Fenz, S., & Ekelhart, A. (2011). Verification, Validation, and Evaluation in Information Security Risk Management. IEEE Security and Privacy, 9(2), 58–65. https://doi.org/10.1109/msp.2010.117 ( reposiTUm)

Ekelhart, A., Fenz, S., Goluch, G., Steinkellner, M., & Weippl, E. (2008). XML Security - A Comparative Literature Review. Journal of Systems and Software, 81(10), 1715–1724. https://doi.org/10.1016/j.jss.2007.12.763 ( reposiTUm)

Fenz, S. (2011). An ontology- and Bayesian-based approach for determining threat probabilities. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS ’11. ACM Symposium on Information, Computer, and Communications Security (ASIACCS 2011), Hongkong, Non-EU. ACM. https://doi.org/10.1145/1966913.1966958 ( reposiTUm)

Fenz, S. (2010). Ontology-based generation of IT-security metrics. In Proceedings of the 2010 ACM Symposium on Applied Computing - SAC ’10. 25th ACM Symposium on Applied Computing (SAC 2010), Sierre, Switzerland, Non-EU. ACM. https://doi.org/10.1145/1774088.1774478 ( reposiTUm)

Fenz, S. (2010). From the Resource to the Business Process Risk Level. In Proceedings of the South African Information Security Multi-Conference (SAISMC’2010) (pp. 100–109). http://hdl.handle.net/20.500.12708/53131 ( reposiTUm)

Neubauer, T., Ekelhart, A., & Fenz, S. (2009). AURUM: A Framework for Information Security Risk Management. In Proceedings of the 42th Hawaii International Conference on System Sciences (HICSS’09) (pp. 1–10). http://hdl.handle.net/20.500.12708/52370 ( reposiTUm)

Fenz, S., & Neubauer, T. (2009). How to determine threat probabilities using ontologies and Bayesian networks. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies - CSIIRW ’09. 5th Annual Workshop on Cyber Security and Information Intelligence Research, Knoxville, TN, Non-EU. ACM New York. https://doi.org/10.1145/1558607.1558686 ( reposiTUm)

Fenz, S., Ekelhart, A., & Neubauer, T. (2009). Business Process-Based Resource Importance Determination. In Business Process Management (pp. 113–127). Springer. https://doi.org/10.1007/978-3-642-03848-8_9 ( reposiTUm)

Ekelhart, A., Fenz, S., & Neubauer, T. (2009). Ontologiebasiertes IT Risikomanagement. In D.A.CH Security 2009 (pp. 14–24). Heise Zeitschriften Verlag GmbH & Co. KG. http://hdl.handle.net/20.500.12708/53162 ( reposiTUm)

Fenz, S., Tjoa, A. M., & Hudec, M. (2009). Ontology-based generation of Bayesian networks. In Proceedings of the Third International Conference on Complex, Intelligent and Software Intensive Systems - International Workshop on Ontology Alignment and Visualization - OnAV’09 (pp. 712–717). http://hdl.handle.net/20.500.12708/52599 ( reposiTUm)

Fenz, S., & Ekelhart, A. (2009). Formalizing information security knowledge. In Proceedings of the 2009 ACM symposium on Information, computer and communications security (pp. 183–194). http://hdl.handle.net/20.500.12708/52594 ( reposiTUm)

Fenz, S., Ekelhart, A., & Neubauer, T. (2009). Ontology-based Decision Support for Information Security Risk Management. In Proceedings of the 4th International Conference on Systems (pp. 80–85). http://hdl.handle.net/20.500.12708/52623 ( reposiTUm)

Fenz, S., Pruckner, T., & Manutscheri, A. (2009). Ontological Mapping of Information Security Best-Practice Guidelines. In Proceedings of the 12th International Conference on Business Information Systems (pp. 49–60). http://hdl.handle.net/20.500.12708/52659 ( reposiTUm)

Ekelhart, A., Fenz, S., & Neubauer, T. (2009). Automated Risk and Utility Management. In Proceedings of the Sixth International Conference on Information Technology: New Generations (pp. 393–398). IEEE Computer Society. http://hdl.handle.net/20.500.12708/52658 ( reposiTUm)

Neubauer, T., Ekelhart, A., & Fenz, S. (2008). Interactive Selection of ISO 27001 Controls under Multiple Objectives. In Proceedings of The Ifip Tc 11 23rd International Information Security Conference (pp. 477–492). Springer-Verlag GmbH. https://doi.org/10.1007/978-0-387-09699-5_31 ( reposiTUm)

Ekelhart, A., Weippl, E., & Fenz, S. (2008). Semantic Potential of existing Security Advisory Standards. In Inproceedings of the FIRST 2008. The Forum of Incident Response and Security Teams (FIRST), Vancouver, Non-EU. http://hdl.handle.net/20.500.12708/52160 ( reposiTUm)

Fenz, S., & Tjoa, A. M. (2008). Ontology- and Bayesian-based Threat Probability Determination. In Proceedings of the Junior Scientist Conference 2008 (pp. 69–70). http://hdl.handle.net/20.500.12708/52597 ( reposiTUm)

Weippl, E., Fenz, S., & Ekelhart, A. (2008). Fortification of IT Security by Automatic Security Advisory Processing. In 22nd International Conference on Advanced Information Networking and Applications (aina 2008). 22nd International Conference on Advanced Information Networking and Applications AINA 2008, Okinawa, Japan, Non-EU. IEEE Computer Society. https://doi.org/10.1109/aina.2008.69 ( reposiTUm)

Goluch, G., Ekelhart, A., Fenz, S., Jakoubi, S., & Mück, T. (2008). Integration of an Ontological Information Security Concept in Risk Aware  Business Process Management. In Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008). 41th Hawaii International Conference on System Sciences (HICSS’08), Hawaii, Non-EU. IEEE Computer Society. https://doi.org/10.1109/hicss.2008.211 ( reposiTUm)

Fenz, S., Ekelhart, A., Klemen, M., & Weippl, E. (2007). Security Ontologies: Improving Quantitative Risk Analysis. In HICSS 2007 (pp. 156–162). http://hdl.handle.net/20.500.12708/51565 ( reposiTUm)

Abramowicz, W., Ekelhart, A., Fenz, S., Kaczmarek, M., Tjoa, A. M., Weippl, E., & Zyskowski, D. (2007). Security Aspects In Semantic Web Services Filtering. In Proceedings of The 9th International Conference on Information Integration and Web-based Applications and Services (iiWAS2007) (pp. 21–31). http://hdl.handle.net/20.500.12708/51916 ( reposiTUm)

Fenz, S., Goluch, G., Ekelhar, A., Riedl, B., & Weippl, E. (2007). Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard. In 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007). 13th Pacific Rim International Symposium on Dependable Computing (PRDC 07), Melbourne, Australia, Non-EU. Springer. https://doi.org/10.1109/prdc.2007.29 ( reposiTUm)

Weippl, E., Fenz, S., & Ekelhart, A. (2007). Security Ontologies: How to Improve Understanding of Complex Relationships. In Ed Media 2007 (pp. 404–407). http://hdl.handle.net/20.500.12708/51804 ( reposiTUm)

Ekelhart, A., Fenz, S., Tjoa, A. M., & Weippl, E. R. (2007). Security Issues for the Use of Semantic Web in E-Commerce. In Business Information Systems (pp. 1–13). Springer. https://doi.org/10.1007/978-3-540-72035-5_1 ( reposiTUm)

Klemen, M., Weippl, E., Ekelhart, A., & Fenz, S. (2006). Security Ontology: Simulating Threats to Corporate Assets. In Proceedings of the 2nd International Conference on Information Systems Security(ICISS 2006) (pp. 249–259). Springer. http://hdl.handle.net/20.500.12708/51423 ( reposiTUm)

Weippl, E., & Fenz, S. (2006). Ontology-based IT-Security planning. In Proceedings of the 2006 IEEE International Symposium Pacific Rim Dependable Computing (PRDC’06) (pp. 389–390). http://hdl.handle.net/20.500.12708/51421 ( reposiTUm)

Tjoa, A. M., Weippl, E., Klemen, M., Ekelhart, A., & Fenz, S. (2006). Ontology-Based Business Knowledge for Simulating Threats to Corporate Assets. In Proceedings of the 6th International Conference on Practical Aspects of Knowledge Management (pp. 37–48). Springer. http://hdl.handle.net/20.500.12708/176626 ( reposiTUm)

Fenz, S. (2011). E-Business and Information Security Risk Management. In E. Kajan (Ed.), Electronic Business Interoperability (pp. 596–614). IGI Global. https://doi.org/10.4018/978-1-60960-485-1.ch024 ( reposiTUm)