Nicolas Mayer (Ph.D.)

Chargé de Mission - IT Standardization

[Home] [CV] [PhD thesis] [Publications]

Publications

Book Chapters

E. Dubois, P. Heymans, N. Mayer and R. Matulevicius, "A Systematic Approach to Define the Domain of Information System Security Risk Management", Book Chapter in: S. Nurcan et al. (eds.), "Intentional Perspectives on Information Systems Engineering", Springer-Verlag, 2010. ISBN: 978-3-642-12543-0. [book] [pdf]
E. Dubois, N. Mayer and A. Rifaut, "Improving Risk-based Security Analysis with i*", Book chapter in: P. Giorgini, N. Maiden, J. Mylopoulos, E. Yu (eds.), "Social Modeling for Requirements Engineering", MIT Press, 2011. ISBN: 978-0-262-24055-0. [book] [pdf]
E. Dubois, N. Mayer, A. Rifaut, and V. Rosener, "Contributions méthodologiques pour l’amélioration de l’analyse des risques", Book Chapter in: T. Ebrahimi, F. Leprévost, B. Warusfel (eds.), "Enjeux de la sécurité multimédia", Traité IC2 - Information, Commande, Communication, Hermès - Lavoisier, 2006. ISBN: 978-2-7462-1207-7. [book]

Journal papers

N. Mayer, E. Dubois, P. Heymans, and R. Matulevicius, "Défis de la sécurité de l'information. Support à la gestion des risques de sécurité par les modèles", in: C. Rolland, O. Pastor, J.-L. Cavarero (eds.), "Nouveaux challenges dans les systèmes d'information", Ingénierie des Systèmes d'Information (Networking and Information Systems), Volume 13/1, March 2008. [pdf]

Conference and workshop proceedings

H. Cholez, N. Mayer and T. Latour, "Information Security Risk Management in Computer-Assisted Assessment Systems: First step in Addressing Contextual Diversity", 2010 International Computer Assisted Assessment Conference (CAA'10), Southampton, England, July 2010. [pdf]
N. Mayer, "A Cluster Approach to Security Improvement according to ISO/IEC 27001", 17th European Systems & Software Process Improvement and Innovation Conference (EUROSPI'10), Grenoble, France, September 2010. [pdf]
T. Valdevit and N. Mayer, "A Gap Analysis Tool For SMEs Targeting ISO/IEC 27001 Compliance", 12th International Conference on Enterprise Information Systems (ICEIS'10), Funchal (Madeira Island), Portugal, June 2010. [pdf]
T. Valdevit, N. Mayer and B. Barafort, "Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings", 16th European Systems & Software Process Improvement and Innovation Conference (EUROSPI'09), Alcala, Spain, September 2009. [pdf]
B. Alcalde, E. Dubois, S. Mauw, N. Mayer and S. Radomirovic, "Towards a Decision Model Based on Trust and Security Risk Management", 7th Australasian conference on Information security (AISC'09), Wellington, New Zealand, January 2009. [pdf]
N. Mayer, E. Dubois, R. Matulevicius and P. Heymans, "Towards a Measurement Framework for Security Risk Management", Modeling Security Workshop (MODSEC'08), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS'08), Toulouse, France, September 2008. [pdf] [url]
R. Matulevicius, N. Mayer, H. Mouratidis, E. Dubois, P. Heymans, and N. Genon, "Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development", 20th International Conference on Advanced Information Systems Engineering (CAiSE'08), Montpellier, France, June 2008. [pdf]
R. Matulevicius, N. Mayer and P. Heymans, "Alignment of Misuse Cases with Security Risk Management", Symposium on Requirements Engineering for Information Security (SREIS'08), in conjunction with the 3rd International Conference on Availability, Security and Reliability (ARES'08), Barcelona, Spain, March 2008. [pdf]
N. Mayer, P. Heymans, and R. Matulevicius, "Design of a Modelling Language for Information System Security Risk Management", 1st International Conference on Research Challenges in Information Science (RCIS'07), Ouarzazate, Morocco, April 2007. [pdf]
N. Mayer, E. Dubois, and A. Rifaut, "Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods", 3rd International Conference Interoperability for Enterprise Software and Applications (I-ESA'07), Funchal (Madeira Island), Portugal, March 2007. [pdf]
N. Mayer, "Managing Security IT Risk: a Goal-Based Requirements Engineering Approach", RE'05 Doctoral Consortium, in conjunction with the 13th IEEE International Requirements Engineering Conference, Paris, France, August 2005. [pdf]
N. Mayer, A. Rifaut, and E. Dubois, "Towards a Risk-Based Security Requirements Engineering Framework", 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'05), in conjunction with the 17th Conference on Advanced Information Systems Engineering (CAiSE'05), Porto, Portugal, June 2005. [pdf]

Periodical publications

N. Mayer, "Etat des lieux de la normalisation internationale dans le domaine du Cloud", IT Nation, September 2011. [pdf]
N. Mayer, "Normalisation des Technologies de l'Information et de la Communication (TIC) - Le Luxembourg accentue sa participation à l'international", Merkur, March 2011. [pdf]
N. Mayer, "La normalisation des TIC à Luxembourg ", IT Nation, March 2011. [url] [pdf]
S. Pineau, N. Mayer, "Une grappe d'entreprises pour relever le défi de la sécurité de l'information", AGEFI 01/231, January 2010. [url] [pdf]
N. Mayer, "Les PME et la certification ISO/IEC 27001", Entreprises magazine, November-December 2009. [url] [pdf]
N. Mayer, S. Pineau, "Codasystem first to obtain ISO/IEC 27001", Business Review, December 2008. [url] [pdf]
S. Pineau, N. Mayer, "Une première entreprise privée certifiée ISO/IEC 27001 au Luxembourg", AGEFI 09/217, October 2008. [url] [pdf]
N. Mayer, "Points clés d'une démarche d'implémentation d'un Système de Management de la Sécurité de l'Information selon la norme ISO/IEC 27001", Soluxions, February 2008. [url] [pdf] [jpg]
N. Mayer, "La modélisation en support à la certification ISO/IEC 27001 : Un pas de plus vers la confiance", AGEFI 01/209, January 2008. [url] [pdf]
G. Billois, N. Mayer, and J-P. Humbert, "ISO 2700x : une famille de normes pour la gouvernance sécurité", MISC 30, March-April 2007. [url] [pdf] [pdf]
N. Mayer, and J-P. Humbert, "Sécurité et normalisation : l'émergence de la certification ISO/IEC 27001", AGEFI 01/198, January 2007. [url] [jpg]
N. Mayer, and J-P. Humbert, "La méthode EBIOS : présentation et perspective d'utilisation pour la certification ISO 27001", MISC 27, September-October 2006. [url] [pdf] [pdf]
F. Herrmann, J.P. Humbert, D. Khadraoui, Y. Lanuel, N. Mayer, E. Wies, "Gestion de la sécurité : les défis", MAG.SECURS 12, June-July-August 2006. [url]
N. Mayer, and J-P. Humbert, "La gestion des risques de sécurité des systèmes d'informations", MISC 24, March-April 2006. [url] [pdf] [pdf]

PhD thesis

N. Mayer, "Model-based Management of Information System Security Risk", University of Namur, April 2009. [pdf]

Miscellaneous

Leader in: Club EBIOS, La gestion des risques - Analyse des pratiques dans différents secteurs, November 2008. [pdf]
Contribution in: EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) - Best practices, Mise en place d'un système de gestion de la sécurité des systèmes d'information à l'aide de la méthode EBIOS, November 2005. [url]