Research Topics
Human Factors
Social Engineering
- Hazilov, V. and Pape, S.: Systematic Scenario Creation for Serious Security-Awareness Games.
In Computer Security - ESORICS 2020 International Workshops, DETIPS, DeSECSys, MPS, and SPOSE, Guildford, UK, September 17-18, 2020, Revised Selected Papers, Springer International Publishing, Cham, LNCS 12580, 2020.
- Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
- Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
.
- Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
- Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
Technical Report Deliverable 4.2, Threat-Arrest, 2019.
- Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
- Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
- Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
- Beckers, K.; Schosser, D.; Pape, S. and Schaab, P.: A Structured Comparison of Social Engineering Intelligence Gathering Tools.
In Trust, Privacy and Security in Digital Business - 14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings, pages 232-246, 2017, Revision 1, Table 7 was corrected, see https://link.springer.com/10.1007/978-3-319-64483-7_16.
- Schaab, P.; Beckers, K. and Pape, S.: Social engineering defence mechanisms and counteracting training strategies.
In Information and Computer Security, 25 (2): 206-222, 2017.
- Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
- Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
- Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
- Schaab, P.; Beckers, K. and Pape, S.: A systematic Gap Analysis of Social Engineering Defence Mechanisms considering Social Psychology.
In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016, Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
Serious Games & Gamification 
- Pape, S.; Goeke, L.; Quintanar, A. and Beckers, K.: Conceptualization of a CyberSecurity Awareness Quiz.
In Computer Security - ESORICS 2020 International Workshops MSTEC, pages 61-76, Springer International Publishing, Cham, LNCS 12512, 2020.
- Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
.
- Goeke, L.; Quintanar, A.; Beckers, K. and Pape, S.: PROTECT - An Easy Configurable Serious Game to Train Employees Against Social Engineering Attacks.
In Computer Security - ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 156-171, Springer International Publishing, Cham, LNCS 11981, 2019.
- Beckers, K.; Goeke, L.; Pape, S. and Bravos, G.: THREAT-ARREST THREAT serious games v1.
Technical Report Deliverable 4.2, Threat-Arrest, 2019.
- Aladawy, D.; Beckers, K. and Pape, S.: PERSUADED: Fighting Social Engineering Attacks with a Serious Game.
In Trust, Privacy and Security in Digital Business - 15th International Conference, TrustBus 2018, Regensburg, Germany, September 5-6, 2018, Proceedings, Springer, Lecture Notes in Computer Science 11033, 2018, ISBN 978-3-319-98384-4, Acceptance rate: 15 / 29 = 51.7%.
- Kipker, D-K.; Pape, S.; Wojak, S. and Beckers, K.: Juristische Bewertung eines Social-Engineering-Abwehr Trainings.
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 112-115, Universität der Bundeswehr, Neubiberg, 2018.
- Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.: Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment.
In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.
- Sailer, M.; Hoppenz, C.; Beckers, K. and Pape, S.: Förderung von IT-Sicherheitsbewusstheit durch spielbasiertes Lernen - eine experimentelle Studie.
In Tagung der Sektion ``Empirische Bildungsforschung'' -- Educational Research and Governance (AEPF 2017), 2017.
- Beckers, K. and Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements.
In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
- Beckers, K.; Pape, S. and Fries, V.: HATCH: Hack And Trick Capricious Humans -- A Serious Game on Social Engineering.
In Proceedings of the 2016 British HCI Conference, Bournemouth, United Kingdom, July 11-15, 2016, 2016.
Privacy Enhancing Technologies 
- Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Jondonym.
IEEE Dataport, 2020.
- Harborth, D. and Pape, S.: Dataset on Actual Users of the Privacy-Enhancing Technology Tor.
IEEE Dataport, 2020.
- Harborth, D. and Pape, S.: How Privacy Concerns, Trust and Risk Beliefs and Privacy Literacy Influence Users' Intentions to Use Privacy-Enhancing Technologies - The Case of Tor.
In ACM SIGMIS Database: the DATABASE for Advances in Information Systems, 51 (1): 51-69, 2020.
- Harborth, D.; Pape, S. and Rannenberg, K.: Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym.
In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
- Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
.
- Harborth, D.; Cai, X. and Pape, S.: Why Do People Pay for Privacy?.
In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 253-267, 2019, Acceptance rate: 26 / 142 = 18.3%.
- Harborth, D. and Pape, S.: How Privacy Concerns and Trust and Risk Beliefs Influence Users' Intentions to Use Privacy-Enhancing Technologies -- The Case of Tor.
In 52nd Hawaii International Conference on System Sciences (HICSS) 2019, pages 4851-4860, 2019, Acceptance rate: 48%.
- Pape, S. and Rannenberg, K.: Applying Privacy Patterns to the Internet of Things' (IoT) Architecture.
In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
- Harborth, D.; Braun, M.; Grosz, A.; Pape, S. and Rannenberg, K.: Anreize und Hemmnisse für die Implementierung von Privacy-Enhancing Technologies im Unternehmenskontext.
In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 29-41, 2018.
- Harborth, D. and Pape, S.: Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust.
In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018, Association for Information Systems, 2018.
- Harborth, D. and Pape, S.: JonDonym Users' Information Privacy Concerns.
In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings, pages 170-184, 2018, Acceptance rate: 27 / 89 = 30.3%.
- Pape, S.; Tasche, D.; Bastys, I.; Grosz, A.; Laessig, J. and Rannenberg, K.: Towards an Architecture for Pseudonymous E-Commerce -- Applying Privacy by Design to Online Shopping.
In Sicherheit 2018: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 25.-27. April 2018, Konstanz, pages 17-28, 2018.
- Harborth, D.; Herrmann, D.; Köpsell, S.; Pape, S.; Roth, C.; Federrath, H.; Kesdogan, D. and Rannenberg, K.: Integrating Privacy-Enhancing Technologies into the Internet Infrastructure.
Technical Report, Cornell University, arXiv, 2017.
- Harborth, D. and Pape, S.: Privacy Concerns and Behavior of Pokémon Go Players in Germany.
In Privacy and Identity Management. The Smart Revolution - 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, Revised Selected Papers, pages 314-329, Springer International Publishing, IFIP Advances in Information and Communication Technology 526, 2017.
Modeling & Measuring
Security Management
- Pape, S.; Paci, F.; Juerjens, J. and Massacci, F.: Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach.
In Information, 11 (5), 2020.
- Pape, S.; Schmitz, C.; Kipker, D-K. and Sekula, A.: On the use of Information Security Management Systems by German Energy Providers.
.
- Pape, S.: Requirements Engineering and Tool-Support for Security and Privacy.
.
- Schmitz, C. and Pape, S.: LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security.
In Computers & Security, 90, 2020.
- Schmitz, C.; Sekulla, A. and Pape, S.: Asset-centric analysis and visualisation of attack trees.
In Graphical Models for Security - 7th International Workshop, GraMSec@CSF 2020, Boston, MA, USA, Virtual Conference, June 22, 2020, Revised Selected Papers, pages 45-64, Springer, LNCS 12419, 2020.
- Hatamian, M.; Pape, S. and Rannenberg, K.: ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment.
In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 165-179, 2019, Acceptance rate: 26 / 142 = 18.3%.
- Pape, S. and Stankovic, J.: An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security.
In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers, pages 287-306, Springer International Publishing, Cham, LNCS 11980, 2019.
- Schmid, M. and Pape, S.: Aggregating Corporate Information Security Maturity Levels of Different Assets.
In Privacy and Identity Management. Data for Better Living: AI and Privacy - 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Windisch, Switzerland, August 19-23, 2019, Revised Selected Papers, pages 376-392, Springer Boston, IFIP Advances in Information and Communication Technology , 2019.
- Schmid, M. and Pape, S.: A structured comparison of the corporate information security.
In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings, pages 223-237, 2019, Acceptance rate: 26 / 142 = 18.3%.
- Dax, J.; Hamburg, D.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Sichere Informationsnetze bei kleinen und mittleren Energieversorgern (SIDATE).
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 29, Universität der Bundeswehr, Neubiberg, 2018.
- Dax, J.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Sekulla, A.: Stand der IT-Sicherheit bei deutschen Stromnetzbetreibern.
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 69-74, Universität der Bundeswehr, Neubiberg, 2018.
- Dax, J.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C.; Sekulla, A. and Terhaag, F.: Das SIDATE-Portal im Einsatz.
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 145-150, Universität der Bundeswehr, Neubiberg, 2018.
- Hamburg, D.; Niephaus, T.; Noll, W.; Pape, S.; Rannenberg, K. and Schmitz, C.: SIDATE: Gefährdungen und Sicherheitsmassnahmen.
In State of the Art: IT-Sicherheit für Kritische Infrastrukturen, pages 51, Universität der Bundeswehr, Neubiberg, 2018.
- Schmitz, C.; Sekula, A.; Pape, S.; Pipek, V. and Rannenberg, K.: Easing the Burden of Security Self-Assessments.
In 12th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2018 ,Dundee, Scotland, August 29-31, 2018, Proceedings., 2018.
- Dax, J.; Hamburg, D.; Kreusch, M.; Ley, B.; Pape, S.; Pipek, V.; Rannenberg, K.; Schmitz, C. and Terhaag, F.: Sichere Informationsinfrastrukturen für kleine und mittlere Energieversorger.
In Multikonferenz Wirtschaftsinformatik (MKWI) -- Teilkonferenz IT-Sicherheit für Kritische Infrastrukturen (Poster), 2016.
- Dax, J.; Ley, B.; Pape, S.; Schmitz, C.; Pipek, V. and Rannenberg, K.: Elicitation of Requirements for an inter-organizational Platform to Support Security Management Decisions.
In 10th International Symposium on Human Aspects of Information Security & Assurance, HAISA 2016 ,Frankfurt, Germany, July 19-21, 2016, Proceedings., 2016.
Applied Cryptography