| # | Title | Journal | Year | Citations |
|---|
| 1 | Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey | Information Security Technical Report | 2009 | 242 |
| 2 | Spoofing and Anti-Spoofing Measures | Information Security Technical Report | 2002 | 227 |
| 3 | Human factors in information security: The insider threat – Who can you trust these days? | Information Security Technical Report | 2009 | 196 |
| 4 | Information Security management: A human challenge? | Information Security Technical Report | 2008 | 132 |
| 5 | Continuous keystroke dynamics: A different perspective towards biometric evaluation | Information Security Technical Report | 2012 | 127 |
| 6 | Assessing insider threats to information security using technical, behavioural and organisational measures | Information Security Technical Report | 2010 | 98 |
| 7 | Privacy-enhancing identity management | Information Security Technical Report | 2004 | 97 |
| 8 | Connectivity models of interdependency in mixed-type critical infrastructure networks | Information Security Technical Report | 2007 | 96 |
| 9 | Data mining and machine learning—Towards reducing false positives in intrusion detection | Information Security Technical Report | 2005 | 89 |
| 10 | Information security management standards: Compliance, governance and risk management | Information Security Technical Report | 2008 | 84 |
| 11 | RFID security | Information Security Technical Report | 2004 | 81 |
| 12 | The positive outcomes of information security awareness training in companies – A case study | Information Security Technical Report | 2009 | 71 |
| 13 | Attacking smart card systems: Theory and practice | Information Security Technical Report | 2009 | 70 |
| 14 | AEGIS: A single-chip secure processor | Information Security Technical Report | 2005 | 69 |
| 15 | Using IT governance and COBIT to deliver value with IT and respond to legal, regulatory and compliance challenges | Information Security Technical Report | 2006 | 69 |
| 16 | Dealing with software viruses: A biological paradigm | Information Security Technical Report | 2007 | 68 |
| 17 | Informational privacy, consent and the “control” of personal data | Information Security Technical Report | 2009 | 65 |
| 18 | Intrusion Detection Systems and Intrusion Prevention Systems | Information Security Technical Report | 2005 | 63 |
| 19 | Trust in the Cloud | Information Security Technical Report | 2011 | 62 |
| 20 | XML-based access control languages | Information Security Technical Report | 2004 | 60 |
| 21 | Elliptic curve cryptosystem — The answer to strong, fast public-key cryptography for securing constrained environments | Information Security Technical Report | 1997 | 54 |
| 22 | Defending against cache-based side-channel attacks | Information Security Technical Report | 2003 | 54 |
| 23 | A comparison between traditional public key infrastructures and identity-based cryptography | Information Security Technical Report | 2003 | 52 |
| 24 | Security in the Semantic Web using OWL | Information Security Technical Report | 2005 | 52 |
| 25 | National e-ID card schemes: A European overview | Information Security Technical Report | 2008 | 47 |
| 26 | Information Security Governance | Information Security Technical Report | 2001 | 46 |
| 27 | Adaptive real-time anomaly detection with incremental clustering | Information Security Technical Report | 2007 | 46 |
| 28 | Young people, disclosure of personal information and online privacy: Control, choice and consequences | Information Security Technical Report | 2009 | 44 |
| 29 | Recognizing people by their iris patterns | Information Security Technical Report | 1998 | 43 |
| 30 | Security-by-contract on the .NET platform | Information Security Technical Report | 2008 | 42 |
| 31 | Commentary : Cloud computing – A security problem or solution? | Information Security Technical Report | 2011 | 41 |
| 32 | Internet cloud security: The illusion of inclusion | Information Security Technical Report | 2011 | 38 |
| 33 | Sensing danger: Innate immunology for intrusion detection | Information Security Technical Report | 2007 | 37 |
| 34 | In a ‘trusting’ environment, everyone is responsible for information security | Information Security Technical Report | 2008 | 37 |
| 35 | What is a VPN? | Information Security Technical Report | 2001 | 36 |
| 36 | ISMS, security standards and security regulations | Information Security Technical Report | 2006 | 36 |
| 37 | Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android | Information Security Technical Report | 2013 | 36 |
| 38 | New Advances in Automatic Gait Recognition | Information Security Technical Report | 2002 | 35 |
| 39 | Social networking and the risk to companies and institutions | Information Security Technical Report | 2010 | 35 |
| 40 | Cloud security technologies | Information Security Technical Report | 2009 | 34 |
| 41 | Introduction to XML Encryption and XML Signature | Information Security Technical Report | 2004 | 33 |
| 42 | Information security management: An entangled research challenge | Information Security Technical Report | 2009 | 33 |
| 43 | Multiapplication smart card: Towards an open smart card? | Information Security Technical Report | 2009 | 33 |
| 44 | Security for Workflow Systems | Information Security Technical Report | 2001 | 32 |
| 45 | Penetration testing and social engineering | Information Security Technical Report | 2003 | 32 |
| 46 | The role of Wireless Sensor Networks in the area of Critical Information Infrastructure Protection | Information Security Technical Report | 2007 | 32 |
| 47 | Cryptography from Pairings: A Snapshot of Current Research | Information Security Technical Report | 2002 | 31 |
| 48 | Securing Web applications | Information Security Technical Report | 2008 | 31 |
| 49 | An extensible analysable system model | Information Security Technical Report | 2008 | 31 |
| 50 | An overview of fingerprint verification technologies | Information Security Technical Report | 1998 | 30 |
