Teodor Sommestad’s publications

Journal papers

Hannes Holm, Teodor Sommestad (accepted). So Long , and Thanks for Only Using Readily Available Scripts, Information & Computer Security

Teodor Sommestad, Henrik Karlzén, Peter Nilsson, Jonas Hallberg (2016). An empirical test of the perceived relationship between risk and the constituents severity and probability, 194–204, Information & Computer Security, 24 (2).

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg. (2015). A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour. 26–46, International Journal of Information Security and Privacy, 9 (1).

Teodor Sommestad, Fredrik Sandström. (2015). An Empirical Test of the Accuracy of an Attack Graph Analysis Tool, 516–31, Information and Computer Security 23 (5).

Teodor Sommestad, Ulrik Franke (2015). A test of intrusion alert filtering based on network information. 2291-2301, Security and Communication Networks 8(3).

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg (2015).The Sufficiency of the Theory of Planned Behavior for Explaining Information Security Policy Compliance, 200-217, Information Management & Computer Security 23(2).

Teodor Sommestad, Jonas Hallberg, Kristoffer Lundholm, Johan Bengtsson (2014). Variables influencing information security policy compliance: a systematic review of quantitative studies, Information Management & Computer Security 22(1).

Teodor Sommestad, Hannes Holm, Mathias Ekstedt, Nicholas Honeth (2014). Quantifying the effectiveness of intrusion detection systems in operation through domain experts, 3–35, Journal of Information System Security, 10 (2).

Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Nicholas Honeth (2013). Indicators of expert judgment and their significance: an empirical investigation in the area of cyber security, 299-318, Expert Systems 31(4).

Teodor Sommestad, Amund Hunstad (2013). Intrusion detection and the role of the system administrator, 30 - 40, Information Management & Computer Security 21(1).

Teodor Sommestad, Mathias Ekstedt, Hannes Holm (2013). The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures, 363-373, IEEE Systems Journal 7(3).

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2012). Estimates of success rates of remote arbitrary code execution attacks, 107 - 122, Information Management & Computer Security 20(2).

Hannes Holm, Teodor Sommestad, Ulrik Franke, Mathias Ekstedt (2012). Success rate of remote code execution attacks – expert assessments and observations, 732-749,Journal of Universal Computer Science 18(6).

Hannes Holm, Teodor Sommestad, Jonas Almroth, Mats Persson (2011). A quantitative evaluation of vulnerability scanning, 231-247, Information Management & Computer Security 19(4).

WR Flores, Teodor Sommestad, Hannes Holm (2011). Assessing Future Value of Investments in Security-Related IT Governance Control Objectives – Surveying IT Professionals, 216-227, The Electronic Journal of Information Systems Evaluation 14(2).

Teodor Sommestad, Mathias Ekstedt, Hannes Holm, Muhammad Afzal (2011). Security mistakes in information system deployment projects, 80-94, Information Management & Computer Security 19(2).

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2010). A probabilistic relational model for security risk analysis, 659-679, Computers & Security 29(6).

Teodor Sommestad, Joakim Lillieskold (2010). Development of an effort estimation model – a case study on delivery projects at a leading IT provider within the electric utility industry, 152, International Journal of Services Technology and Management 13(1/2).

Teodor Sommestad, Mathias Ekstedt, Lars Nordstrom (2009). Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams, 1801-1808, IEEE Transactions on Power Delivery 24(4).

Book sections, conference papers and workshop papers

Hannes Holm, Teodor Sommestad (2016). SVED: Scanning, Vulnerabilities, Exploits and Detection, MILCOM 2016, Baltimore, MD.

Hannes Holm, Teodor Sommestad, and Johan Bengtsson (2015). Requirements Engineering: The Quest for the Dependent Variable, IEEE International Requirements Engineering Conference. Ottawa, Canada.

Teodor Sommestad (2015). Experimentation on operational cyber security in CRATE, NATO STO-MP-IST-133 Specialist Meeting, Copenhagen, Denmark.

Patrik Lif, Teodor Sommestad (2015). Human Factors Related to the Performance of Intrusion Detection Operators, Human Aspects of Information Security, Privacy, and Trust. Lesvos, Greece.

Teodor Sommestad, Henrik Karlzén, Peter Nilsson, Jonas Hallberg (2015). Perceived Information Security Risk as a Function of Probability and Severity, Human Aspects of Information Security, Privacy, and Trust. Lesvos, Greece.

Teodor Sommestad (2015). Social groupings and information security obedience within organizations, International Information Security and Privacy Conference. Hamburg.

Matus Korman, Mathias Ekstedt, Teodor Sommestad, Jonas Hallberg, Johan Bengtsson (2014). Overview of Enterprise Information Needs in Information Security Risk Assessment, IEEE EDOC – “Enterprise Computing Conference”.

Teodor Sommestad, Jonas Hallberg (2013). A review of the theory of planned behaviour in the context of information security policy compliance, International Information Security and Privacy Conference.

Hannes Holm, Mathias Ekstedt, Teodor Sommestad (2013). Effort Estimates on Web Application Vulnerability Discovery, 2013 46th Hawaii International Conference on System Sciences.

Teodor Sommestad, Jonas Hallberg (2012). Cyber security exercises and competitions as a platform for cyber security experiments, NordSec.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2012). Effort Estimates for Vulnerability Discovery Projects, 5564-5573, 45th Hawaii International Conference on System Sciences.

Teodor Sommestad, Amund Hunstad (2012). Intrusion detection and the role of the system administrator, Proceedings of International Symposium on Human Aspects of Information Security & Assurance.

Markus Buschle, Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Khurram Shahzad (2011). A Tool for automatic Enterprise Architecture modeling, 1-15, CAISE'11 Forum.

Teodor Sommestad, Jonas Hallberg (2011). Cyber security exercises as a platform for cyber security experiments, 33, TAMSEC.

Robert Lagerström, Teodor Sommestad, Markus Buschle, Mathias Ekstedt (2011). Enterprise architecture management’s impact on information technology success, Proceedings of the Hawaii International Conference on System Sciences (HICSS-44).

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2011). Estimates of Success Rates of Denial-of-Service Attacks, 21-28, 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Ulrik Franke (2011). Expert assessment on the probability of successful remote code execution attacks, Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011.

Markus Buschle, Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Khurram Shahzad (2011). A Tool for automatic Enterprise Architecture modeling, 1-15, IS Olympics: Information Systems in a Diverse World.

Markus Buschle, Johan Ullberg, Ulrik Franke, Robert Lagerström, Teodor Sommestad (2011). A Tool for Enterprise Architecture Analysis Using the PRM Formalism, 108-121, Information Systems Evolution.

Teodor Sommestad, Mathias Ekstedt, Lars Nordström (2010). A case study applying the Cyber Security Modeling Language, Proceeding of CIGRE (International Council on Large Electric Systems).

Markus Buschle, Johan Ullberg, Ulrik Franke, Robert Lagerström, Teodor Sommestad (2010). A Tool for Enterprise Architecture Analysis using the PRM formalism, Proc. CAiSE Forum 2010.

Fredrik Löf, Johan Stomberg, Teodor Sommestad, Mathias Ekstedt, Jonas Hallberg, Johan Bengtsson (2010). An Approach to Network Security Assessment based on Probabilistic Relational Models, First Workshop on Secure Control Systems (SCS-1).

Teodor Sommestad, G Björkman, Mathias Ekstedt, L Nordström (2010). Information system architectures in electrical distribution utilities, Proceedings of NORDAC.

Teodor Sommestad, GN Ericsson, Jakob Nordlander (2010). SCADA System Cyber Security–A Comparison of Standards, IEEE PES General Meeting.

Per Närman, Teodor Sommestad, Sofia Sandgren, Mathias Ekstedt (2009). A framework for assessing the cost of IT investments, PICMET 2009 Proceedings.

Sabine Buckl, Ulrik Franke, Oliver Holschke, Florian Matthes, Christian M Schweda, Teodor Sommestad, Johan Ullberg (2009). A Pattern-based Approach to Quantitative Enterprise Architecture Analysis, Proc. 15th Americas Conference on Information Systems ({AMCIS}), San Francisco, {USA}.

Mathias Ekstedt, Ulrik Franke, Pontus Johnson, Robert Lagerström, Teodor Sommestad, Johan Ullberg, Markus Buschle (2009). A Tool for Enterprise Architecture Analysis of Maintainability, 327-328, Proceedings of the 2009 European Conference on Software Maintenance and Reengineering.

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2009). Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models, 1-10, Proceedings of Hawaii International Conference on System Sciences (HICSS).

Ulrik Franke, Johan Ullberg, Teodor Sommestad, Robert Lagerström, Pontus Johnson (2009). Decision support oriented Enterprise Architecture metamodel management using classification trees, 328-335, 2009 13th Enterprise Distributed Object Computing Conference Workshops.

Mathias Ekstedt, Teodor Sommestad (2009). Enterprise Architecture Models for Cyber Security Analysis, IEEE PES Power Systems Conference & Exhibition (PSCE).

Waldo Rocha Flores, Teodor Sommestad, Pontus Johnson, Mårten Simonsson (2009). Indicators predicting similarities in maturity between processes: An empirical Analysis with 35 European organizations, 1st Annual Pre-ICIS Workshop on Accounting Information Systems.

Erik Johansson, Teodor Sommestad, Mathias Ekstedt (2009). Issues of Cyber Security In Scada-Systems-on the Importance of Awareness, The 20th International Conference on Electricity Distribution (CIRED).

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2008). Combining Defense Graphs and Enterprise Architecture Models for Security Analysis, 349-355, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

Ulrik Franke, Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2008). Defense Graphs and Enterprise Architecture for Information Assurance Analysis, Proceedings of the 26th Army Science Conference.

Yu Xiaofeng, Teodor Sommestad, Casey Fung, Patrick C. K. Hung (2008). Emergency Response Framework for Aviation XML Services on MANET, Proceedings of the IEEE International Conference on Web Services (ICWS).

Erik Johansson, Teodor Sommestad, Mathias Ekstedt (2008). Security Issues for SCADA Systems within Power Distribution, Nordic Distribution and Asset Management Conference (NORDAC).

J Li, Teodor Sommestad, Patrick C. K. Hung, X Li (2008). Web Service-Based Business Process Development, Threat Modeling and …, International Conference on Web Services (ICWS'08).

Pontus Johnson, Mathias Ekstedt, Robert Lagerström, Teodor Sommestad (2007). Introduction, Enterprise Architcture: models and analyses for information systems decision making.

Mathias Ekstedt, Pontus Johnson, Magnus Gammelgård, Teodor Sommestad, Pia Gustafsson (2007). Setting the Business Goals, Enterprise Architcture: models and analyses for information systems decision making.

Pontus Johnson, Erik Johansson, Teodor Sommestad, Johan Ullberg (2007). A tool for enterprise architecture analysis, 142–142, Proceedings of Enterprise Distributed Object Computing Conference.

Reports etc.

Teodor Sommestad, Hannes Holm (2015). Variabler av vikt för förmågan att analysera säkerhetsloggar (FOI-R--4126--SE). Linköping, Sweden.

Patrik Lif, Mirko Thorstensson, Teodor Sommestad (2015). Övning, träning och prövning inom logganalys - Översikt över olika alternativ (FOI-R--4149--SE). Linköping, Sweden.

Hannes Holm, Johan Bengtsson, Jacob Löfvenberg, Mats Persson, Teodor Sommestad (2014). Moving Target Defense En kartläggning av forskningsbidrag (FOI-R--3942--SE). Linköping, Sweden.

Johan Bengtsson., Teodor Sommestad, Hannes Holm (2014). IT-säkerhetskrav i Försvarsmakten - KSF3 och tillkommande säkerhetskrav (FOI-R--4000--SE). Linköping, Sweden.

Jonas Hallberg, Johan Bengtsson, Teodor Sommestad (2013). Effektivare Hot-, Risk- Och Sårbarhetsanalyser - Vad Blev Det För Resultat? (FOI-R--3785--SE). Linköping, Sweden.

Teodor Sommestad, Johan Bengtsson, Jonas Hallberg (2013). Informationsbehov Vid Säkerhetsanalyser. En Systematisk Genomgång Av Etablerade Metoder För IT-System (FOI-R--3723--SE). Linköping, Sweden.

Jonas Hallberg, Mikael Wedlin, David Lindahl, Jonas Almroth, Mats Persson, Teodor Sommestad (2013), NCS3: årsrapport 2012 (FOI-R--3638—SE). Linköping, Sweden.

Teodor Sommestad (2012). A framework and theory for cyber security assessments, PhD Thesis, Industrial information and control systems, Royal Institute of Technology, Stockholm, Sweden (ISBN 978-91-7501-511-8).

Jonas Hallberg, Mikael Wedlin, David Lindahl, Jonas Almroth, Wiwianne Asp, Teodor Sommestad (2012). Årsrapport 2011: Nationellt centrum för säkerhet i styrsystem för samhällsviktig verksamhet (FOI-R--3413--SE). Linköping, Sweden.

Teodor Sommestad, Kristoffer Lundholm (2012). Detektering av IT-attacker - Intrångsdetekteringssystem och systemadministratörens roll (FOI-R--3419--SE). Linköping, Sweden.

Teodor Sommestad, Johan Bengtsson, Jonas Hallberg (2012). Varför följer inte användarna bestämmelser? – En metaanalys avseende informationssäkerhetsbestämmelser (FOI-R--3524—SE). Linköping, Sweden.

Johan Bengtsson, Jonas Hallberg, Teodor Sommestad (2012). Verktygsstöd för hot-, risk- och sårbarhetsanalyser - realiseringsförslag (FOI-R--3552--SE). Linköping, Sweden.

Kristoffer Lundholm, Teodor Sommestad, Mats Persson, Tommy Gustafsson, Amund Hunstad (2011). Detektion av IT-attacker Övningsuppställning och insamlad data (FOI-R--3342—SE). Linköping, Sweden.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2011). Threats and vulnerabilities, final report, Project VIKING.

Hannes Holm, Teodor Sommestad, Mathias Ekstedt (2011). Vulnerability assessment of SCADA systems. Project VIKING.

Gunnar Björkman, Teodor Sommestad, Mathias Ekstedt, Hadeli Hadeli, Zhu Kun, Moustafa Chenine (2010). SCADA system architectures. Project VIKING.