Nicolas Mayer (Ph.D.)

Senior R&T Associate - Information security

[Home] [CV] [PhD thesis] [Publications]

Publications

Book Chapters

E. Dubois, N. Mayer, and A. Rifaut, "Improving Risk-based Security Analysis with i*", Book chapter in: P. Giorgini, N. Maiden, J. Mylopoulos, E. Yu (eds.), "Social Modeling for Requirements Engineering", MIT Press, 2011. ISBN: 978-0-262-24055-0. [book] [pdf]
E. Dubois, P. Heymans, N. Mayer, and R. Matulevicius, "A Systematic Approach to Define the Domain of Information System Security Risk Management", Book Chapter in: S. Nurcan et al. (eds.), "Intentional Perspectives on Information Systems Engineering", Springer-Verlag, 2010. ISBN: 978-3-642-12543-0. [book] [pdf]
E. Dubois, N. Mayer, A. Rifaut, and V. Rosener, "Contributions méthodologiques pour l'amélioration de l'analyse des risques", Book Chapter in: T. Ebrahimi, F. Leprévost, B. Warusfel (eds.), "Enjeux de la sécurité multimédia", Traité IC2 - Information, Commande, Communication, Hermès - Lavoisier, 2006. ISBN: 978-2-7462-1207-7. [book]

Journal papers

N. Mayer and J. Aubert, "A risk management framework for security and integrity of networks and services", Journal of Risk Research, DOI: 10.1080/13669877.2020.1779786, June 2020. [pdf] [web]
N. Mayer, J. Aubert, E. Grandry, C. Feltus, E. Goettelmann and R. Wieringa, "An integrated conceptual model for information system security risk management supported by enterprise architecture management", Software & Systems Modeling, 18(3), 2285-2312, https://link.springer.com/article/10.1007/s10270-018-0661-x, February 2018. [pdf]
N. Mayer, D. De Smet, "Systematic Literature Review and ISO Standards analysis to Integrate IT Governance and Security Risk Management", International Journal for Infonomics (IJI), Volume 10, Issue 1, ISSN: 1742-4712, pp.1255-1263, March 2017. [pdf] [pdf]
R. Matulevicius, H. Mouratidis, N. Mayer, E. Dubois, and P. Heymans, "Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management", Journal of Universal Computer Science (J.UCS), Vol. 18, N°6, pp.816-844, March 2012. [pdf]
N. Mayer, E. Dubois, P. Heymans, and R. Matulevicius, "Défis de la sécurité de l'information. Support à la gestion des risques de sécurité par les modèles", in: C. Rolland, O. Pastor, J.-L. Cavarero (eds.), "Nouveaux challenges dans les systèmes d'information", Ingénierie des Systèmes d'Information (Networking and Information Systems), Volume 13/1, March 2008. [pdf]

Conference and workshop proceedings

N. Mayer and J.-S. Sottet, "Systemic Security Risks in the Telecommunications Sector: An Approach for Security and Integrity of Networks and Services", Proceedings of the 5th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2020), Prague, Czech Republic, May 2020. [pdf]
E. Zehnder, N. Mayer and G. Gronier, "Evaluation of the Cognitive Effectiveness of the CORAS Modelling Language", ER Forum 2018, in conjunction with the 37th International Conference on Conceptual Modeling (ER 2018), Xi'an, China, October 2018. [pdf]
J-M. Remiche, J. Aubert, N. Mayer and D. Petrocelli, "Evaluation of Cloud Computing Offers through Security Risks - An Industrial Case Study", 8th International Conference on Cloud Computing and Services Science (CLOSER'18), Funchal, Madeira, Portugal, March 2018. [pdf]
A. Ellervee, R. Matulevicius and N. Mayer, "A Comprehensive Reference Model for Blockchain-based Distributed Ledger Technology", ER Forum 2017, in conjunction with the 36th International Conference on Conceptual Modeling (ER 2017), Valencia, Spain, November 2017. [pdf]
N. Mayer and C. Feltus, "Evaluation of the Risk and Security Overlay of ArchiMate to model Information System Security Risks", 9th International Workshop on Vocabularies, Ontologies and Rules for the Enterprise, in conjunction with the 21th IEEE International EDOC Conference – The Enterprise Computing Conference, Quebéc-City, Canada, October 2017. [pdf]
M. Vunk, N. Mayer and R. Matulevicius, "A Framework for Assessing Organisational IT Governance, Risk and Compliance", 17th International SPICE Conference (SPICE 2017), Palma de Mallorca, Spain, October 2017. [pdf]
D. Maciejewski and N. Mayer, "An Approach for Transforming IT-Network Diagrams into Enterprise Architecture Models", 7th International Symposium on Business Modeling and Software Design, (BMSD'17), Barcelona, Spain, July 2017. [pdf]
N. Mayer, J. Aubert, E. Grandry and C. Feltus, "An Integrated Conceptual Model for Information System Security Risk Management and Enterprise Architecture Management based on TOGAF", 9th IFIP WG 8.1 Working Conference on The Practice of Enterprise Modeling (PoEM'16), Skövde, Sweden, November 2016. [pdf]
D. De Smet and N. Mayer, "Integration of IT Governance and Security Risk Management: a Systematic Literature Review", 11th International Conference on Information Society (i-Society-2016), Dublin, Ireland, October 2016. [pdf]
Y. Naudet, N. Mayer and C. Feltus, "Towards a Systemic Approach for Information Security Risk Management", 11th International Conference on Availability, Reliability and Security (ARES'16), Salzburg, Austria, August 2016. [pdf]
Y. Le Bray, N. Mayer, and J. Aubert, "Defining Measurements for Analyzing Information Security Risk Reports in the Telecommunications Sector", 31th Annual ACM Symposium on Applied Computing (SAC'16), Pisa, Italy, April 2016. [pdf]
N. Mayer, B. Barafort, M. Picard and S. Cortina, "An ISO Compliant and Integrated Model for IT GRC (Governance, Risk Management and Compliance)", 22nd European & Asian System, Software & Service Process Improvement & Innovation (EuroAsiaSPI'15), Ankara, Turkey, September 2015. [pdf]
N. Mayer, E. Grandry, C. Feltus and E. Goettelmann, "Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures", 5th International Workshop on Information Systems Security Engineering (WISSE'15), in conjunction with the 27th International Conference on Advanced Information Systems Engineering (CAiSE'15), Stockholm, Sweden, June 2015. [pdf]
S. Cortina, N. Mayer, A. Renault and B. Barafort, "Towards a Process Assessment Model for Management System Standards", 14th International SPICE Conference on Process Improvement and Capability dEtermination in Software, Systems Engineering and Service Management (SPICE'14), Vilnius, Lithuania, November 2014. [pdf]
N. Mayer and J. Aubert, "Sector-Specific Tool for Information Security Risk Management in the Context of Telecommunications Regulation", 7th International Conference on Security of Information and Networks (SINCONF'14), Glasgow, United Kingdom, September 2014. [pdf]
E. Goettelmann, N. Mayer and C. Godart, "Integrating Security Risk Management into Business Process Management for the Cloud", 16th IEEE Conference on Business Informatics (CBI'14), Geneva, Switzerland, July 2014. [pdf]
E. Goettelmann, N. Mayer, and C. Godart, "A General Approach for a Trusted Deployment of a Business Process in Clouds", International Conference on Management of Emergent Digital EcoSytems (MEDES'13), Luxembourg, Luxembourg, October 2013. [pdf]
S. Sousa, D. Marosin, K. Gaaloul, and N. Mayer, "Assessing Risks and Opportunities in Enterprise Architecture using an extended ADT Approach", 17th IEEE International EDOC Conference (EDOC 2013) "The Enterprise Computing Conference", Vancouver, BC, Canada, September 2013. [pdf]
N. Mayer, J. Aubert, H. Cholez, and E. Grandry, "Sector-Based Improvement of the Information Security Risk Management Process in the Context of Telecommunications Regulation", 20th European System, Software & Service Process Improvement & Innovation Conference (EUROSPI'13), Dundalk, Ireland, June 2013. [pdf]
O. Mangin, N. Mayer, B. Barafort, P. Heymans, and E. Dubois, "An improvement of Process Reference Model design and validation using Business Process Management", 13th International SPICE Conference (SPICE'13), Bremen, Germany, June 2013. [pdf]
H. Cholez, N. Mayer, and T. Latour, "Information Security Risk Management in Computer-Assisted Assessment Systems: First step in Addressing Contextual Diversity", 2010 International Computer Assisted Assessment Conference (CAA'10), Southampton, England, July 2010. [pdf]
N. Mayer, "A Cluster Approach to Security Improvement according to ISO/IEC 27001", 17th European Systems & Software Process Improvement and Innovation Conference (EUROSPI'10), Grenoble, France, September 2010. [pdf]
T. Valdevit and N. Mayer, "A Gap Analysis Tool For SMEs Targeting ISO/IEC 27001 Compliance", 12th International Conference on Enterprise Information Systems (ICEIS'10), Funchal (Madeira Island), Portugal, June 2010. [pdf]
T. Valdevit, N. Mayer, and B. Barafort, "Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings", 16th European Systems & Software Process Improvement and Innovation Conference (EUROSPI'09), Alcala, Spain, September 2009. [pdf]
B. Alcalde, E. Dubois, S. Mauw, N. Mayer, and S. Radomirovic, "Towards a Decision Model Based on Trust and Security Risk Management", 7th Australasian conference on Information security (AISC'09), Wellington, New Zealand, January 2009. [pdf]
N. Mayer, E. Dubois, R. Matulevicius, and P. Heymans, "Towards a Measurement Framework for Security Risk Management", Modeling Security Workshop (MODSEC'08), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS'08), Toulouse, France, September 2008. [pdf] [url]
R. Matulevicius, N. Mayer, H. Mouratidis, E. Dubois, P. Heymans, and N. Genon, "Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development", 20th International Conference on Advanced Information Systems Engineering (CAiSE'08), Montpellier, France, June 2008. [pdf]
R. Matulevicius, N. Mayer, and P. Heymans, "Alignment of Misuse Cases with Security Risk Management", Symposium on Requirements Engineering for Information Security (SREIS'08), in conjunction with the 3rd International Conference on Availability, Security and Reliability (ARES'08), Barcelona, Spain, March 2008. [pdf]
N. Mayer, P. Heymans, and R. Matulevicius, "Design of a Modelling Language for Information System Security Risk Management", 1st International Conference on Research Challenges in Information Science (RCIS'07), Ouarzazate, Morocco, April 2007. [pdf]
N. Mayer, E. Dubois, and A. Rifaut, "Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods", 3rd International Conference Interoperability for Enterprise Software and Applications (I-ESA'07), Funchal (Madeira Island), Portugal, March 2007. [pdf]
N. Mayer, "Managing Security IT Risk: a Goal-Based Requirements Engineering Approach", RE'05 Doctoral Consortium, in conjunction with the 13th IEEE International Requirements Engineering Conference, Paris, France, August 2005. [pdf]
N. Mayer, A. Rifaut, and E. Dubois, "Towards a Risk-Based Security Requirements Engineering Framework", 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'05), in conjunction with the 17th Conference on Advanced Information Systems Engineering (CAiSE'05), Porto, Portugal, June 2005. [pdf]

Periodical publications

N. Mayer, "Une approche collaborative pour se conformer à la réglementation", Paperjam, Janvier 2019. [pdf]
N. Mayer, J. Aubert, H. Cholez, E. Grandry, and E. Dubois, "The TISRIM-Telco Toolset - An IT Regulatory Framework to Support Security Compliance in the Telecommunications Sector", ERCIM News 2016(107), October 2016. [pdf]
N. Mayer, "Etat des lieux de la normalisation internationale dans le domaine du Cloud", IT Nation, September 2011. [pdf]
N. Mayer, "Normalisation des Technologies de l'Information et de la Communication (TIC) - Le Luxembourg accentue sa participation à l'international", Merkur, March 2011. [pdf]
N. Mayer, "La normalisation des TIC à Luxembourg ", IT Nation, March 2011. [pdf]
S. Pineau and N. Mayer, "Une grappe d'entreprises pour relever le défi de la sécurité de l'information", AGEFI 01/231, January 2010. [pdf]
N. Mayer, "Les PME et la certification ISO/IEC 27001", Entreprises magazine, November-December 2009. [pdf]
N. Mayer and S. Pineau, "Codasystem first to obtain ISO/IEC 27001", Business Review, December 2008. [pdf]
S. Pineau and N. Mayer, "Une première entreprise privée certifiée ISO/IEC 27001 au Luxembourg", AGEFI 09/217, October 2008. [pdf]
N. Mayer, "Points clés d'une démarche d'implémentation d'un Système de Management de la Sécurité de l'Information selon la norme ISO/IEC 27001", Soluxions, February 2008. [pdf] [jpg]
N. Mayer, "La modélisation en support à la certification ISO/IEC 27001 : Un pas de plus vers la confiance", AGEFI 01/209, January 2008. [pdf]
G. Billois, N. Mayer, and J-P. Humbert, "ISO 2700x : une famille de normes pour la gouvernance sécurité", MISC 30, March-April 2007. [pdf]
N. Mayer and J-P. Humbert, "Sécurité et normalisation : l'émergence de la certification ISO/IEC 27001", AGEFI 01/198, January 2007. [jpg]
N. Mayer and J-P. Humbert, "La méthode EBIOS : présentation et perspective d'utilisation pour la certification ISO 27001", MISC 27, September-October 2006. [pdf] [pdf]
F. Herrmann, J.P. Humbert, D. Khadraoui, Y. Lanuel, N. Mayer, and E. Wies, "Gestion de la sécurité : les défis", MAG.SECURS 12, June-July-August 2006.
N. Mayer and J-P. Humbert, "La gestion des risques de sécurité des systèmes d'informations", MISC 24, March-April 2006. [pdf]

PhD thesis

N. Mayer, "Model-based Management of Information System Security Risk", Presses universitaires de Namur, April 2009. ISBN: 978-2870376409. [url]

Miscellaneous

Leader in: Club EBIOS, La gestion des risques - Analyse des pratiques dans différents secteurs, November 2008. [pdf]
Contribution in: EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) - Best practices, Mise en place d'un système de gestion de la sécurité des systèmes d'information à l'aide de la méthode EBIOS, November 2005.