Browsing SINTEF Open by Author "Jaatun, Martin Gilje"
Now showing items 41-60 of 75
-
Leverandørkjedesikkerhet - Relevante krav for nettselskapers innkjøpsprosesser
Jaatun, Martin Gilje; Sæle, Hanne (SINTEF Rapport;2023:00121, Research report, 2023)Denne rapporten presenterer resultater fra gjennomgang av tidligere NVE‐rapporter rundt temaet leverandørkjedesikkerhet, supplert med et litteratursøk blant nyere akademisk litteratur og diskusjoner med et lite utvalg av ... -
A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams
Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Peer reviewed; Journal article, 2017)Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the ... -
A method for threat modelling of industrial control systems
Flå, Lars; Jaatun, Martin Gilje (Chapter, 2024)In this paper, we propose a new method for threat modelling of industrial control systems (ICS). The method is designed to be flexible and easy to use. Model elements inspired by IEC 62443 and Data Flow Diagrams (DFD) are ... -
Modenhetskartlegging av programvaresikkerhet i offentlige virksomheter
Jaatun, Martin Gilje; Tøndel, Inger Anne; Cruzes, Daniela Soares (Research report, 2015)Difi ønsker å få en kartlegging av modenhet knyttet til informasjonssikkerhet i utvikling og anskaffelser av IKT-løsninger i offentlig sektor. Denne rapporten beskriver resultatene fra en spørreundersøkelse knyttet til i ... -
Modenhetsmodell for innebygd sikkerhet (BSIMM). Måling av programvaresikkerhetsaktiviteter i utviklingsorganisasjoner
Jaatun, Martin Gilje (, Research report, 2016)Dette dokumentet inneholder norske oversettelser av aktivitetene beskrevet i Building Security In Maturity Model (BSIMM), lett omarbeidet fra bloggen http://infosec.sintef.no. Teksten er basert på BSIMM-V, men aktivitets ... -
Needs and Challenges Concerning Cyber-Risk Assessment in the Cyber-Physical Smart Grid
Erdogan, Gencer; Tøndel, Inger Anne; Tokas, Shukun; Garau, Michele; Jaatun, Martin Gilje (Chapter, 2022)Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry ... -
Omarbeiding av veileder til sikkerhet for "Avanserte måle- og styringssystemer" - AMS - i avregningsforskriften
Sæle, Hanne; Istad, Maren Kristine; Jaatun, Martin Gilje (SINTEF Rapport;, Research report, 2022) -
Oppfølging av arbeidsseminar om IKT-sikkerhet i Integrerte Operasjoner
Jaatun, Martin Gilje; Johnsen, Stig Ole; Bartnes, Maria; Longva, Odd Helge (Research report, 2007)Den 30/11-2006 ble det på initiativ fra SINTEF avholdt et arbeidsseminar om IKT-sikkerhet i integrerte operasjoner hos Oljedirektoratet (OD) og Petroleumstilsynet (Ptil) i Stavanger, hvor også Oljeindustriens Landsforening ... -
OWASP Top 10 - Do Startups Care?
Søhoel, Halldis M; Jaatun, Martin Gilje; Boyd, Colin Alexander (Chapter, 2018)In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think “let’s get it to work first, and then we’ll worry about security later.” However, major ... -
Playing Protection Poker for Practical Software Security
Jaatun, Martin Gilje; Tøndel, Inger Anne (Journal article, 2016)Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe ... -
Putting the "Account" into Cloud Accountability
Jaatun, Martin Gilje; Pearson, Siani (Proceedings of the 9th International Conference on Cloud Computing and Services Science;, Chapter; Peer reviewed, 2019)Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. ... -
Reporting of incidents in automated systems during drilling operations
Ottermo, Maria Vatshaug; Wille, Egil; Bjørkevoll, Knut Steinar; Bodsberg, Lars; Evjemo, Tor Erik; Fjørtoft, Kay Endre; Jaatun, Martin Gilje; Myklebust, Thor; Okstad, Eivind (SINTEF rapporter;2023:00191 A, Research report, 2023-02-06)This work is a preliminary study of how incidents, near misses and deviations within automated systems are currently detected, registered and, if appropriate, reported to the Petroleum Safety Authority Norway (PSA), as ... -
Risk in the Age of Software Security
Jaatun, Martin Gilje (Others, 2017) -
Safety Critical Software and Security - How Low Can You Go?
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ... -
Saving Nine Without Stitching in Time: Integrity Check After-the-fact
Gudmestad, Racin; Houmb, Siv Hilde; Jaatun, Martin Gilje (Chapter; Peer reviewed, 2021)Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously ... -
Secure Remote Access to Autonomous Safety Systems: A Good Practice Approach
Jaatun, Martin Gilje; Line, Maria Bartnes; Grøtan, Tor Olav (Journal article; Peer reviewed, 2009)Safety instrumented systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil and natural gas installations. Partly as a consequence of the evolving 'integrated operations' ... -
Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations
Jaatun, Martin Gilje; Grøtan, Tor Olav (Chapter, 2008)Safety Instrumented Systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil & natural gas installations. SIS typically include the Emergency ShutdownSystem (ESD) that ensures ... -
Security and Independence of Process Safety and Control Systems in the Petroleum Industry
Onshus, Tor Engebret; Bodsberg, Lars; Hauge, Stein; Jaatun, Martin Gilje; Lundteigen, Mary Ann; Myklebust, Thor; Ottermo, Maria Vatshaug; Petersen, Stig; Wille, Egil (Peer reviewed; Journal article, 2022)The developments of reduced manning on offshore facilities and increased information transfer from offshore to land continue and may also be a prerequisite for the future survival of the oil and gas industry. A general ... -
Security Checklists: A Compliance Alibi, or a Useful Tool for Water Network Operators?
Jaatun, Martin Gilje; Røstum, Jon; Petersen, Stig; Ugarelli, Rita Maria (Journal article; Peer reviewed, 2014)Checklist Compliance is a term that has been used derisively in the information security community, implying that checklists are something used for paying lip service to security without instigating real changes to technology ... -
Security Incident Information Exchange for Cloud Service Provisioning Chains
Frøystad, Christian; Tøndel, Inger Anne; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2018)Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about ...