• A Framework for Incident Response Management in the Petroleum Industry 

      Jaatun, Martin Gilje (Journal article; Peer reviewed, 2009)
      Incident response is the process of responding to and handling security-related incidents involving information and communications technology (ICT) infrastructure and data. Incident response has traditionally been reactive ...
    • A Secure MANET Routing Protocol for Crisis Situations 

      Jaatun, Martin Gilje; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
    • A Study of Information Security Practice in a Critical Infrastructure Application 

      Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)
      Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • Agile Software Development: The Straight and Narrow Path to Secure Software? 

      Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
      In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ...
    • All in a day's work: Password cracking for the rest of us 

      Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)
      The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ...
    • Challenges and approaches of performing canonical action research in software security: research paper 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Oyetoyan, Tosin Daniel (Chapter, 2018)
      When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problemsolving actions implemented ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements? 

      Duncan, Bob; Whittington, Mark; Jaatun, Martin Gilje; Reyes, Alfredo (Journal article; Peer reviewed, 2017)
      In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to ...
    • Cyber Security Considerations for Self-healing Smart Grid Networks 

      Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Per Erik, Nordbø (Chapter, 2018)
      Fault Location, Isolation and System Restoration (FLISR) mechanisms allow for rapid restoration of power to customers that are not directly implicated by distribution network failures. However, depending on where the logic ...
    • Cybersikkerhet i digitale transformatorstasjoner. Forprosjekt 

      Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Istad, Maren Kristine (SINTEF Rapport;, Research report, 2018)
      Dette notatet beskriver konseptet digital transformatorstasjon, og skisser relevante cyberrelaterte sårbarheter og mottiltak. For grunnleggende sikkerhetsnivå (basisnivå) anbefaler vi at det gjennomføres risikoanalyse med ...
    • Cybersikkerhet i digitale transformatorstasjoner. Forprosjekt 

      Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Istad, Maren Kristine (SINTEF Rapport;2018:00007, Report, 2018)
      Dette notatet beskriver konseptet digital transformatorstasjon, og skisser relevante cyberrelaterte sårbarheter og mottiltak. For grunnleggende sikkerhetsnivå (basisnivå) anbefaler vi at det gjennomføres risikoanalyse med ...
    • Deployment models: Towards eliminating security concerns from cloud computing 

      Zhao, Gansen; Rong, Chunming; Jaatun, Martin Gilje; Sandnes, Frode Eika (Chapter, 2010)
      Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes ...
    • DevOps for Better Software Security in the Cloud 

      Jaatun, Martin Gilje; Cruzes, Daniela Soares; Luna, Jesus (Chapter, 2017)
      The DevOps paradigm means that development and operations for an organisation blend together. For security, this implies that information on detected attacks can be fed back to the development, enabling faster eradication ...
    • Evaluering av NVEs veileder til sikkerhet i AMS : NVE-Veileder nr. 7/2012 

      Sæle, Hanne; Bartnes, Maria; Høverstad, Boye Annfelt; Jaatun, Martin Gilje (SINTEF Energi. Rapport;TR A7619, Research report, 2017)
    • Evaluering av NVEs veileder til sikkerhet i AMS : NVE-Veileder nr. 7/2012 

      Sæle, Hanne; Bartnes, Maria; Høverstad, Boye Annfelt; Jaatun, Martin Gilje (SINTEF Energi. Rapport;, Research report, 2017)
    • Fleksibel nettdrift : resultater fra piloter i FlexNett-prosjektet 

      Istad, Maren Kristine; Sæle, Hanne; Garnås, Synne; Jaatun, Martin Gilje (SINTEF Rapport;, Research report, 2018)
    • Fleksibel nettdrift : resultater fra piloter i FlexNett-prosjektet 

      Istad, Maren Kristine; Sæle, Hanne; Jaatun, Martin Gilje (SINTEF Rapport;, Research report, 2018)
      Denne rapporten er et resultat fra Flex-Nett-prosjektet (2015-2018)og oppsummerer resultatene fra demoer hos BKK Nett knyttet til fleksibel nettdrift. Oppdragsgiver: FlexNett-prosjektet