Journal papers

Martin Grill, Teodor Sommestad, Henrik Karlzén, Anders Pousette (2025). Training for improved information security culture: a longitudinal randomized controlled trial, Information and Computer Security, (April 2025)

Hannes Holm, Teodor Sommestad (2025). Realistic and balanced automated threat emulation, Computers & Security, 151 (April 2025).

Teodor Sommestad and Henrik Karlzén (2025). The unpredictability of phishing susceptibility: results from a repeated measures experiment, Journal of Cybersecurity, 10 (1).

Patrik Lif, Teodor Sommestad, Pär-Anders Albinsson, Christian Valassi, Daniel Eidenskog (2022). Validation of Cyber Test for Future Soldiers: A Test Battery for the Selection of Cyber Soldiers. Frontiers in Psychology, 13.

Teodor Sommestad, Hannes Holm, Daniel Steinvall (2022). Variables influencing the effectiveness of signature-based network intrusion detection systems. Information Security Journal: A Global Perspective 31(6), 771—728.

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg (2019). The Theory of Planned Behavior and Information Security Policy Compliance. Journal of Computer Information Systems, 59(4), 344–353.

Teodor Sommestad (2018). Work-related groups and information security policy compliance, Information & Computer Security, 26 (5), 533–550

Teodor Sommestad, Hannes Holm (2017). Alert verification through alert correlation — An empirical test of SnIPS, Information Security Journal: A Global Perspective, 26(1), 39–48.

Hannes Holm, Teodor Sommestad (2017). So Long , and Thanks for Only Using Readily Available Scripts, Information & Computer Security, Information & Computer Security, 25 (1), 47–6,

Teodor Sommestad, Henrik Karlzén, Peter Nilsson, Jonas Hallberg (2016). An empirical test of the perceived relationship between risk and the constituents severity and probability, Information & Computer Security, 24 (2), 194–204.

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg. (2015). A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour, International Journal of Information Security and Privacy, 9(1), 26–46.

Teodor Sommestad, Fredrik Sandström. (2015). An Empirical Test of the Accuracy of an Attack Graph Analysis Tool, Information and Computer Security, 23(5), 516–31.

Teodor Sommestad, Ulrik Franke (2015). A test of intrusion alert filtering based on network information, Security and Communication Networks, 8(3), 2291-2301.

Teodor Sommestad, Henrik Karlzén, Jonas Hallberg (2015).The Sufficiency of the Theory of Planned Behavior for Explaining Information Security Policy Compliance, Information Management & Computer Security, 23(2), 200-217.

Teodor Sommestad, Jonas Hallberg, Kristoffer Lundholm, Johan Bengtsson (2014). Variables influencing information security policy compliance: a systematic review of quantitative studies, Information Management & Computer Security 22(1), 42-75.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt, Nicholas Honeth (2014). Quantifying the effectiveness of intrusion detection systems in operation through domain experts, Journal of Information System Security, 10(2), 3–35.

Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Nicholas Honeth (2013). Indicators of expert judgment and their significance: an empirical investigation in the area of cyber security, Expert Systems 31(4), 299-318.

Teodor Sommestad, Amund Hunstad (2013). Intrusion detection and the role of the system administrator, Information Management & Computer Security 21(1), 30 - 40.

Teodor Sommestad, Mathias Ekstedt, Hannes Holm (2013). The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures, IEEE Systems Journal 7(3), 363-373.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2012). Estimates of success rates of remote arbitrary code execution attacks, Information Management & Computer Security, 20(2), 107 - 122.

Hannes Holm, Teodor Sommestad, Ulrik Franke, Mathias Ekstedt (2012). Success rate of remote code execution attacks – expert assessments and observations, Journal of Universal Computer Science, 18(6), 732-749.

Hannes Holm, Teodor Sommestad, Jonas Almroth, Mats Persson (2011). A quantitative evaluation of vulnerability scanning, Information Management & Computer Security, 19(4), 231-247.

WR Flores, Teodor Sommestad, Hannes Holm (2011). Assessing Future Value of Investments in Security-Related IT Governance Control Objectives – Surveying IT Professionals, The Electronic Journal of Information Systems Evaluation, 14(2), 216-227.

Teodor Sommestad, Mathias Ekstedt, Hannes Holm, Muhammad Afzal (2011). Security mistakes in information system deployment projects, Information Management & Computer Security, 19(2), 80-94.

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2010). A probabilistic relational model for security risk analysis, Computers & Security, 29(6), 659-679.

Teodor Sommestad, Joakim Lilliesköld (2010). Development of an effort estimation model – a case study on delivery projects at a leading IT provider within the electric utility industry, International Journal of Services Technology and Management, 13(1), 152-169.

Teodor Sommestad, Mathias Ekstedt, Lars Nordström (2009). Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams, IEEE Transactions on Power Delivery 24(4), 1801-1808.

Book sections, conference papers and workshop papers

Max Landauer, Florian Skopik, Markus Wurzenberger, Teodor Sommestad, Henrik Karlzén (2025). Benign User Activities that Trigger False Positives in Intrusion Detection Systems: An Expert Survey, International Conference on Availability, Reliability and Security, Ghent, Belgium.

Teodor Sommestad, Henrik Karlzén, Hanna Kvist, Hanna Gustafsson (2023). Skade – A Challenge Management System for Cyber Threat Hunting. 9th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems. Haag, Netherlands.

Henrik Karlzén, Teodor Sommestad (2023). Automatic incident response solutions: A review of proposed solutions’ input and output. Proceedings of the 18th International Conference on Availability, Reliability and Security, Benevento, Italy

Stefan Varga, Teodor Sommestad, Joel Brynielsson (2023). Automation of Cybersecurity Work. In: Artificial Intelligence and Cybersecurity. Springer International Publishing, Cham, pp. 67–101.

Teodor Sommestad, Henrik Karlzén. (2019). A meta-analysis of field experiments on phishing susceptibility. eCrime Researchers Summit, eCrime 2019. Pittsburgh, PA, USA.

Margarita Jaitner, Teodor Sommestad. (2019). Epilogue. In M. Ristolainen & J. Nikkarila (Eds.), Game Player: Facing the structural transformation of cyberspace (pp. 169–175). Riihimäki: Finnish Defence Research Agency.

Patrik Lif, Teodor Sommestad, Dennis Granåsen. (2018). Development and evaluation of information elements for simplified cyber-incident reports. CyberSA2018. Glasgow, UK.

Jonas Hallberg, Johan Bengtsson, Niklas Hallberg, Henrik Karlzén, and Teodor Sommestad. (2017). The Significance of Information Security Risk Assessments Exploring the Consensus of Raters’ Perceptions of Probability and Severity. International conference on Security and Management. Las Vegas, USA

Patrik Lif, Magdalena Granåsen, Teodor Sommestad (2017). Development and validation of technique to measure cyber situation awareness, International Conference on Cyber Situational Awareness, Data Analytics and Assessment. London, UK.

Hannes Holm, Teodor Sommestad (2016). SVED: Scanning, Vulnerabilities, Exploits and Detection, MILCOM 2016, Baltimore, MD.

Hannes Holm, Teodor Sommestad, Johan Bengtsson (2015). Requirements Engineering: The Quest for the Dependent Variable, IEEE International Requirements Engineering Conference. Ottawa, Canada.

Teodor Sommestad (2015). Experimentation on operational cyber security in CRATE, NATO STO-MP-IST-133 Specialist Meeting, Copenhagen, Denmark.

Patrik Lif, Teodor Sommestad (2015). Human Factors Related to the Performance of Intrusion Detection Operators, Human Aspects of Information Security, Privacy, and Trust. Lesvos, Greece.

Teodor Sommestad, Henrik Karlzén, Peter Nilsson, Jonas Hallberg (2015). Perceived Information Security Risk as a Function of Probability and Severity, Human Aspects of Information Security, Privacy, and Trust. Lesvos, Greece.

Teodor Sommestad (2015). Social groupings and information security obedience within organizations, International Information Security and Privacy Conference. Hamburg.

Matus Korman, Mathias Ekstedt, Teodor Sommestad, Jonas Hallberg, Johan Bengtsson (2014). Overview of Enterprise Information Needs in Information Security Risk Assessment, IEEE EDOC – “Enterprise Computing Conference”.

Teodor Sommestad, Jonas Hallberg (2013). A review of the theory of planned behaviour in the context of information security policy compliance, International Information Security and Privacy Conference.

Mathias Ekstedt, Teodor Sommestad, Hannes Holm, Lars Nordström (2013), CySeMoL: A tool for cyber security analysis of enterprises, 22nd International Conference and Exhibition on Electricity Distribution (CIRED 2013),

Hannes Holm, Mathias Ekstedt, Teodor Sommestad (2013). Effort Estimates on Web Application Vulnerability Discovery, 2013 46th Hawaii International Conference on System Sciences.

Teodor Sommestad, Jonas Hallberg (2012). Cyber security exercises and competitions as a platform for cyber security experiments, NordSec.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2012). Effort Estimates for Vulnerability Discovery Projects, 5564-5573, 45th Hawaii International Conference on System Sciences.

Teodor Sommestad, Amund Hunstad (2012). Intrusion detection and the role of the system administrator, Proceedings of International Symposium on Human Aspects of Information Security & Assurance.

Markus Buschle, Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Khurram Shahzad (2011). A Tool for automatic Enterprise Architecture modeling, 1-15, CAISE'11 Forum.

Teodor Sommestad, Jonas Hallberg (2011). Cyber security exercises as a platform for cyber security experiments, 33, TAMSEC.

Robert Lagerström, Teodor Sommestad, Markus Buschle, Mathias Ekstedt (2011). Enterprise architecture management’s impact on information technology success, Proceedings of the Hawaii International Conference on System Sciences (HICSS-44).

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2011). Estimates of Success Rates of Denial-of-Service Attacks, 21-28, 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Ulrik Franke (2011). Expert assessment on the probability of successful remote code execution attacks, Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011.

Markus Buschle, Hannes Holm, Teodor Sommestad, Mathias Ekstedt, Khurram Shahzad (2011). A Tool for automatic Enterprise Architecture modeling, 1-15, IS Olympics: Information Systems in a Diverse World.

Markus Buschle, Johan Ullberg, Ulrik Franke, Robert Lagerström, Teodor Sommestad (2011). A Tool for Enterprise Architecture Analysis Using the PRM Formalism, 108-121, Information Systems Evolution.

Teodor Sommestad, Mathias Ekstedt, Lars Nordström (2010). A case study applying the Cyber Security Modeling Language, Proceeding of CIGRE (International Council on Large Electric Systems).

Markus Buschle, Johan Ullberg, Ulrik Franke, Robert Lagerström, Teodor Sommestad (2010). A Tool for Enterprise Architecture Analysis using the PRM formalism, Proc. CAiSE Forum 2010.

Fredrik Löf, Johan Stomberg, Teodor Sommestad, Mathias Ekstedt, Jonas Hallberg, Johan Bengtsson (2010). An Approach to Network Security Assessment based on Probabilistic Relational Models, First Workshop on Secure Control Systems (SCS-1).

Teodor Sommestad, G Björkman, Mathias Ekstedt, L Nordström (2010). Information system architectures in electrical distribution utilities, Proceedings of NORDAC.

Teodor Sommestad, GN Ericsson, Jakob Nordlander (2010). SCADA System Cyber Security–A Comparison of Standards, IEEE PES General Meeting.

Per Närman, Teodor Sommestad, Sofia Sandgren, Mathias Ekstedt (2009). A framework for assessing the cost of IT investments, PICMET 2009 Proceedings.

Sabine Buckl, Ulrik Franke, Oliver Holschke, Florian Matthes, Christian M Schweda, Teodor Sommestad, Johan Ullberg (2009). A Pattern-based Approach to Quantitative Enterprise Architecture Analysis, Proc. 15th Americas Conference on Information Systems ({AMCIS}), San Francisco, {USA}.

Mathias Ekstedt, Ulrik Franke, Pontus Johnson, Robert Lagerström, Teodor Sommestad, Johan Ullberg, Markus Buschle (2009). A Tool for Enterprise Architecture Analysis of Maintainability, 327-328, Proceedings of the 2009 European Conference on Software Maintenance and Reengineering.

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2009). Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models, 1-10, Proceedings of Hawaii International Conference on System Sciences (HICSS).

Ulrik Franke, Johan Ullberg, Teodor Sommestad, Robert Lagerström, Pontus Johnson (2009). Decision support oriented Enterprise Architecture metamodel management using classification trees, 328-335, 2009 13th Enterprise Distributed Object Computing Conference Workshops.

Mathias Ekstedt, Teodor Sommestad (2009). Enterprise Architecture Models for Cyber Security Analysis, IEEE PES Power Systems Conference & Exhibition (PSCE).

Waldo Rocha Flores, Teodor Sommestad, Pontus Johnson, Mårten Simonsson (2009). Indicators predicting similarities in maturity between processes: An empirical Analysis with 35 European organizations, 1st Annual Pre-ICIS Workshop on Accounting Information Systems.

Erik Johansson, Teodor Sommestad, Mathias Ekstedt (2009). Issues of Cyber Security In Scada-Systems-on the Importance of Awareness, The 20th International Conference on Electricity Distribution (CIRED).

Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2008). Combining Defense Graphs and Enterprise Architecture Models for Security Analysis, 349-355, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

Ulrik Franke, Teodor Sommestad, Mathias Ekstedt, Pontus Johnson (2008). Defense Graphs and Enterprise Architecture for Information Assurance Analysis, Proceedings of the 26th Army Science Conference.

Yu Xiaofeng, Teodor Sommestad, Casey Fung, Patrick C. K. Hung (2008). Emergency Response Framework for Aviation XML Services on MANET, Proceedings of the IEEE International Conference on Web Services (ICWS).

Erik Johansson, Teodor Sommestad, Mathias Ekstedt (2008). Security Issues for SCADA Systems within Power Distribution, Nordic Distribution and Asset Management Conference (NORDAC).

J Li, Teodor Sommestad, Patrick C. K. Hung, X Li (2008). Web Service-Based Business Process Development, Threat Modeling and …, International Conference on Web Services (ICWS'08).

Pontus Johnson, Mathias Ekstedt, Robert Lagerström, Teodor Sommestad (2007). Introduction, Enterprise Architcture: models and analyses for information systems decision making.

Mathias Ekstedt, Pontus Johnson, Magnus Gammelgård, Teodor Sommestad, Pia Gustafsson (2007). Setting the Business Goals, Enterprise Architcture: models and analyses for information systems decision making.

Pontus Johnson, Erik Johansson, Teodor Sommestad, Johan Ullberg (2007). A tool for enterprise architecture analysis, 142–142, Proceedings of Enterprise Distributed Object Computing Conference.

Reports etc.

Dennis McCallam, Tracy Braun, Bernt Akesson, David Aspinall, Roman Faganel, Heiko Guenther, Matthew Kellet, Joseph LoPiccolo, Peeter Lorents, Wim Mees, Juha-Pekka Nikkarila, Teodor Sommestad, and Margaret Varga (2021). Final Report and Recommendations of the North Atlantic Treaty Organization (NATO) Research Task Group IST-129 on Predictive Analysis of Adversarial Cyber Behavior.

Teodor Sommestad och Henrik Karlzén (2020). När luras personer av nätfiske? - En genomgång av publicerade fältexperiment. Linköping, Sverige.

Jacob Löfvenberg, Teodor Sommestad, and Caroline Bildsten (2019). Automatisk attackkodsgenerering (FOI-R--4737--SE). Linköping, Sweden.

Teodor Sommestad, Joel Brynielsson and Stefan Varga (2019). Möjligheter för automation av roller inom cybersäkerhetsområdet. Stockholm, Sweden.

Teodor Sommestad (2017). Övning och Experiment för operativ förmåga i cybermiljön: Slutrapport (FOI-R--4498--SE). Linköping, Sweden.

Teodor Sommestad, and Hannes Holm (2017). Publika attackkoder och intrångssignaturer: Kvantitativa tester av träffsäkerhet (FOI-R--4499—SE). Linköping, Sweden.

Patrik Lif, Hannes Holm, Teodor Sommestad, Magdalena Granåsen, Erik Westring (2016). Genomförd försöksverksamhet inom logganalys för cybersäkerhet (FOI-R--4328--SE), Linköping, Sweden.

Teodor Sommestad and Hannes Holm (2016). Test av logganalysverktyget SnIPS (FOI-R—4323—SE). Linköping, Sweden.

Teodor Sommestad, Hannes Holm (2015). Variabler av vikt för förmågan att analysera säkerhetsloggar (FOI-R--4126--SE). Linköping, Sweden.

Patrik Lif, Mirko Thorstensson, Teodor Sommestad (2015). Övning, träning och prövning inom logganalys - Översikt över olika alternativ (FOI-R--4149--SE). Linköping, Sweden.

Hannes Holm, Johan Bengtsson, Jacob Löfvenberg, Mats Persson, Teodor Sommestad (2014). Moving Target Defense En kartläggning av forskningsbidrag (FOI-R--3942--SE). Linköping, Sweden.

Johan Bengtsson., Teodor Sommestad, Hannes Holm (2014). IT-säkerhetskrav i Försvarsmakten - KSF3 och tillkommande säkerhetskrav (FOI-R--4000--SE). Linköping, Sweden.

Jonas Hallberg, Johan Bengtsson, Teodor Sommestad (2013). Effektivare Hot-, Risk- Och Sårbarhetsanalyser - Vad Blev Det För Resultat? (FOI-R--3785--SE). Linköping, Sweden.

Teodor Sommestad, Johan Bengtsson, Jonas Hallberg (2013). Informationsbehov Vid Säkerhetsanalyser. En Systematisk Genomgång Av Etablerade Metoder För IT-System (FOI-R--3723--SE). Linköping, Sweden.

Jonas Hallberg, Mikael Wedlin, David Lindahl, Jonas Almroth, Mats Persson, Teodor Sommestad (2013), NCS3: årsrapport 2012 (FOI-R--3638—SE). Linköping, Sweden.

Teodor Sommestad (2012). A framework and theory for cyber security assessments, PhD Thesis, Industrial information and control systems, Royal Institute of Technology, Stockholm, Sweden (ISBN 978-91-7501-511-8).

Jonas Hallberg, Mikael Wedlin, David Lindahl, Jonas Almroth, Wiwianne Asp, Teodor Sommestad (2012). Årsrapport 2011: Nationellt centrum för säkerhet i styrsystem för samhällsviktig verksamhet (FOI-R--3413--SE). Linköping, Sweden.

Teodor Sommestad, Kristoffer Lundholm (2012). Detektering av IT-attacker - Intrångsdetekteringssystem och systemadministratörens roll (FOI-R--3419--SE). Linköping, Sweden.

Teodor Sommestad, Johan Bengtsson, Jonas Hallberg (2012). Varför följer inte användarna bestämmelser? – En metaanalys avseende informationssäkerhetsbestämmelser (FOI-R--3524—SE). Linköping, Sweden.

Johan Bengtsson, Jonas Hallberg, Teodor Sommestad (2012). Verktygsstöd för hot-, risk- och sårbarhetsanalyser - realiseringsförslag (FOI-R--3552--SE). Linköping, Sweden.

Kristoffer Lundholm, Teodor Sommestad, Mats Persson, Tommy Gustafsson, Amund Hunstad (2011). Detektion av IT-attacker Övningsuppställning och insamlad data (FOI-R--3342—SE). Linköping, Sweden.

Teodor Sommestad, Hannes Holm, Mathias Ekstedt (2011). Threats and vulnerabilities, final report, Project VIKING.

Hannes Holm, Teodor Sommestad, Mathias Ekstedt (2011). Vulnerability assessment of SCADA systems. Project VIKING.

Gunnar Björkman, Teodor Sommestad, Mathias Ekstedt, Hadeli Hadeli, Zhu Kun, Moustafa Chenine (2010). SCADA system architectures. Project VIKING.