Browsing SINTEF Open by Author "Jaatun, Martin Gilje"
Now showing items 1-20 of 67
-
A Framework for Incident Response Management in the Petroleum Industry
Jaatun, Martin Gilje (Journal article; Peer reviewed, 2009)Incident response is the process of responding to and handling security-related incidents involving information and communications technology (ICT) infrastructure and data. Incident response has traditionally been reactive ... -
A Secure MANET Routing Protocol for Crisis Situations
Jaatun, Martin Gilje; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018) -
A Study of Information Security Practice in a Critical Infrastructure Application
Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ... -
Accountability Requirements for the Cloud
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ... -
Accountability Requirements in the Cloud Provider Chain
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ... -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Agile Software Development: The Straight and Narrow Path to Secure Software?
Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ... -
All in a day's work: Password cracking for the rest of us
Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ... -
Automating Security in a Continuous Integration Pipeline
Chalishhafshejani, Sohrab; Pham, Bao Khanh; Jaatun, Martin Gilje (Chapter, 2022)Traditional approaches to software security are based on manual methods, which tend to stall development, leading to inefficiency. To speed up a software development lifecycle, security needs to be integrated and automated ... -
Care and Feeding of Your Security Champion
Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter; Peer reviewed, 2021)In agile software development, adoption of security practices poses challenges, often because security activities are not prioritized, or because the practitioners are not able to see the relevance and importance of the ... -
Challenges and approaches of performing canonical action research in software security: research paper
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Oyetoyan, Tosin Daniel (Chapter, 2018)When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problemsolving actions implemented ... -
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ... -
Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ... -
Collaborative security risk estimation in agile software development
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ... -
Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements?
Duncan, Bob; Whittington, Mark; Jaatun, Martin Gilje; Reyes, Alfredo (Journal article; Peer reviewed, 2017)In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to ... -
Cyber Security Considerations for Self-healing Smart Grid Networks
Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Per Erik, Nordbø (Chapter, 2018)Fault Location, Isolation and System Restoration (FLISR) mechanisms allow for rapid restoration of power to customers that are not directly implicated by distribution network failures. However, depending on where the logic ... -
Cybersikkerhet i digitale transformatorstasjoner. Forprosjekt
Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Istad, Maren Kristine (SINTEF Rapport;, Research report, 2018)Dette notatet beskriver konseptet digital transformatorstasjon, og skisser relevante cyberrelaterte sårbarheter og mottiltak. For grunnleggende sikkerhetsnivå (basisnivå) anbefaler vi at det gjennomføres risikoanalyse med ... -
Cybersikkerhet i digitale transformatorstasjoner. Forprosjekt
Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Istad, Maren Kristine (SINTEF Rapport;2018:00007, Report, 2018)Dette notatet beskriver konseptet digital transformatorstasjon, og skisser relevante cyberrelaterte sårbarheter og mottiltak. For grunnleggende sikkerhetsnivå (basisnivå) anbefaler vi at det gjennomføres risikoanalyse med ... -
Deployment models: Towards eliminating security concerns from cloud computing
Zhao, Gansen; Rong, Chunming; Jaatun, Martin Gilje; Sandnes, Frode Eika (Chapter, 2010)Cloud computing has become a popular choice as an alternative to investing new IT systems. When making decisions on adopting cloud computing related solutions, security has always been a major concern. This article summarizes ...