Blar i SINTEF Open på forfatter "Tøndel, Inger Anne"
-
Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer
Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ... -
Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research
Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ... -
Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research
Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ... -
Learning From Software Security Testing
Tøndel, Inger Anne; Jaatun, Martin Gilje; Jensen, Jostein (Chapter, 2008)Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present ... -
Learning Privacy Preferences
Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Chapter, 2011)This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected ... -
Modenhetskartlegging av programvaresikkerhet i offentlige virksomheter
Jaatun, Martin Gilje; Tøndel, Inger Anne; Cruzes, Daniela Soares (Research report, 2015)Difi ønsker å få en kartlegging av modenhet knyttet til informasjonssikkerhet i utvikling og anskaffelser av IKT-løsninger i offentlig sektor. Denne rapporten beskriver resultatene fra en spørreundersøkelse knyttet til i ... -
Needs and Challenges Concerning Cyber-Risk Assessment in the Cyber-Physical Smart Grid
Erdogan, Gencer; Tøndel, Inger Anne; Tokas, Shukun; Garau, Michele; Jaatun, Martin Gilje (Chapter, 2022)Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry ... -
Personal Health Information on Display: Balancing Needs, Usability and Legislative Requirements
Gjære, Erlend Andreas; Tøndel, Inger Anne; Line, Maria Bartnes; Andresen, Herbjørn; Toussaint, Pieter Jelle (Journal article; Peer reviewed, 2011)Large wall-mounted screens placed at locations where health personnel pass by will assist in self-coordination and improve utilisation of both resources and staff at hospitals. The sensitivity level of the information ... -
Playing Protection Poker for Practical Software Security
Jaatun, Martin Gilje; Tøndel, Inger Anne (Journal article, 2016)Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe ... -
SecureScale: Exploring Synergies between Security and Scalability in Software Development and Operation
Tøndel, Inger Anne; Brataas, Gunnar (Chapter, 2022)Security and scalability are core software qualities, which as non-functional aspects share certain characteristics and challenges in how they are approached during software development and operation. Based on expert ... -
Security Incident Information Exchange for Cloud Service Provisioning Chains
Frøystad, Christian; Tøndel, Inger Anne; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2018)Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about ... -
Security Requirements for MANETs Used in Emergency and Rescue Operations
Tøndel, Inger Anne; JAATUN, Martin Gilje; Nyre, Åsmund Ahlmann (Chapter, 2011)Ad hoc networks for first responders in emergency situations have some unique characteristics that differ from general ad hoc networks, since it is desirable to restrict who can participate in the network without relying ... -
Security requirements for the rest of us: A survey
Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon (Journal article; Peer reviewed, 2008) -
Security Threats in Demo Steinkjer. Report from the Telenor-SINTEF collaboration project on Smart Grids
Tøndel, Inger Anne; Jaatun, Martin Gilje; Bartnes, Maria (Research report, 2012)This report describes security threats associated with the deployment of an Advanced Metering Infrastructure (AMI) in the Demo Steinkjer demonstration project. The description is based on the first phase of the actual smart ... -
Tool-assisted Threat Modeling for Smart Grid Cyber Security
Flå, Lars; Borgaonkar, Ravishankar Bhaskarrao; Tøndel, Inger Anne; Jaatun, Martin GIlje (Chapter; Peer reviewed, 2021)Threat modeling is about identifying architectural flaws and weaknesses in a system in order to mitigate them and avoid unwanted incidents caused by an attacker. Tool assisted threat modeling has seen limited use in complex ... -
Towards a Similarity Metric for Comparing Machine-Readable Privacy Policies
Tøndel, Inger Anne; Nyre, Åsmund Ahlmann (Journal article; Peer reviewed, 2012)Current approaches to privacy policy comparison use strict evaluation criteria (e.g. user preferences) and are unable to state how close a given policy is to fulfil these criteria. More flexible approaches for policy ... -
Understanding challenges to adoption of the Microsoft Elevation of Privilege game
Tøndel, Inger Anne; Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform ... -
Understanding Challenges to Adoption of the Protection Poker Software Security Game
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Oyetoyan, Tosin Daniel (Lecture Notes in Computer Science (LNCS);, Chapter; Peer reviewed, 2019)Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited ... -
Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research
Tøndel, Inger Anne; Meland, Per Håkon; Omerovic, Aida; Gjære, Erlend Andreas; Solhaug, Bjørnar (Research report, 2015)Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of ... -
What Could Possibly Go Wrong? Smart Grid Misuse Case Scenarios
Tøndel, Inger Anne; Borgaonkar, Ravishankar Bhaskarrao; Jaatun, Martin Gilje; Frøystad, Christian (Chapter, 2020)The modernisation of the power grid is ongoing, and the level of digitalisation of the power grid in, say, ten years may be quite different than today. Cyber security needs will change correspondingly. In this paper we ...