Browsing SINTEF Open by Author "Erdogan, Gencer"
Now showing items 1-20 of 23
-
A Feasibility Study of a Method for Identification and Modelling of Cybersecurity Risks in the Context of Smart Power Grid
Omerovic, Aida; Vefsnmo, Hanne; Erdogan, Gencer; Gjerde, Oddbjørn; Gramme, Eivind; Simonsen, Stig (COMPLEXIS 2019 - Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk;2019, Chapter; Peer reviewed, 2019)Power grids are undergoing a digital transformation are therefore becoming increasingly complex. As a result of this they are also becoming vulnerable in new ways. With this development come also numerous risks. Cybersecurity ... -
A Method for Developing Algorithms for Assessing Cyber-Risk Cost
Erdogan, Gencer; Refsdal, Atle; Seehusen, Fredrik; Gonzalez, Alejandra (Chapter, 2017)We present a method for developing executable algorithms for quantitative cyber-risk assessment. Exploiting techniques from security risk modeling and actuarial approaches, the method pragmatically combines use of available ... -
A Method for Developing Qualitative Security Risk Assessment Algorithms
Erdogan, Gencer; Refsdal, Atle (Journal article; Peer reviewed, 2018)We present a method for developing qualitative security risk assessment algorithms where the input captures the dynamic state of the target of analysis. This facilitates continuous monitoring. The intended users of the ... -
A Systematic Method for Risk-driven Test Case Design Using Annotated Sequence Diagrams
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2014)Risk-driven testing is a testing approach that aims at focusing the testing on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying ... -
A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (Chapter, 2014)Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in ... -
Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs
Erdogan, Gencer; Sperstad, Iver Bakken; Garau, Michele; Gjerde, Oddbjørn; Tøndel, Inger Anne; Tokas, Shukun; Jaatun, Martin Gilje (Communications in Computer and Information Science;1859, Chapter; Peer reviewed, 2023)Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs -
An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams
Volden-Freberg, Vetle; Erdogan, Gencer (Journal article; Peer reviewed, 2019)We report on an empirical study in which we evaluate the comprehensibility of graphical versus textual risk annotations in threat models based on sequence diagrams. The experiment was carried out on two separate groups ... -
An Evaluation of a Test-driven Security Risk Analysis Method Based on an Industrial Case Study
Erdogan, Gencer; Seehusen, Fredrik; Li, Yan (SINTEF Rapport;, Research report, 2013)This report is an evaluation describing the experiences obtained from a case study, carried out in a period of eight months from June 2012 to January 2013, in which we conducted a test-driven security risk analysis. ... -
Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study
Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind (SINTEF Rapport;, Research report, 2014)We present the results of an evaluation in which the objective was to assess how useful testing is for validating and gaining confidence in the correctness of security risk models. The evaluation is based on a case study ... -
Conceptual Framework for the DIAMONDS Project
Erdogan, Gencer; Li, Yan; Runde, Ragnhild Kobro; Seehusen, Fredrik; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)DIAMONDS is a research project addressing the combination of security testing and risk analysis. The main objective is to develop guidelines and a supporting framework to help businesses find a balanced approach within the ... -
Cybersecurity Awareness and Capacities of SMEs
Erdogan, Gencer; Halvorsrud, Ragnhild; Boletsis, Costas; Tverdal, Simeon; Pickering, J. Brian (Peer reviewed; Journal article, 2023)Small and Medium Enterprises (SMEs) are increasingly exposed to cyber risks. Some of the main reasons include budget constraints, the employees’ lack of cybersecurity awareness, cross-sectoral cyber risks, lack of security ... -
Design decisions in the development of a graphical language for risk-driven security testing
Erdogan, Gencer; Stølen, Ketil (Journal article; Peer reviewed, 2017)We have developed a domain-specific modeling language named CORAL that employs risk assessment to help security testers select and design test cases based on the available risk picture. In this paper, we present CORAL and ... -
Developing Cyber-risk Centric Courses and Training Material for Cyber Ranges: A Systematic Approach
Erdogan, Gencer; Romero, Antonio; Zazzeri, Niccolò; Žitnik, Anže; Basile, Mariano; Aprile, Giorgio; Osorio, Mafalda; Pani, Claudia; Kechaoglou, Ioannis (Chapter; Peer reviewed, 2021)The use of cyber ranges to train and develop cybersecurity skills and awareness is attracting more attention, both in public and private organizations. However, cyber ranges typically focus mainly on hands-on exercises and ... -
Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring - the WISER Approach
Černivec, Aleš; Erdogan, Gencer; Gonzalez, Alejandra; Refsdal, Atle; Romero, Antonio Alvarez (Journal article; Peer reviewed, 2018)We present a method for developing machine-readable cyber-risk assessment algorithms based on graphical risk models, along with a framework that can automatically collect the input, execute the algorithms, and present the ... -
Experiences from Developing an Algorithm to Support Risk-Based Decisions for Offshore Installations
Erdogan, Gencer; Refsdal, Atle; Nygård, Bjørn; Randeberg, Bernt Kvam; Rosland, Ole Petter (Chapter, 2017)We present our experiences from developing a decision model to support risk-based decisions on offshore installations. The model was developed using the DEXi tool for multi- criteria decision modeling. We report on the ... -
Needs and Challenges Concerning Cyber-Risk Assessment in the Cyber-Physical Smart Grid
Erdogan, Gencer; Tøndel, Inger Anne; Tokas, Shukun; Garau, Michele; Jaatun, Martin Gilje (Chapter, 2022)Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry ... -
Needs and challenges concerning privacy risk managementwithin Intelligent Transport Systems
Erdogan, Gencer; Omerovic, Aida; Natvig, Marit Kjøsnes; Tardy, Isabelle (SINTEF Rapport;, Research report, 2016)There are many privacy concerns within Intelligent Transport Systems (ITS). On the one hand, end-users are concerned about their privacy-risk exposure when using ITS, while on the other hand, ITS providers need to claim ... -
Risk-Based Decision Support Model for Offshore Installations
Erdogan, Gencer; Refsdal, Atle; Nygård, Bjørn; Rosland, Ole Petter; Randeberg, Bernt Kvam (Journal article; Peer reviewed, 2018)Background: During major maintenance projects on offshore installations, flotels are often used to accommodate the personnel. A gangway connects the flotel to the installation. If the offshore conditions are unfavorable, ... -
Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (Chapter, 2014)To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ... -
Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2014)To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ...