner Performance. MSc by research. University of Pretoria, South Africa.
Holistic Information Security Management Framework. Doctoral Thesis. Karlstad University, Sweden.
Intrusion Detection and Protection of Application Servers. Licentiate thesis. Chalmers University, Sweden.

2004

Secure and Distributed Multicast Address Allocation on IPv6 Networks. MSc by research. University of Pretoria, South Africa.
A Tool-kit for XML-based and process-oriented Application Integration. PhD thesis. Cork Institute of Technology, Ireland
Threats to Information Systems and Effective Countermeasures. PhD by publication. University of Glamorgan, UK
DiDDeM: A system for early detection of denial-of-service attacks. PhD thesis. Liverpool John Moores University, UK.
Protecting agents against malicious host attack. PhD thesis. Aston University, UK.
Comprehensive strategy on security of electronic networks. MPhil thesis. University of Bradford, UK.
Secure and Distributed Multicast Address Allocation on IPv6 Networks. Masters thesis. University of Pretoria, South Africa
A Tool-kit for XML-based and process-oriented Application Integration. PhD thesis. Cork Institute of Technology, Ireland
Threats to Information Systems and Effective Countermeasures. PhD by publication. University of Glamorgan, UK
DiDDeM: A system for early detection of denial-of-service attacks. PhD thesis. Liverpool John Moores University, UK.
Protecting agents against malicious host attack. PhD thesis. Aston University, UK.
Comprehensive strategy on security of electronic networks. MPhil thesis. University of Bradford, UK.
NeGPAIM: A model for the proactive detection of information security intrusions. PhD thesis. Port Elizabeth Technikon (South Africa)

2003

Inferential analysis of incomplete audit data sets. PhD thesis. University of Glamorgan, UK.
Interactive Generation of Uniformly Random Samples of World Wide Web Pages. MSc by Research thesis. Kingston University, UK.
Enterprise IT Security Data Model and security of the Internet. MPhil thesis. Coventry University, UK.

2002

Distributed Failure Restoration for ATM Tactical Communication Networks. Ph.D. thesis. De Montfort University, UK.
An Anomaly Intrusion Detection System Based on Intelligent User Recognition. Ph.D. thesis. University of Jyvaskyla, Finland.
The evolving nature of fraud investigation and prevention. Ph.D. thesis. Deakin University, Australia.

2001

Design and Implementation of an Intranet-Solution especially with Workflow Aspects. M.Sc. research thesis. Cork Institute of Technology, Ireland.

2000

Methods for Intelligent User Recognition Based on Machine Learning Techniques in Anomaly Intrusion Detection. Licentiate thesis. University of Jyvaskyla, Finland.
Human-Computer Interaction via Telephone. M.Sc. research thesis. Cork Institute of Technology, Ireland.
Software Component Reuse by Adaptation. Ph.D. thesis. Cork Institute of Technology, Ireland.

Research interests

Information Systems Security
Internet Technologies and Applications
Mobility

Research degrees awarded to supervised students

As Director of Studies

2011 An Insider Misuse Threat Detection and Prediction Language
2011 Behavioural profiling in mobile networks
2011 A Study of Graphical Alternatives for User Authentication
2010 Improving Intrusion Prevention, Detection and Response
2008 Profiling methods for computer crime and abuse (MPhil)
2007 A Generic Architecture for Insider Misuse Monitoring in IT Systems
2007 Two-Tier Intrusion Detection System for Mobile Ad hoc Networks
2007 Effective information assurance with risk management
2006 Active security vulnerability identification and resolution
2006 Non-Intrusive Subscriber Authentication for Next Generation Mobile Communication Systems
2004 A generic architecture for intrusion specification & misuse detection in IT systems (MPhil)
2004 Classifying and responding to network intrusions
2004 Enhancing subscriber security for mobile phones using biometrics
2004 User authentication and supervision in networked systems
2001 A model for managing information flow on the World Wide Web
2000 Flexible, composite multimedia medical record system for healthcare establishments

As supervisor

2011 Anomaly-Based Correlation of IDS Alarms
2010 Internet Marketing for Profit Organisations: A Framework for the implementation of Strategic Internet Marketing
2007 Security Policy Enforcement in Application Environments using Distributed Script-based Control Structures
2007 The social and psychological impact of SMS text messaging
2007 Dynamic Adaptation of Streamed Real-Time E-Learning Videos over the Internet
2004 Integrated multimedia communications for IP networks
2004 Performance characterisation of IP networks
2003 A Correlation Framework for Continuous User Authentication Using Data Mining
2002 A Generic Network and System Management Framework
2002 Security in a Distributed Processing Environment
2001 Component architectures and their impact upon software development

Publications

Publications from 2006 onwards are listed below. For further details, including publications prior to this, please see the publication list on my research centre website .

Refereed papers in journals

[1] C.Hocking, S.M.Furnell, N.L.Clarke and P.L.Reynolds. 2011. “Authentication Aura - A distributed approach to user authentication”, Journal of Information Assurance and Security, vol. 6, issue 2, pp249-256.
[2] Sanders B, P.S.Dowland, S.Atkinson and S.M.Furnell. 2011. “Massively Multi-Player Online Role Playing Games: What’s the Risk?”, Journal of Virtual Worlds Research, vol. 3, no. 3, ISSN: 1941-8477.
[3] S.Talib, N.L.Clarke and S.M.Furnell. 2011. “Establishing A Personalized Information Security Culture”, International Journal of Mobile Computing and Multimedia Communications (IJMCMC), Vol 3, Iss 1, pp63-79.
[4] Y.Levy, M.M.Ramim, S.M.Furnell and N.L.Clarke. 2011. “Comparing intentions to use university-provided vs vendor-provided multibiometric authentication in online exams”, Campus-Wide Information Systems, vol. 28, np. 2, pp.102-113.
[5] B.Sanders, P.S.Dowland, S.Atkinson, D.Zahra, S.M.Furnell and M.Papadaki. 2010. “Online Addiction: A Cultural Comparison of Privacy Risks in Online Gaming Environments”, Journal of Multimedia Processing Technologies, vol. 1, no. 3, pp181-193.
[6] G.C.Tjhai, S.M.Furnell, M.Papadaki, N.L.Clarke. 2010. “A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm”, Computers & Security, vol. 29, no.6, pp712-723.
[7] S.M.Furnell. 2010. “Online identity: Giving it all away?”, Information Security Technical Report, vol. 15, no. 2, pp 42-46.
[8] M.Z.Jali, S.M.Furnell and P.S.Dowland. 2010. “Assessing image-based authentication techniques in a web-based environment”, Information Management & Computer Security, vol.18, no.1, pp43-53.
[9] S.M.Furnell. 2009. “The Irreversible March of Technology”, Information Security Technical Report, vol. 14, no. 4, pp176-180.
[10] S.A.Razak, N.Samian, M.A.Ma’arof, S.M.Furnell, N.L.Clarke and P.J.Brooke. 2009. "A Friend Mechanism for Mobile Ad Hoc Networks", Journal of Information Assurance and Security, vol. 4, no. 5, pp440-448.
[11] T,Bakhshi, M.Papadaki and S.Furnell. 2009. “Social engineering: assessing vulnerabilities in practice”, Information Management and Computer Security, vol. 17, no. 1, pp53-63.
[12] R.A.Botha, S.M.Furnell and N.L.Clarke. 2009. “From desktop to mobile: Examining the security experience”, Computers & Security, vol. 28, no. 3-4, pp130-137.
[13] S.Furnell, V.Tsaganidi and A.Phippen. 2008. “Security beliefs and barriers for novice Internet users”, Computers & Security, vol. 27, no. 7-8, pp235-240.
[14] S.A.Razak, S.M.Furnell, N.L.Clarke and P.J.Brooke. 2008. “Friend-assisted Intrusion Detection and Response Mechanisms for Mobile Ad Hoc Networks”, Ad Hoc Networks, vol. 6, no. 7, pp1151-1167.
[15] J.Preuss, S.M.Furnell and M.Papadaki. 2007. “Considering the potential of criminal profiling to combat hacking”, Journal in Computer Virology, vol. 3, no. 2 pp135-141.
[16] P.M.Rodwell, S.M.Furnell, and P.L.Reynolds. 2007. “A Non-Intrusive Biometric Authentication Mechanism Utilising Physiological Characteristics of the Human Head”, Computers & Security, vol. 26, nos. 7-8, pp468-478.
[17] S.M.Furnell. 2007. “An assessment of website password practices”, Computers & Security, vol. 26, nos. 7-8, pp445-451.
[18] S.M.Furnell. 2007. “Making security usable: Are things improving?”, Computers & Security, vol. 26, no. 6, pp434-443.
[19] S.M.Furnell, P.Bryant and A.D.Phippen. 2007. “Assessing the security perceptions of personal Internet users”, Computers & Security, vol. 26, no. 5, pp410-417.
[20] K.P.Fischer, U.Bleimann, W.Fuhrmann and S.M.Furnell. 2007. “Analysis of security-relevant semantics of BPEL in cross-domain defined business processes”, Information Management & Computer Security, vol. 15, no. 2, pp116-127.
[21] A.Karakasiliotis, S.M.Furnell, and M.Papadaki. 2007. “An assessment of end-user vulnerability to phishing attacks”, Journal of Information Warfare, vol. 6, no. 1, pp.17-28.
[22] C.J.Tucker, S.M.Furnell, B.V.Ghita and P.J.Brooke. 2007. “A new taxonomy for comparing intrusion detection systems”, Internet Research, vol. 17, no. 1, pp88-98.
[23] N.L.Clarke and S.M.Furnell. 2007. “Advanced User Authentication for Mobile Devices”, Computers & Security, vol. 26, no. 2, pp109-119.
[24] N.L.Clarke and S.M.Furnell. 2007. “Authenticating Mobile Phone Users using Keystroke Analysis”, International Journal of Information Security, vol. 6, no. 1, pp1-14.
[25] H.Lacohee, A.D.Phippen and S.M.Furnell. 2006. “Risk and Restitution: Assessing how users establish online trust”, Computers & Security, vol. 25, no. 7, pp486-493.
[26] N.L.Clarke and S.M.Furnell. 2006. “A Composite User Authentication Architecture for Mobile Devices”, Journal of Information Warfare, vol. 5, no. 2, pp11-29.
[27] G.B.Magklaras, S.M.Furnell, and P.J.Brooke. 2006. “Towards an Insider Threat Prediction Specification Language”, Information Management & Computer Security, vol. 14, no. 4, pp361-381.
[28] M.Papadaki and S.M.Furnell. 2006. ”Achieving Automated Intrusion Response: A Prototype Implementation”, Information Management & Computer Security, vol. 14, no. 3, pp235-251.
[29] S.M.Furnell, A.Jusoh and D.Katsabas. 2006. “The challenges of understanding and using security: A survey of end-users”, Computers & Security, vol. 25, no.1, pp27-35.

Other journal outputs

[1] T.Gabriel and S.Furnell. 2011. “Selecting security champions”, Computer Fraud & Security, August 2011, pp8-12.
[2] S.Furnell and R.A.Botha. 2011. “Social networks – access all areas?”, Computer Fraud & Security, May 2011, pp14-19.
[3] S.Furnell. 2010. “Usability versus complexity – striking the balance in end-user security”, Network Security, December 2010, pp13-17.
[4] M.Papadaki and S.Furnell. 2010. “Vulnerability management: an attitude of mind?”, Network Security, October 2010, pp4-8.
[5] S.Furnell. 2010. “Jumping security hurdles”, Computer Fraud & Security, June 2010, pp10-14.
[6] C.Chipperfield and S.Furnell. 2010. “From security policy to practice: Sending the right messages”, Computer Fraud & Security, March 2010, pp13-19.
[7] S.Furnell. 2010. “Mac security: An Apple that can't be bitten?”, Network Security, January 2010, pp7-11.
[8] S.Furnell, M.Papadaki and K.Thomson. 2009. “Scare tactics – A viable weapon in the security war?”, Computer Fraud & Security, December 2009, pp6-10.
[9] S.Furnell and K.Thomson. 2009. “Recognising and addressing ‘security fatigue’”, Computer Fraud & Security, November 2009, pp7-11.
[10] S.Atkinson, S.Furnell and A Phippen. 2009. “Securing the next generation: enhancing e-safety awareness among young people”, Computer Fraud & Security, July 2009, pp13-19.
[11] S.Furnell and K.Thomson. 2009. “From culture to disobedience: Recognising the varying user acceptance of IT security”, Computer Fraud & Security, February 2009, pp5-10.
[12] S.Furnell, R.Shams and A.Phippen. 2008. “Who guides the little guy? Exploring security advice and guidance from retailers and ISPs”, Computer Fraud & Security, December 2008, pp 6-10.
[13] S.Furnell and J.Ward. 2008. “Self-preservation among online prey”, Computer Fraud & Security, November 2008, pp 9-12.
[14] S.Furnell and J.Ward. 2008. “It’s a jungle out there: Predators, prey and protection in the online wilderness”, Computer Fraud & Security, October 2008, pp3-6.
[15] S.Furnell, N.Clarke and S.Karatzouni. 2008. “Beyond the PIN: Enhancing user authentication for mobile devices”, Computer Fraud & Security, August 2008, pp12-17.
[16] V.Katos and S.Furnell. 2008. “The security and privacy impact of criminalising the distribution of hacking tools”, Computer Fraud & Security, July 2008, pp9-16.
[17] S.Furnell and M.Papadaki. 2008. “Testing our defences or defending our tests: the obstacles to performing security assessment”, Computer Fraud & Security, May 2008, pp8-12.
[18] S.Furnell. 2008. “End-user security culture: A lesson that will never be learnt?”, Computer Fraud & Security, April 2008, pp6-9.
[19] S.Furnell. 2007. “Identity impairment: The problems facing victims of identity fraud”, Computer Fraud & Security, December 2007, pp6-11.
[20] S.Furnell. 2007. “A comparison of website user authentication mechanisms”, Computer Fraud & Security, September 2007, pp5-9.
[21] A.Phippen and S.Furnell. 2007. “Taking responsibility for online protection – why citizens have their part to play”, Computer Fraud & Security, November 2007, pp 8-13.
[22] S.Furnell. 2007. “Phishing: can we spot the signs?”, Computer Fraud & Security, March 2007, pp10-15.
[23] S.Furnell and K.Evangelatos. 2007. “Public awareness and perceptions of biometrics”, Computer Fraud & Security, January 2007, pp8-13.
[24] S.Furnell. 2006. “Securing the home worker”, Network Security, November 2006, pp6-12.
[25] S.Furnell. 2006. “Malicious or misinformed? Exploring a contributor to the insider threat”, Computer Fraud & Security, September 2006, pp8-12.
[26] S.Furnell. 2006. “Security mobile devices: technology and attitude”, Network Security, August 2006, pp9-13.
[27] S.Furnell. 2006. “Safety in numbers? Early experiences in the age of chip and PIN”, Computer Fraud & Security, April 2006, pp4-7.
[28] S.Furnell and B.Ghita. 2006. “Usability pitfalls in Wireless LAN Security”, Network Security, March 2006. pp4-8.
[29] S.Furnell and L.Zekri. 2006. “Replacing passwords with other secrets – Can we beat the impostors?”, Network Security, January 2006. pp4-8.

Refereed conference contributions

[1] Z.F.Zaaba, S.M.Furnell and P.S.Dowland. 2011. ”End-User Perception and Usability of Information Security”, in Proceedings of the Fifth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2011), London, UK, 7-8 July 2011, pp97-107.
[2] G.B.Magklaras, S.M.Furnell and M.Papadaki. 2011. ”LUARM – An Audit Engine for Insider Misuse Detection”, in Proceedings of the Sixth International Workshop on Digital Forensics & Incident Analysis (WDFIA 2011), London, UK, 7-8 July 2011, pp133-148.
[3] N.L.Clarke, S.Karatzouni and S.M.Furnell. 2011. ” Towards a Flexible, Multi-Level Security Framework for Mobile Devices”, in Proceedings of the 10th Security Conference, Las Vegas, USA, 4-6 May.
[4] H.Saevanee, N.L.Clarke and S.M.Furnell. 2011. ”Behavioural Biometric Authentication For Mobile Devices”, in Proceedings of the Collaborative European Research Conference (CERC2011), Cork, Ireland, 14-15 January, pp175-184.
[5] M.Krey, S.Furnell, B.Harriehausen and M.Knoll. 2011. “Development of a Validation Method for an Information Technology Governance, Risk Management and Compliance Health Care Framework”, to appear in Proceedings of 7th European Conference on Management Leadership and Governance (ECMLG 2011), Nice, France, 6-7 October 2011.
[6] B.Sanders, V.Chen, D.Zahra, P.S.Dowland. S.Atkinson, M.Papadaki and S.M.Furnell. 2010. ”Online Addiction: Privacy Risks in Online Gaming Environments”, in Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES), Bangkok, Thailand, 26-29 October 2010.
[7] F.Rimbach, U.Bleimann and S.Furnell. 2010. “A Strategic Internet Marketing Framework”, Proceedings of the Annual International Conference on Infocomm Technologies in Competitive Strategies 2010 (ICT 2010), Singapore, 25-26 October 2010
[8] T.Ibrahim, S.Furnell, M.Papadaki and N.Clarke. 2010. “Assessing the Usability of End-User Security Software”, Proceedings of 7th International Conference on Trust, Privacy & Security in Digital Business (Trustbus’10), Bilbao, Spain, 30 August - 3 September 2010.
[9] C.G.Hocking, S.M.Furnell, N.L.Clarke and P.L.Reynolds. 2010. “"A distributed and cooperative user authentication framework", Proceedings of the 6th International Conference on Information Assurance and Security (IAS 2010), Atlanta, USA, 23-25 August 2010.
[10] N.Jumaat, M.Papadaki, S.Furnell, N.Clarke. 2010. “An investigation and survey of response options for Intrusion Response Systems (IRSs)”, Proceedings of 9th Annual Information Security South Africa Conference (ISSA 2010), Sandton, South Africa, 2-4 August 2010.
[11] F.Rimbach, U.Bleimann and S.Furnell. 2010. “Psycho-Analytical Considerations in Internet Marketing – Focusing Human Needs and Personal Trust”, in Proceedings of the Eighth International Network Conference (INC 2010), Heidelberg, Germany, 6-8 July 2010, pp345-354.
[12] B.Sanders, P.S.Dowland and S.M.Furnell. 2010. “Implications and Risks of MMORPG Addiction: Motivations, Emotional Investment, Problematic Usage and Personal Privacy”, in Proceedings of the South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, 17-18 May, pp61-73.
[13] W.Martins and S.M.Furnell. 2010. “Comparing the effectiveness of spyware removal tools”, in Proceedings of the 9th Annual Security Conference, Las Vegas, USA, 7-8 April 2010.
[14] M.Krey, B.Harriehausen, M.Knoll, and S.Furnell. 2010. “IT Governance and its impact on the Swiss Healthcare”, in Proceedings of 12th International Conference on Computer Modelling and Simulation (UKSIM 2010), Cambridge, UK, 24-26 March 2010, pp340-345.
[15] S.Talib, N.Clarke and S.Furnell. 2010. “An Analysis of Information Security Awareness within Home and Work Environments”, in Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland, 15-18 February 2010.
[16] M.Newbould and S.Furnell. 2009. “Playing safe: A prototype game for raising awareness of social engineering”, Proceedings of SECAU 2009, Perth, Western Australia, 1-3 December 2009.
[17] T.Ibrahim, S.M.Furnell, M.Papadaki and N.L.Clarke. 2009. “Assessing the Usability of Personal Internet Security Tools”, Proceedings of the 8th European Conference on Information Warfare and Security (ECIW 2009), Braga, Portugal, 6-7 July 2009.
[18] B.G.Sanders, P.S.Dowland and S.M.Furnell. 2009. “An Assessment of People's Vulnerabilities in Relation to Personal and Sensitive Data”, Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, 25-26 June 2009, pp50-60.
[19] S.Atkinson, S.M.Furnell and A.D.Phippen. 2009. “Risk Culture Influences in Internet Safety and Security”, Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, 25-26 June 2009, pp61-70.
[20] M.Z.Jali, S.M.Furnell and P.S.Dowland. 2009. “Evaluating Web-Based User Authentication using Graphical Techniques”, Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, 25-26 June 2009, pp108-118.
[21] S.Furnell, R.von Solms and A.Phippen. 2009. “Recognising and Addressing Barriers to eSafety and Security Awareness”, in Proceedings of IFIP TC 8 International Workshop on Information Systems Security Research, Cape Town, South Africa, 29-30 May 2009, pp54-65.
[22] N.Clarke, S.Karatzouni and S.Furnell. 2009. “Flexible and Transparent User Authentication for Mobile Devices”, Proceedings of the 24th IFIP Information Security Conference (SEC 2009), Paphos, Cyprus, 18-20 May 2009.
[23] P.Szewczyk and S.Furnell. 2009. “Assessing the online security awareness of Australian Internet users”, in Proceedings of the 8th Annual Security Conference, Las Vegas, Nevada, 15-16 April 2009.
[24] S.Atkinson. S.M.Furnell and A.D.Phippen. 2009. “E-Safety and E-Security: Raising security awareness among young people using peer education”, in Proceedings of the 8th Annual Security Conference, Las Vegas, Nevada, 15-16 April 2009.
[25] D.Zhao, S,M.Furnell and A.AL-Ayed. 2009. “Automated Precautionary Measures for Managing System Security Vulnerabilities”, to appear in Proceedings of International Conference on e-Business and Information System Security (EBISS'2009), Wuhan, China, 23-24 May 2009.
[26] M.Helala, S.M.Furnell and M.Papadaki. 2008. “Evaluating the usability impacts of security interface adjustments in Word”, in Proceedings of 6th Australian Information Security Management Conference, Perth, Western Australia, 1-3 December 2008, pp48-55.
[27] G.C.Tjhai, S.M.Furnell, M.Papadaki and N.L.Clarke. 2008. “Investigating the problem of IDS false alarms: An experimental study using Snort“, in Proceedings of 23rd International Information Security Conference (SEC 2008), Milan, Italy, 8-10 September 2008.
[28] G.C.Tjhai, M.Papadaki, S.M.Furnell and N.L.Clarke. 2008. “The problem of false alarms: Evaluation with Snort and DARPA 1999 Dataset”, in Proceedings of 5th International Conference on Trust, Privacy, and Security in Digital Business – (TrustBus '08), Turin, Italy, 4-5 September 2008.
[29] T.Bakhshi, M.Papadaki and S.M.Furnell. 2008. “A Practical Assessment of Social Engineering Vulnerabilities”, in Proceedings of the Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), Plymouth, UK, 8-9 July 2008, pp12-23.
[30] A.Wareham and S.Furnell. 2008. “Electronic Activism: Threats, Implications and Responses”, in Proceedings of ECIW 2008 - The 7th European Conference on Information Warfare and Security, Plymouth, UK, 30 June - 1 July 2008, pp211-218.
[31] T.Ibrahim, S.M.Furnell, M.Papadaki and N.L.Clarke. 2008. “Assessing the challenges of Intrusion Detection Systems”, Proceedings of the 7th Annual Security Conference, Las Vegas, 2-3 June 2008.
[32] N.Clarke, S.Karatzouni and S.Furnell. 2008. “Transparent Facial Recognition for Mobile Devices”, Proceedings of the 7th Annual Security Conference, Las Vegas, 2-3 June 2008.
[33] S.Karatzouni, N.L.Clarke and S.M.Furnell. 2007. “Device- versus Network-Centric Authentication Paradigms for Mobile Devices: Operational and Perceptual Trade-Offs”, Proceedings of 5th Australian Information Security Management Conference, Mount Lawley, Australia, 5 December 2007.
[34] S.Razak, S.Furnell, N.Clarke and P.Brooke. 2007. “Building a Trusted Community for Mobile Ad Hoc Networks Using Friend Recommendation”, Proceedings of ADHOC-NOW 2007, LNCS 4686, pp15–27.
[35] S.M.Furnell, D.Katsabas, P.S.Dowland and F.Reid. 2007. “A practical usability evaluation of security features in end-user applications”, Proceedings of 22nd IFIP International Information Security Conference (IFIP SEC 2007), Sandton, South Africa, 14-16 May 2007, pp205-216.
[36] D.Chatziapostolou and S.M.Furnell. 2007. “Assessing the usability of system-initiated and user-initiated security events”, Proceedings of ISOneWorld 2007, Las Vegas, 11-13 April 2007.
[37] S.Karatzouni, S.M.Furnell, N.L.Clarke and R.A.Botha. 2007. “Perceptions of User Authentication on Mobile Devices”, Proceedings of ISOneWorld 2007, Las Vegas, 11-13 April 2007.
[38] K.P.Fischer, U.Bleimann, W.Fuhrmann and S.M.Furnell. 2007. “Security Policy Enforcement in BPEL-Defined Collaborative Business”, Proceedings of First International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), Istanbul, Turkey, 16-20 April 2007.
[39] A.Karakasiliotis, S.M.Furnell and M.Papadaki. 2006. “User security awareness of social engineering and phishing”, Proceedings of 7th Australian Information Warfare and Security Conference, Perth, Western Australia, 4-5 December 2006.
[40] F.Rimbach, M.Dannenberg, U.Bleimann and S.M.Furnell. 2006. “From Page Ranking to Topic Sensitive Page Ranking: Implementation and Impact”, Proceedings of the Sixth International Network Conference (INC2006), Plymouth, UK, 11-14 July, pp27-34.
[41] K.P.Fischer, U.Bleimann, W.Fuhrmann and S.M.Furnell. 2006. “Security-Relevant Semantic Patterns of BPEL in Cross-Organisational Business Processes”, Proceedings of the Sixth International Network Conference (INC2006), Plymouth, UK, 11-14 July, pp203-212.
[42] C.Tucker, S.M.Furnell, B.V.Ghita and P.J.Brooke. 2006. “A New Taxonomy for Intrusion Detection”, Proceedings of the Sixth International Network Conference (INC2006), Plymouth, UK, 11-14 July, pp253-260.
[43] S.Razak, S.Furnell, N.Clarke and P.Brooke. 2006. “A Two-Tier Intrusion Detection System for Mobile Ad Hoc Networks - A Friend Approach”, Proceedings of IEEE Intelligence and Security Informatics Conference (ISI 2006), San Diego, California, 23-24 May 2006.
[44] S.M.Furnell, A.Jusoh, D.Katsabas and P.S.Dowland. 2006. “Considering the Usability of End-User Security Software”, Proceedings of 21st IFIP International Information Security Conference (IFIP SEC 2006), Karlstad, Sweden, 22-24 May 2006, pp307-316.
[45] S.W.Schilke, S.M.Furnell and U.Bleimann. 2006. “Enhancing privacy through anonymous recommendation for Multi-Dimensional-Personalisation”, Proceedings of 5th Annual Security Conference, Las Vegas, USA, 19-20 April 2006.
[46] M.Papadaki, S.M.Furnell, N.L.Clarke, U.A.Abu Bakar and G.Pinkney. 2006. “Attack Pattern Analysis: Trends in Malware Variant Development”, Proceedings of 5th Annual Security Conference, Las Vegas, USA, 19-20 April 2006.
[47] B.V.Ghita and S.M.Furnell. 2006. “Assessing the usability of WLAN security for SOHO users”, Proceedings of 5th Annual Security Conference, Las Vegas, USA, 19-20 April 2006.
[48] D.Katsabas, S.M.Furnell and P.S.Dowland. 2006. “Evaluation of end-user application security from a usability perspective”, Proceedings of 5th Annual ISOneWorld Conference and Convention, Las Vegas, USA, 19-21 April 2006.

Authored / Edited books

[1] Furnell, S. and Dowland, P. 2010. Email Security: A Pocket Guide. IT Governance Publishing. ISBN 9781849280969. 108pp.
[2] Furnell, S.M. and Dowland, P.S. 2010. Proceedings of the 11th IFIP TC 11.1 Working Conference on Information Security Management, International Federation for Information Processing, ISBN 978-3-901882-31-9, 127pp.
[3] Bleimann, U.G., Dowland, P.S., Furnell, S.M. and Schneider, O. 2010. Proceedings of the Eighth International Network Conference (INC 2010), University of Plymouth, ISBN 978-1-84102-259-8, 412pp.
[4] Clarke, N.L, Furnell, S.M and von Solms, R. 2010. Proceedings of the South African Information Security Multi-Conference (SAISMC 2010), University of Plymouth, ISBN 978-1-84102-256-7, 291pp.
[5] Bleimann, U, Dowland, P.S, Furnell, S.M. and Grout, V.M. 2009. Proceedings of the Fifth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2009), University of Plymouth, ISBN 978-1-84102-236-9, 223pp.
[6] Furnell, S.M. 2009. Mobile Security: A Pocket Guide. IT Governance Publishing. ISBN 1-84928-020-7. 77pp.
[7] Furnell, S.M. and Clarke, N.L.. 2009. Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009). University of Plymouth. ISBN 978-1-84102-231-4. 147pp.
[8] Dowland, P.S and Furnell, S.M. 2008. Advances in Communications, Computing, Networks and Security 5, University of Plymouth, ISBN 978-1-84102-257-4, 323pp.
[9] Lacohee, H., Cofta, P., Phippen, A. and Furnell, S. 2008. Trust and Engagement in ICT Mediated Services: Understanding Public Perceptions, Professional Education International (PEI), Chicago, Illinois. ISBN 978-1931695954. 350pp.
[10] Furnell, S., Katsikas, S.K. and Lioy, A. 2008. Trust, Privacy and Security in Digital Business. LNCS 5185, Springer. ISBN 978-3-540-85734-1. 205pp.
[11] Clarke, N.L and Furnell, S.M. 2008. Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), University of Plymouth. ISBN 978-1-84102-189-8. 151pp.
[12] Dowland, P.S. and Furnell, S.M. 2008. Proceedings of the 7th International Network Conference (INC 2008), University of Plymouth, ISBN: 978-1-84102-188-1, 289pp.
[13] Furnell, S.M., Katsikas, S.K., Lopez, J and Patel, A. 2008. Securing Information and Communications Systems: Principles, Technologies, and Applications. Artech House, ISBN 978-1-59693-228-9. 289pp.
[14] Dowland, P.S. and Furnell, S.M. 2007. Advances in Networks, Computing and Communications 4. University of Plymouth. ISBN: 978-1-84102-180-5. 304pp.
[15] Furnell, S.M. and Clarke, N.L. 2007. Proceedings of the International Symposium on Human Aspects of Information Security & Assurance (HAISA 2007), University of Plymouth. ISBN 978 1 8410 2174 4. 170pp.
[16] Bleimann, U., Dowland, P.S. and Furnell, S.M. 2007. Proceedings of the Third Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2007), University of Plymouth, ISBN: 978-1-8410-2173-7. 273pp.
[17] Dowland, P.S. and Furnell, S.M. 2006. Advances in Networks, Computing and Communications 3. University of Plymouth. ISBN: 978-1-8410-2179-9. 277pp.
[18] Fischer-Hübner, S., Furnell, S. and Lambrinoudakis, C. 2006. Trust, Privacy, and Security in Digital Business. LNCS 4083, Springer. ISBN 0302-9743. 246pp.
[19] Furnell, S.M. and Dowland, P.S. 2006. Proceedings of the Sixth International Network Conference (INC 2006). University of Plymouth. ISBN 1-84102-157-1. 418pp.
[20] Furnell, S.M. 2006. ΚΥΒΕΡΝΟΕΓΚΛΗΜΑ. ΠΑΠΑΖΗΣΗΣ. ISBN: 9600219400. 397pp.

Chapters in books

[1] Magklaras, G. and Furnell, S. 2010. "Insider Threat Specification as a Threat Mitigation Technique", in Insider Threats in Cyber Security, C.W.Probst, J.Hunker and D.Gollmann (Eds.), Springer.
[2] Furnell, S. 2009. “Hackers, viruses and malicious software”, in Handbook of Internet Crime, Y.Jewkes and M.Yar (Eds.), Willan Publishing, UK, pp173-193.
[3] Furnell, S. 2008. “Cybercrime in Society”, in Connected Minds, Emerging Cultures: Cybercultures in Online Learning, S.Wheeler (Ed), Information Age Publishing, Charlotte, NC.
[4] Furnell, S. 2008. “Securing the Human Factor”, in Trust and Engagement in ICT Mediated Services: Understanding Public Perceptions, H.Lacohee, P.Cofta, A.Phippen and S.Furnell (Eds), Professional Education International (PEI), Chicago, Illinois.
[5] Furnell, S.M. 2008. “Security usability challenges for end-users”, in Social and Human Elements of Information Security: Emerging Trends and Countermeasures. M.Gupta and R.Sharman (Eds). Information Science Reference, Hershey PA, pp196-219.
[6] Clarke, N.L., Dowland, P.S. and Furnell, S.M. 2008. “User Authentication Technologies”, in Securing Information and Communications Systems: Principles, Technologies, and Applications. S.M.Furnell, S.K.Katsikas, J.Lopez and A.Patel (Eds), Artech House, pp35-59.
[7] Dowland, P.S. and Furnell, S.M. 2008. “Security Concepts, Services, and Threats”, in Securing Information and Communications Systems: Principles, Technologies, and Applications. S.M.Furnell, S.K.Katsikas, J.Lopez and A.Patel (Eds), Artech House, pp5-20.
[8] Furnell, S.M. and Ward, J. 2006. “Malware: An Evolving Threat", in Digital Crime and Forensic Science in Cyberspace. P.Kanellis, E.Kiountouzis, N.Kolokotronis and D.Martakos (Eds). Idea Group Publishing, Hershey PA: pp28-54.
[9] Furnell, S.M. 2006. “E-Commerce Security”, in Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues. M.Warkentin and R.Vaughn (Eds). Idea Group Publishing, Hershey PA: pp131-149.

Other published output

[1] S.Furnell. 2009. “Security, Trust and Privacy in Online Systems: Introduction to Special Edition”, Methodological Innovations, vol. 4, no. 3, pp1-2.
[2] D.Gritzalis and S.Furnell. 2009. “Editorial”, Computers & Security, vol. 28, no. 7, pp491-492
[3] S.Furnell. 2009. “The Mobile Mismatch – Power without Protection?”, eBritain, issue 4, Spring 2009, pp10-13.
[4] S.Furnell. 2008. “NHS IT infected – how dangerous could that be?”, Public Service, 18 December 2008. http://www.publicservice.co.uk/feature_story.asp?id=11111.
[5] A.Phippen, S.Furnell and B.Richardson. 2008. “Sowing the seeds of eSafety”, BCS security portal, November 2008.
[6] S.Furnell. 2008. “Avoiding the phishing hook”, eBritain, issue 3, Autumn 2008. pp30-32.
[7] M.Papadaki, S.M.Furnell and R.C.Dodge. 2008. Social Engineering – Exploiting the Weakest Links. Whitepaper, European Network & Information Security Agency (ENISA), October 2008.
[8] S.Furnell, M.Papadaki and R.Dodge. 2008. “An Interview with... Kevin Mitnick. Social Engineering: No Silver Bullets “, ENISA Quarterly Review, Vol. 4, No. 3, Jul-Sept 2008, pp23-24.
[9] A.Phippen and S.Furnell. 2007. “Raising a generation at risk?”, BCS security portal, March 2007.
[10] S.Furnell. 2007. “IFIP workshop – information security culture”, Guest Editorial, Computers & Security, vol. 26, no.1, p35.
[11] S.Furnell. 2007. “The Sixth International Network Conference (INC 2006)”, Guest Editorial, Internet Research, vol. 17, no. 1, pp5-6.
[12] S.Furnell. 2006. “Usability Challenge – Can End-users Use Security?”, in Information Security 2006, Touch Briefings, pp8-10.
[13] S.M.Furnell. 2006. “Continuous user identify verification using keystroke analysis”, in Proceedings of BCS SGAI Symposium/Colloquium on Intelligence in Security and Forensic Computing, Edinburgh, 3 April 2006 (Invited paper).

Reports & invited lectures

Invited Lectures, Panels and Keynotes

“21st Century Threats Facing End-Users”, Keynote presentation, Information Security South Africa (ISSA) 2011, Johannesburg, South Africa, 15 August 2011.
“Are We High In The Clouds?”, Panel session, Kaspersky Lab International Cup 2011, Munich, Germany, 15 April 2011.
“Beyond Security Awareness: Achieving culture and avoiding fatigue”, Keynote presentation, Security Forum 2011, Hagenberg, Austria, 6 April 2011.
“Usable Security: Can it be too easy?”, University of Kent, 22 March 2011. ]
“Single Sign On: Convenience or Risk?”, Invited Online Panel, BrightTALK Web 2.0 Security Summit, 16 March 2011.
“Preparing for the future Internet: IT-Security in a connected world”, Panel session, Kaspersky Lab Asia Pacific & MEA Cup 2011, Shah Alam, Selangor, Malaysia, 5 March 2011.
“Meeting new demands for user authentication”, Invited webcast, BrightTALK Authentication Summit, 7 October 2010.
“Getting tricky: The many faces of social engineering”, Symposium on Security and Cybercrime: Vision and Foresight, Edinburgh, UK, 25 June 2010.
“Security and Usability: Where technology meets the people”, Khalifa University of Science, Technology and Research, Sharjah, UAE, 14 June 2010.
“The threat on the net: Attacking technology and those who need”, Invited Speaker, Critical National Infrastructure Protection Workshop (CNIP2010), Mumbai, India, 15 May 2010.
“Online identity and authentication: The varying degree of being me”, Invited webcast, BrightTALK Identity and Access Management Summit, 6 May 2010.
“Essential Mobile Data Security: Keeping data safe and accessible for mobile workers”, Invited Speaker, Public Sector Mobile and Flexible Working: Achieving Real Efficiencies, Birmingham, UK, 25 February 2010.
“The Irreversible March of Technology”, Invited Speaker, Human Factors in Information Security Conference, London, UK, 23 February 2010.
“Securing mobile devices: Concepts, policies and technologies”, Middlesex University, 29 January 2010.
“Usability of Security”, University of Piraeus, Greece, 18 December 2009.
“Protecting your network from portable devices”, Invited webcast, BrightTALK Endpoint Security Summit,8 December 2009.
“Are we really Managing the Threat“, Expert Panel, 2009SECAU Security Congress, Perth, Western Australia, 3 December 2009.
"Going, going, gone? The challenges of mobile security", Invited Speaker, International Conference on Information Security and Digital Forensics 2009, City University, London, 8 September 2009.
“Global Cyber Threats”, Invited seminar, University College London, 22 June 2009.
“Protected or Perplexed? The challenge of usable security”, Invited talk, IT-security for the new generation, Kaspersky Lab, Moscow, 29 April 2009.
“Effective Peer Strategies”, Invited speaker, Safeguarding Cyberworld Conference, Plymouth, UK, 10 February 2009.
“Enhancing User Authentication for Mobile Devices“, Invited talk, INDIA-SIM 2009, Bangalore, India, 22-23 January 2009.
“Social Engineering: Exploiting the Weakest Links”, University of Portsmouth, 16 January 2009.
“Web 3.0: Third time lucky for e-Safety and Security”, Invited speaker, South West Grid for Learning eSafety Conferences, Torquay, Bristol and Bournemouth, 25-27 November 2008.
“Cybercrime: Hackers, Malware and other online threats”, Keynote Lecture, IT-Speicher, Regensburg, Germany, 24 July 2008.
“Securing the end-user: What they know and what they do”, Keynote Lecture, Third International Conference on Usability Engineering, University of Oviedo, Spain, 20 May 2008.
“Cybercrime: A Clear and Present Danger”, University of Exeter, 13 May 2008.
“Keystroke dynamics: An authentication enhancement for mobile devices”, Gjøvik University College, Gjøvik, Norway, 31 January 2008.
“Combating Identity Theft: Recognising contributors to the problem”, Invited speaker, Net Focus UK 2007, Southampton, 2 October 2007.
“How Do You Secure Mobile Devices in a World Where Data Leakage is Pervasive”, Invited workshop moderator, Net Focus UK 2007, Southampton, 2 October 2007.
“Cybercrime: The continuing threat”, University of Exeter, 18 May 2007.
“Are You Even Remotely Secure? The Mobile Device Dilemma”, Keynote Panel presentation, Infosecurity Europe 2007, Olympia, London, 25 April 2007.
“Usability Challenge - Why users can’t use security”, Aston University, 1 November 2006.
“Managing the security of information assets”, Managing Information Throughout the Organisation Conference, Guernsey, 13 September 2006.
Invited panellist, Security Panel. Mobility Summit 2006, London, 4 July 2006.
“Protected or confused: Assessing whether end-users can understand and use security”, Invited speaker, End Point Security 2006, London, 28 June 2006.
“Cybercrime and investigation”, University of Exeter, 10 May 2006.
“Mitigating the Enemy Within”, Keynote Panel presentation, Infosecurity Europe 2006, Olympia, London, 25 April 2006.
“Continuous user identify verification using keystroke analysis”, BCS SGAI Symposium/Colloquium on Intelligence in Security and Forensic Computing, Edinburgh, 3 April 2006.
“The Challenge of Usable IT Security”, Keynote presentation, Usability Engineering, University of Oviedo, Spain, 23-24 March 2006.
"The way forward - Where to from here?", Expert Panel, 1st Colloquium for Information Systems Security Education - Asia Pacific, Adelaide, Australia, 22 November 2005.
"Hitting easy targets: The Internet threats facing end-users", University of Malaga, Spain, 28 October 2005.
“Internet insecurity: Who's trying to spoil your day today?”, Keynote presentation at ITA 2005 - International conference on Internet Technologies and Applications, Wrexham, North Wales, 8 September 2005.
“Fostering the usability of information security solutions“, APEC-OECD Workshop on the Security of Information Systems and Networks, Seoul, Korea, 6 September 2005.
"Educating And Raising Awareness Of Governance Company Wide", Keynote Panel, Infosecurity Europe 2005, Olympia, London, 26 April 2005.
"Get patched or get punched: Plugging the security holes before the attackers hit you", Northampton BCS, 8 March 2005.
"The requirements and challenges of automated intrusion response", University of Birmingham, 20 January 2005.
"Enemies within? : Managing the problem of insider attacks and misuse", Keynote presentation at InfoSec 2004, Fremantle, Western Australia, 26th November 2004"
"Cyber Parasites: The ongoing march of malware", Australian Institute of Professional Intelligence Officers, Perth, Western Australia, 19th November 2004.
"Malware Evolution: The arrival of the true computer parasite?", University of Wales, 3 November 2004.
"Biometric user authentication using keystroke dynamics", University of Bristol, 2 November 2004.
"Cyber Threats: What are the issues and who sets the agenda?", 5th International Relations Conference, The Hague, The Netherlands, 9-11 September 2004.
"The Darker Side of Innovation", Expert Panel, 7th Working Conference on IT Innovation for Adaptability and Competitiveness, Leixlip, Ireland, 30 May-2 June 2004.
"E-commerce Security: Getting Consumers to Trust the Net", Keynote Presentation, IV Jornadas Internacionales sobre comercio electronico, Oviedo, Spain, 25-27 November 2003.
"Cybercrime", Keynote Presentation, International Conference on Web Engineering (ICWE'03), Oviedo, Spain, 16-18 July 2003.
"Insider IT Misuse", Interpol IT Crime Forum, The Hague, 21 May 2003.
"Cybercrime", Faculty Research Seminar, Middlesex University, 26 March 2003.
"Cybercrime Expert Panel", SecurIT Summit, Montreux, Switzerland, 19-21 October 2002.
"Security requirements for online distance learning", ELATnet modules for multimedia netbased teaching International Workshop, Munich, Germany, 18-20 September 2002.
"Mobile Security Biometrics", Global Information Society Forum.31, Tokyo, Japan, 23 May 2002.
"Cybercrime: Vandalising the Information Society", Guest lecture, Middlesex University, 23 April 2002.
"User Authentication Methods for Mobile Systems", Managing the Mobile Workforce, The Open Group Conference, Paris, France, 9 April 2002.
"Security issues in Online Distance Learning", JCALT Workshop on Security in Virtual Learning Environments, South Bank University, UK. 23 October 2000.
"E-commerce: Consumer security fears and expectations", British Computer Society – South West Branch, University of Plymouth, UK. 11 April 2000.
"Realising Security Policy within the Healthcare Environment", University of Cambridge, UK. 3 December 1998.
"Computer Abuse: Vandalising the Information Society", British Computer Society – South West Branch, University of Plymouth, UK. 21 January 1997.

Invited participation in short courses

Fourteenth European Intensive Programme on Information & Communications Security (IPICS 2011), Ionian University, Greece, August 2011.
Thirteenth European Intensive Programme on Information & Communications Security (IPICS 10), Technical University of the Aegean, Greece, July 2010.
Twelfth European Intensive Programme on Information & Communications Security (IPICS 09), Technical University of Vienna, Austria, July 2009.
Eleventh European Intensive Programme on Information & Communications Security (IPICS 08), University of Regensburg, Germany, July 2008.
European Intensive Programme on Information & Communication Technologies Security (IPICS ‘2008) – Ninth Winter School, Rovaniemi, Finland, March 2008.
Tenth European Intensive Programme on Information & Communications Security (IPICS 07), University of Glamorgan, Wales, July 2007.
Eighth European Intensive Programme on Information & Communications Security (IPICS 05), Chios, Greece, July 2005.
European Intensive Programme on Information & Communication Technologies Security (IPICS ‘2005) – Sixth Winter School, Oulu, Finland, 30 March-7 April 2005.
Seventh European Intensive Programme on Information & Communications Security (IPICS 04), Graz, Austria, July 2004.
European Intensive Programme on Information & Communication Technologies Security (IPICS ‘2004) – Fifth Winter School, Oulu, Finland, 30 March-7 April 2004.
Sixth European Intensive Programme on Information & Communications Security (IPICS 03), Malaga, Spain, July 2003.
European Intensive Programme on Information & Communication Technologies Security (IPICS ‘2003) – Fourth Winter School, Oulu, Finland, 8-16 April 2003.
Fifth European Intensive Programme on Information & Communications Security (IPICS 2002), Samos, Greece, 8-19 July 2002.
Fourth European Intensive Programme on Information & Communications Security (IPICS 2001), Samos, Greece, 20-31 August 2001.
Second European Intensive Programme on Information & Communications Security (IPICS 99), Chios, Greece, 8-20 August 1999.

Conferences organised

As Conference Organiser

In progress

International Chair, 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011), Abu Dhabi, UAE, 11-14 December 2011.
Programme Co-chair, 27th IFIP International Information Security and Privacy Conference (SEC 2012), Crete, Greece, 4-6 June 2012.

Completed

Co-organiser, International Network Conference (INC ’98), Plymouth, UK, 7-9 July 1998.
Chair, International Network Conference 2000 (INC 2000), Plymouth, UK, 3-6 July 2000.
Chair, International Network Conference 2002 (INC 2002), Plymouth, UK, 16-18 July 2002.
Chair, EUROMEDIA 2003, Plymouth, UK, 14-16 April 2003.
Co-chair, Second European Conference on Information Warfare and Security, University of Reading, United Kingdom, 30 June - 1 July 2003.
Co-chair, The 3rd Security Conference, Las Vegas, Nevada, 14-15 April 2004.
Chair, International Network Conference 2004 (INC 2004), Plymouth, UK, 6-9 July 2004.
Co-chair, The 4th Security Conference, Las Vegas, Nevada, 30-31 March 2005.
Co-chair, International Network Conference 2005 (INC 2005), Samos, Greece, 5-7 July 2005.
Co-Chair, IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems, Fairfax, Virginia, 1-2 December 2005.
Co-chair, The 5th Annual Security Conference, Las Vegas, Nevada, 19-20 April 2006.
Co-chair, IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on Security Culture, Karlstad, Sweden, 22 May 2006.
Chair, International Network Conference 2006 (INC 2006), Plymouth, UK, 11-14 July 2006.
Co-chair, 3rd International Conference on Trust, Privacy, and Security of Digital Business (TrustBus’06), Krakov, Poland, 4-8 September 2006.
Co-chair, The 6th Annual Security Conference, Las Vegas, Nevada, 11-12 April 2007.
Co-chair, IFIP TC-11 WG 11.1 & WG 11.8 Joint Workshop on Information Security, Sandton, South Africa, 15 May 2007.
Co-chair, International Symposium on Human Aspects of Information Security and Assurance (HAISA 2007), Plymouth, UK, 10 July 2007.
Co-chair, The 7th Annual Security Conference, Las Vegas, Nevada,2-3 June 2008.
Chair, 7th European Conference on Information Warfare and Security, Plymouth, United Kingdom, 30 June - 1 July 2008.
Chair, International Network Conference 2008 (INC 2008), Plymouth, UK, 8-10 July 2008.
Co-chair, Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), Plymouth, UK, 8-9 July 2008.
Co-chair, 5th International Conference on Trust, Privacy, and Security of Digital Business (TrustBus’08), Turin, Italy, 4-5 September 2008.
Co-chair, 11th Annual Working Conference on Information Security Management, Richmond, Virginia, 16-18 October 2008.
Co-chair, The 8th Annual Security Conference, Las Vegas, Nevada, 15-16 April 2009.
Co-chair, Third International Symposium on Human Aspects of Information Security and Assurance (HAISA 2009), Athens, Greece, 25-26 June 2009.
Co-chair, The 9th Annual Security Conference, Las Vegas, Nevada,7-8 April 2010.
Co-chair, South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, 17-18 May 2010.
Co-chair, Eighth International Network Conference (INC 2010), 6-8 July, Heidelberg, Germany.
Co-chair, The 10th Annual Security Conference, Las Vegas, Nevada,4-6 May 2011.
Co-chair, Fifth International Symposium on Human Aspects of Information Security and Assurance (HAISA 2011), London, UK, 7-8 July 2011.
Co-chair, 8th International Conference on Trust, Privacy & Security in Digital Business (TrustBus’11), Toulouse, France, 29 Aug – 2 Sept 2011.
Local Chair, SecureComm 2011 - 7th International ICST Conference on Security and Privacy in Communications Network, London, UK, 7-9 September 2011.

As Committee member, Reviewer, etc.

Referee and Session Chairman, EUROMEDIA 98, Leicester, UK, 5-7 January 1998.
Referee, Healthcare Computing 99, Harrogate, UK, 22-24 March 1999
Programme Committee, EUROMEDIA 99, Munich, Germany, 25-28 April 1999.
Programme Committee, 2nd International Workshop on Innovative Internet Information Systems (IIIS’99), Copenhagen, Denmark, 21-22 June 1999
Referee, Healthcare Computing 2000, Harrogate, UK, 20-22 March 2000
Programme Committee, EUROMEDIA 2000, Antwerp, Belgium, 8-10 May 2000
Workshop Committee, 1st Australian Information Security Management Workshop, Geelong, Australia, 7 November 2000.
Referee, Healthcare Computing 2001, Harrogate, UK, 19–21 March, 2001.
Programme Committee, EUROMEDIA 2001, Valencia, Spain, 19-10 April 2001.
Reviewer, 8th Annual Working Conference on Information Security Management & Small Systems Security, Las Vegas, USA, 27-28 September 2001.
Reviewer, 2nd International Information Warfare and Security Conference, Perth, Western Australia, 29-30 November 2001.
Programme Committee, EUROMEDIA 2002, Modena, Italy, 14-16 April 2002.
Conference Committee, European Conference on Information Warfare and Security, Brunel University, United Kingdom, 8-9 July 2002.
Session Chair, 3rd Australian Information Warfare & Security Conference 2002, Perth, Australia, 28-29 November 2002.
Programme Committee, 18th IFIP International Information Security Conference (IFIP SEC 2003), Athens, Greece, 26-28 May 2003.
Programme Committee, IFIP WG11.1 9th Annual Working Conference on Information Security Management, Athens, Greece, 27 May 2003.
Programme Committee, Third World Conference on Information Security Education (WISE 3), Monterey California, USA, 26-28 June 2003.
Reviewer, 3rd Annual Information Security South Africa (ISSA) conference, Sandton, Gauteng, 9-11 July 2003.
Programme Committee, International Conference on Web Engineering (ICWE'03), Oviedo, Spain, 16-18 July 2003.
Programme Committee, Seventh IFIP Communications and Multimedia Security conference (CMS 2003), Turin, Italy, 2-3 October 2003.
Programme Committee, 1st Australian Computer, Network & Information Forensics Conference, Perth, Australia, 24-28 November 2003.
Programme Committee, 1st Australian Information Security Management Conference, Perth, Australia, 24-28 November 2003.
Programme Committee, Information & Communication Technology (ICICT'03), Cairo, Egypt, 30 November-2 December 2003.
Scientific Committee, Sciences of Electronic Technologies, Information and Telecommunications (SETIT) 2004, Susa, Tunisia, 15-20 March 2004.
Associate Editor, ISOneWorld Conference & Convention, Las Vegas, Nevada, 14-16 April 200
Programme Committee, EUROMEDIA 2004, Hasselt, Belgium, 19-21 April 2004.
Programme Committee, 1st European PKI Workshop: Research and Applications, Samos, Greece, 25-26 June 2004.
Conference Executive, 3rd European Conference on Information Warfare and Security, Royal Holloway, University of London, United Kingdom, 28-29 June 2004.
Programme Committee, 4th Annual Information Security South Africa (ISSA) Conference, Gauteng Region (Johannesburg), South Africa, 1 – 3 July 2004
Programme Committee, 18th IFIP International Information Security Conference (IFIP SEC 2004), Toulouse, France, August 2004
International Programme Committee, Trust and Privacy in Digital Business (TrustBus´04), Zaragoza, Spain, 1-5 September 2004.
Reviewer, 5th Australian Information Warfare & Security Conference, Perth, Western Australia, 25-26 November 2004.
Reviewer, IEEE Wireless Communications and Networking Conference (WCNC) 2005, New Orleans, USA, 13-17 March 2005.
Scientific Committee, Sciences of Electronic Technologies, Information and Telecommunications (SETIT) 2004, Susa, Tunisia, 27-31 March 2005.
Programme Committee, EUROMEDIA 2005, Toulouse, France, 11-13 April 2005.
Programme Committee, 14th EICAR Annual Conference, St Julians, Malta, 30 April – 3 May 2005.
Programme Committee, Fourth World Conference on Information Security Education (WISE 4), Moscow, Russia, 18-20 May 2005.
Reviewer, Workshop on Security In Information Systems (WOSIS-2005), Miami Beach, Florida, USA, 24-25 May 2005.
Programme Committee, 20th IFIP International Information Security Conference (IFIP SEC 2005), Chiba, Japan, 30 May-1 June 2005.
Programme Committee, Second SIG SIDAR Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA 2005), Vienna, Austria, 7–8 July 2005.
Programme Committee, 5th Annual Information Security South Africa (ISSA) Conference, Gauteng Region (Johannesburg), South Africa, 29 June – 1 July 2005.
Programme Committee, Second European PKI Workshop, Kent, UK, 30 June – 1 July 2005.
Conference Executive, Fourth European Conference on Information Warfare and Security, Glamorgan, South Wales, 11-12 July 2005
Programme Committee, TrustBus'05, Copenhagen, Denmark, 22-26 August 2005
Programme Committee, International Conference on Internet Technologies and Applications (ITA 05), Wrexham, North Wales, 7-9 September 2005
Programme Committee, International Conference on E-business and Telecommunication Networks, Reading, UK, 3-7 October 2005.
Programme Committee, Third IASTED International Conference on Communications and Computer Networks (CCN 2005), Marina del Rey, California, USA, 24-26 October 2005.
Programme Committee, 3rd Latin American Web Congress, Buenos Aires, Argentina, 31 October – 2 November 2005.
Programme Committee, IASTED International Conference on Communications, Internet and Information Technology (CIIT 2005), Cambridge, USA, 31 October – November 2005.
Reviewer, 6th Australian Information Warfare and Security Conference, Geelong, Victoria, Australia, 24-25 November 2005.
Programme Committee, 1st European Conference on Computer Network Defence (EC2ND), Glamorgan, South Wales, 15-16 December 2005.
Reviewer, 5th IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2005), Athens, Greece, 18-21 December 2005.
Programme Committee, EUROMEDIA 2006, Athens, Greece, April 2006.
Programme Committee, IEEE 20th International Conference on Advanced Information Networking and Applications (AINA2006), Vienna, Austria, 18-20 April 2006.
Programme Committee, First International Conference on Availability, Reliability and Security (AReS) ARES 2006 - "The International Dependability Conference", Vienna, Austria, 20-22 April 2006.
Programme Committee, 15th EICAR Annual Conference, Hamburg, Germany, 29 April – 2 May 2006.
Programme Committee, Second IEEE International Conference DFMA 06 (Distributed framework for Multimedia Applications), Penang, 14-17 May 2006.
Programme Committee, 21st IFIP International Information Security Conference (IFIP SEC 2006), Karlstad, Sweden, 22-24 May 2006
Programme Committee, Fourth International Workshop on Security In Information Systems (WOSIS-2006), Paphos, Cyprus, May 2006.
Conference Executive, Fifth European Conference on Information Warfare and Security, Helsinki, Finland, 1-2 June 2006.
Programme Committee, 7th Annual IEEE Information Assurance Workshop, United States Military Academy, West Point, New York, 21-23 June 2006.
Programme Committee, International Symposium on Performance Evaluation and Modelling of Wireless Networks (PEMWN06), Toronto, Canada, June/July 2006.
Programme Committee, Communication Systems and Applications (CSA 2006), Banff, Canada, 3-5 July 2006.
Programme Committee, 1st Conference on Advances in Computer Security and Forensics (ACSF), Liverpool, 13-14 July 2006.
Programme Committee, SECRYPT 2006, Setϊbal, Portugal, 7-10 August 2006.
Programme Committee, 9th Information Security Conference (ISC 06), Samos Island, Greece, 30 August 30 – 2 September 2006.
Programme Committee, 1st International Workshop on Critical Information Infrastructures Security (CRITIS'06), Samos Island, Greece, 30 August – 2 September 2006.
Programme Committee, 5th International Conference on Entertainment Computing (ICEC 2006), Cambridge, UK, 20-22 September 2006.
Programme Committee, IASTED International Conference on Communications and Computer Networks (CCN 2006), Lima, Peru, 4-6 October 2006
Programme Committee, First International Workshop on Security (IWSEC2006), Kyoto, Japan, 23-24 October 2006.
Programme Committee, 4th Latin American Web Congress (LA-Web 2006), Puebla, Mexico, 25-27 October 2006.
Technical Programme Committee, First International Workshop on Information Security (IS'06), Montpellier, France, 29 October – 3 November 2006.
Programme Committee, 8th International Symposium on System and Information Security (SSI´2006), Sao Jose dos Campos, Sao Paulo, Brazil, 8-10 November 2006.
Programme Committee, Fifth IASTED International Conference on Communications, Internet and Information Technology (CIIT 2006), St Thomas, US Virgin Islands, 29 November – 1 December 2006.
Programme Committee. IADIS e-commerce 2006, Barcelona, Spain, 9-11 December 2006.
Programme Committee. 2nd European Conference on Computer Network Defence (EC2ND), Glamorgan, UK. 14-15 December 2006.
Programme Committee, 2nd IEEE International Conference on Signal Image Technology & Internet Based Systems - Track II - Web-based Information Technologies and Distributed Systems, Hammamet, Tunisia, 17-21 December 2006.
Programme Committee, The Second International Conference on Availability, Reliability and Security (AReS 2007), Vienna, Austria, 10-13 April 2007.
Programme Committee, First International Workshop on Spoofing, Digital Forensics and Open Source Tools (SDFOST), Vienna, Austria, 10-13 April 2007.
Programme Committee, ISOneWorld 2007 Conference and Convention, Las Vegas, Nevada, USA, 11-13 April 2007.
Programme Committee, EUROMEDIA 2007, April 2007, Delft, The Netherlands.
Programme Committee, 2007 International Conference on New Technologies, Mobility and Security (NTMS2007), Beirut, Lebanon, 30 April- 3 May 2007.
Programme Committee, 22nd IFIP International Information Security Conference (IFIP SEC 2007), Sandton, South Africa, 14-16 May 2007.
Programme Committee, 16th EICAR Annual Conference, 2007.
Programme Committee, 2007 Information Resources Management Association (IRMA) International Conference, Vancouver, Canada, 19-23 May 2007.
Programme Committee, 2nd International Conference on Information Science and Security, Seoul, South Korea, 23-26 May 2007.
Programme Committee, IASTED International Conference on Wireless and Optical Communications (WOC 2007), Montreal, Canada, 30 May - 1 June 2007.
Programme Committee, Fifth International Workshop on Security In Information Systems (WOSIS 2007), Madeira, Portugal, June 2007.
Conference Executive, 6th European Conference on Information Warfare and Security, Shrivenham, UK, 2-3 July 2007.
Programme Committee, Fifth IASTED International Conference on Communications, Internet, and Information Technology (CIIT 2007), Banff, Canada, 2-4 July 2007.
Programme Committee, 2nd Conference on Advances in Computer Security and Forensics (ACSF), Liverpool, UK, 12-13 July 2007.
Programme Committee, SECRYPT 2007, Barcelona, Spain 28-31 July 2007.
Programme Committee, 2nd Annual Workshop on Digital Forensics and Incident Analysis (WDFIA 2007), Samos, Greece, 27-28 August 2007.
Programme Committee, Third International Security Symposium on Information Assurance and Security (IAS07), Manchester, UK, 29-30 August 2007.
Program Committee, 4th International Conference on Trust, Privacy and Security in Digital Business (TrustBus'07), Regensburg, Germany, 3-7 September 2007.
Programme Committee, Second International Conference on Internet Technologies and Applications (ITA 07), Wrexham, North Wales, 4-7 September 2007.
Programme Committee, IFIP 6th International Conference on Entertainment Computing (ICEC 2007), Shanghai Jiao Tong University, Shanghai, P. R. China, 20-22 September 2007.
Programme Committee, Second International Workshop on Security (IWSEC 2007), Nara, Japan, October 2007.
Program Committee, IASTED International Conference on Communication Systems, Networks and Applications (CSNA 2007), Beijing, China, 8-10 October 2007.
Programme Committee, International Symposium on Information Security (IS'2007), Spain, 28 October - 2 November 2007.
Programme Committee, Workshop on Authentication and Identification Techniques (WAIT), Oslo, Norway, 19 November 2007.
Programme Committee, IADIS e-commerce 2006, Algarve, Portugal, 7-9 December 2007.
Programme Committee, 4th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications (DRM 2008), Las Vegas, USA, 12 January 2008.
Programme Committee, Third International Conference on Availability, Reliability and Security (ARES 2008), Barcelona, Spain, 4-7 March 2008.
Programme Committee, 6th International Workshop on Security in Information Systems (WOSIS 2008), Barcelona, Spain, 12-13 June 2008.
Review Committee, Information Security South Africa 2008 (ISSA 2008), University of Johannesburg, Gauteng, South Africa, 7-9 July 2008.
Programme Committee, 3rd Advances in Computer Security and Forensics (ACSF) conference, Liverpool, UK, 10-11 July 2008.
Programme Committee, IADIS International Conference e-Commerce 2008, Amsterdam, Netherlands, 25-27 July 2008.
Programme Committee, SECRYPT 2008, 26-29 July, Porto, Portugal. [112] Reviewer, UK Systems Society International Conference 2008, Oxford, UK, 1-3 September 2008.
Programme Committee, 23rd International Information Security Conference (SEC 2008), Milan, Italy, 8-10 September 2008.
Programme Committee, 4th International Conference on Information Assurance and Security (IAS 2008), Naples, Italy, 8-10 September 2008.
Programme Committee, 7th International Conference on Entertainment Computing (ICEC 2008), Pittsburgh, USA, 25-27 September 2008.
Programme Committee, Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2008), Wilderness, Garden Route, South Africa, 6-8 October 2008.
Programme Committee, 3rd Annual Workshop on Digital Forensics and Incident Analysis (WDFIA 2008), Malaga, Spain, 9 October 2008.
Programme Committee, International Workshop on War & Peace Driving: Wireless Security and Public Uptake, Avignon, France, 12 October 2008.
Programme Committee, 10th International Conference on Information and Communications Security (ICICS 2008), Birmingham, UK, 20-22 October 2008.
Programme Committee, LA-WEB 2008 - 6th Latin American Web Congress, Vila Velha, Brazil, 28-30 October 2008.
Programme Committee, Third International Workshop on Security (IWSEC 2008), Kagawa, Japan, 25-27 November 2008.
Programme Committee, 5th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications, Las Vegas, Nevada, 13 January 2009.
Programme Committee, The Fourth International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan, 16-19 March 2009.
Programme Committee, EUROMEDIA 2009, Bruges, Belgium, 15-17 April 2009.
Programme Committee, 7th International Workshop on Security in Information Systems (WOSIS), Milan, Italy, 6-7 May 2009.
Programme Committee, 18th EICAR Annual Conference, Berlin, Germany, 11-12 May 2009.
Programme Committee, 24th IFIP International Information Security Conference (SEC 2009), Pafos, Cyprus, 18-20 May 2009.
Programme Committee, IFIP TC 8 International Workshop on Information Systems Security Research, Cape Town, South Africa, 29-30 May 2009.
Review Panel. 8th Annual Information Security South Africa Conference (ISSA 2009), Johannesburg, South Africa, 6-8 July 2009.
International Programme Committee, SECRYPT 2009, Milan, Italy, 7-10 July 2009.
Programme Committee, Fifth International Conference on Information Assurance and Security (IAS09), Xi'an City, China, 18-20 August 2009.
Programme Committee, 20th International Conference on Database and Expert Systems Applications (DEXA 2009), Linz, Austria, 31 August - 4 September 2009.
Programme Committee, 6th International Conference on Trust, Privacy & Security in Digital Business (TrustBus ’09), Linz, Austria, 31 August - 4 September 2009.
Programme Committee, Third International Conference on Internet Technologies and Applications (ITA09), Wrexham, North Wales, 8-11 September 2009.
Programme Committee, Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2009), Vaal River, South Africa, 13-14 October 2009.
Programme Committee, 3rd International Conference on Network and System Security (NSS 2009), Gold Coast, Australia, 19-21 October 2009.
Programme Committee, 4th International Workshop on Security (IWSEC 2009), Toyama, Japan, 28-30 October 2009.
Programme Committee, FTRG International Workshop on Advances in Cryptography, Security and Applications (ACSA-09), Jeju, Korea, 11-12 December 2009.
Reviewer, International Conference on "Developments in eSystems Engineering" (DeSE '09), Abu Dhabi, United Arab Emirates, 14-16 December 2009.
Technical Programme Committee, 6th IEEE International Workshop on Digital Rights Management (IEEE CCNC DRM 2010), Las Vegas, Nevada, 13 January 2010.
Programme Committee, 19th Annual EICAR Conference, Paris, France, 8-11 May 2010.
Programme Committee, 2nd International Workshop on Managing Insider Security Threats (MIST 2010), Morioka, Iwate, Japan, 14-15 June 2010.
Programme Committee, European Conference on i-Warfare and Security (ECIW 2010), Thessaloniki, Greece, 1-2 July 2010.
Program Committee, International Conference on Security and Cryptography (SECRYPT 2010), Athens, Greece, 26-28 July 2010.
Programme Committee, IADIS International Conference on e-COMMERCE 2010, Freiburg, Germany, 28-30 July 2010.
Programme Committee, 9th Annual Information Security South Africa Conference (ISSA 2010), Johannesburg, South Africa, 2-4 August 2010.
Programme Committee, Sixth International Conference on Information Assurance and Security (IAS 2010), Atlanta, USA, 23-25 August 2010.
Programme Committee, 7th International Conference on Trust, Privacy and Security in Digital Business (TrustBus'10), Bilbao, Spain, 30 August - 3 September 2010.
Programme Committee, 25th IFIP International Information Security Conference (SEC 2010), Brisbane, Australia, 20-23 September 2010.
Programme Committee, 7th European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI’10), Athens, Greece, 23-24 September 2010.
Programme Committee, 2010 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2010), Bela Bela, South Africa, 11-13 October 2010.
Programme Committee, IFIP IDMAN 2010 - 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN’10), Oslo, Norway, 18-19 November 2010.
Programme Committee, 5th International Workshop on Security (IWSEC 2010), Kobe, Japan, 22-24 November 2010.
Programme Committee, FTRG 2010 International Symposium on Advances in Cryptography, Security and Applications for Future Computing (ACSA-10) Seoul, Korea, 9-11 December 2010.
Technical Program Committee, 7th IEEE International Workshop on Digital Rights Management Impact on Consumer Communications (DRM 2011), Las Vegas, Nevada, 9 January 2011.
Technical Program Committee, Second International Conference on Technical and Legal Aspects of the e-Society (CYBERLAWS 2011), Gosier, Guadeloupe, France, 23-28 February 2011.
Programme Committee, 20th Annual EICAR Conference (EICAR 2011), Krems, Austria, 9-10 May 2011.
Programme Committee, 6th Annual Conference Security and Protection of Information (SPI), Brno, Czech Republic, 10-12 May 2011.
Programme Committee, 26th IFIP International Information Security Conference (SEC2011) Lucerne, Switzerland, 7-9 June 2011.
Programme Committee, Eighth Workshop on Security in Information Systems (WOSIS 2011), Beijing, China, 8-11 June 2011.
Programme Committee, International Conference on Security and Cryptography - SECRYPT 2011, Seville, Spain, 18-21 July.
Programme Committee, IADIS International Conference on e-COMMERCE 2011, Rome, Italy, 21-23 July 2011.
Programme Committee, 2nd International Cyber Resilience Conference (ICR2011), Perth, Australia, 1-2 August 2011.
Programme Committee, 10th Annual Information Security South Africa Conference (ISSA 2011), Johannesburg, South Africa, 15-17 August 2011.
Programme Committee, Fourth International Conference on Internet Technologies and Applications (ITA11), Wrexham, North Wales, 6-9 September 2011.
Programme Committee, 6th International Conference on Critical Information Infrastructures Security (CRITIS 2011), Lucerne, Switzerland, 8-9 September 2011.
Programme Committee, 2011 European Intelligence and Security Informatics Conference (EISIC 2011), Athens, Greece, 12-14 September 2011.
Program Committee, 8th European Workshop on PKI, services and applications (EUROPKI 2011), Leuven, Belgium, 15-16 September 2011.
Program Committee, 2011 Annual Conference of the South African Institute of Computer Scientists and Information Technologists (SAICSIT 2011), Cape Town, South Africa, 3-5 October 2011.
Programme Committee, 6th International Workshop on Security (IWSEC 2011), Tokyo, Japan, 8-10 November 2011.
Programme Committee, Fourth International Conference on Developments in E-Systems Engineering (DESE2011), Dubai, UAE, 6-8 December 2011.
Programme Committee, 9th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC2011), Sydney, Australia, 12-14 December 2011.
Program Committee, Third International Conference on Technical and Legal Aspects of the e-Society (CYBERLAWS 2012), Valencia, Spain, 30 January – 4 February 2012.

Links
For further details please visit my research centre pages .