Contact information

Nicolas MAYER
Centre de Recherche Public Henri Tudor
29, avenue John F. Kennedy
L-1855 Luxembourg
Phone: (+352) 42 59 91 -728
Fax: (+352) 42 59 91 -777

Biographical notes

Nicolas Mayer was born in Thionville, France, in 1982. He received in 2004 a M.Sc. degree in Computer Science, specialised in Telecommunications, Networks and Services, from the University Henri Poincaré (UHP) of Nancy (France). He was also graduated as an Engineer (M.Eng. degree) at "Ecole Supérieure des Sciences et des Technologies de l’Ingénieur de Nancy" (ESSTIN), where he studied from 1999 to 2004. From September 2004, he worked as R&D Engineer in the CRP Henri Tudor (Luxembourg) and in June 2005, he started a PhD in a joint project between the CRP Henri Tudor, the Luxembourg International Advanced Studies in Information Technologies (LIASIT) and the University of Namur (Belgium) entitled "Model-based Management of Information System Security Risk". He was graduated as Ph.D. in April 2009. He is currently Product manager at the CRP Henri Tudor for the business line "Security & continuity management". His research interests are in the fields of Risk Management, IS security and Requirements Engineering.

[Full CV]

Publications

Book Chapters

• E. Dubois, N. Mayer, A. Rifaut, and V. Rosener, "Contributions méthodologiques pour l’amélioration de l’analyse des risques", Book Chapter in: T. Ebrahimi, F. Leprévost, B. Warusfel (ed.), "Enjeux de la sécurité multimédia", Traité IC2 - Information, Commande, Communication, Hermès - Lavoisier, 2006. ISBN : 2746212072. [book]

Journal papers

• N. Mayer, E. Dubois, P. Heymans, and R. Matulevičius, "Défis de la sécurité de l'information. Support à la gestion des risques de sécurité par les modèles", in: C. Rolland, O. Pastor, J.-L. Cavarero (ed.), "Nouveaux challenges dans les systèmes d'information", Ingénierie des Systèmes d'Information (Networking and Information Systems), Volume 13/1, March 2008. [url]

Conference and workshop proceedings

• T. Valdevit, N. Mayer and B. Barafort, "Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings", 16th European Systems & Software Process Improvement and Innovation Conference (EUROSPI'09), Alcala, Spain, September 2009. [pdf]
  
  
• B. Alcalde, E. Dubois, S. Mauw, N. Mayer and S. Radomirović, "Towards a Decision Model Based on Trust and Security Risk Management", 7th Australasian conference on Information security (AISC'09), Wellington, New Zealand, January 2009. [pdf]
  
  
• N. Mayer, E. Dubois, R. Matulevičius and P. Heymans, "Towards a Measurement Framework for Security Risk Management", Modeling Security Workshop (MODSEC'08), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS'08), Toulouse, France, September 2008. [pdf] [url]
  
  
• R. Matulevičius, N. Mayer, H. Mouratidis, E. Dubois, P. Heymans, and N. Genon, "Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development", 20th International Conference on Advanced Information Systems Engineering (CAiSE'08), Montpellier, France, June 2008. [url]
  
  
• R. Matulevičius, N. Mayer and P. Heymans, "Alignment of Misuse Cases with Security Risk Management", Symposium on Requirements Engineering for Information Security (SREIS'08), in conjunction with the 3rd International Conference on Availability, Security and Reliability (ARES'08), Barcelona, Spain, March 2008. [pdf]
  
  
• N. Mayer, P. Heymans, and R. Matulevičius, "Design of a Modelling Language for Information System Security Risk Management", 1st International Conference on Research Challenges in Information Science (RCIS'07), Ouarzazate, Morocco, April 2007. [pdf]
  
  
• N. Mayer, E. Dubois, and A. Rifaut, "Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods", 3rd International Conference Interoperability for Enterprise Software and Applications (I-ESA'07), Funchal (Madeira Island), Portugal, March 2007. [url]
  
  
• N. Mayer, "Managing Security IT Risk: a Goal-Based Requirements Engineering Approach", RE'05 Doctoral Consortium, in conjunction with the 13th IEEE International Requirements Engineering Conference, Paris, France, August 2005. [pdf]
  
  
• N. Mayer, A. Rifaut, and E. Dubois, "Towards a Risk-Based Security Requirements Engineering Framework", 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'05), in conjunction with the 17th Conference on Advanced Information Systems Engineering (CAiSE'05), Porto, Portugal, June 2005. [pdf]

Periodical publications

• N. Mayer, "Les PME et la certification ISO/IEC 27001", Entreprises magazine, November-December 2009. [url] [pdf]
  
  
• N. Mayer, S. Pineau, "Codasystem first to obtain ISO/IEC 27001", Business Review, December 2008. [url] [pdf]
  
  
• S. Pineau, N. Mayer, "Une première entreprise privée certifiée ISO/IEC 27001 au Luxembourg", AGEFI 09/217, October 2008. [url] [pdf]
  
  
• N. Mayer, "Points clés d'une démarche d'implémentation d'un Système de Management de la Sécurité de l'Information selon la norme ISO/IEC 27001", Soluxions, February 2008. [url] [pdf] [jpg]
  
  
• N. Mayer, "La modélisation en support à la certification ISO/IEC 27001 : Un pas de plus vers la confiance", AGEFI 01/209, January 2008. [url] [pdf]
  
  
• G. Billois, N. Mayer, and J-P. Humbert, "ISO 2700x : une famille de normes pour la gouvernance sécurité", MISC 30, March-April 2007. [url] [pdf] [pdf]
  
  
• N. Mayer, and J-P. Humbert, "Sécurité et normalisation : l'émergence de la certification ISO/IEC 27001", AGEFI 01/198, January 2007. [url] [jpg]
  
  
• N. Mayer, and J-P. Humbert, "La méthode EBIOS : présentation et perspective d'utilisation pour la certification ISO 27001", MISC 27, September-October 2006. [url] [pdf] [pdf]
  
  
• F. Herrmann, J.P. Humbert, D. Khadraoui, Y. Lanuel, N. Mayer, E. Wies, "Gestion de la sécurité : les défis", MAG.SECURS 12, June-July-August 2006. [url]
  
  
• N. Mayer, and J-P. Humbert, "La gestion des risques de sécurité des systèmes d'informations", MISC 24, March-April 2006. [url] [pdf] [pdf]

PhD thesis

• N. Mayer, "Model-based Management of Information System Security Risk", University of Namur, April 2009. [pdf]
  
  

Miscellaneous

• Leader in: Club EBIOS, La gestion des risques - Analyse des pratiques dans différents secteurs, November 2008. [url]
  
  
• Contribution in: EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) - Best practices, Mise en place d'un système de gestion de la sécurité des systèmes d'information à l'aide de la méthode EBIOS, November 2005. [url]