Blar i SINTEF Open på forfatter "Meland, Per Håkon"
-
A Lightweight Approach to Secure Software Engineering
JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ... -
An architectural foundation for security model sharing and reuse
Meland, Per Håkon (Chapter, 2009) -
An experimental evaluation of bow-tie analysis for cybersecurity requirements
Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of ... -
Assessing cyber threats for storyless systems
Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ... -
Assessing cyber threats for storyless systems
Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ... -
Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ... -
Facing uncertainty in cyber insurance policies
Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ... -
On the Certificate Revocation Problem in the Maritime Sector
Bour, Guillaume; Bernsmed, Karin; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao (Peer reviewed; Journal article, 2021)Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across ... -
Ontology-based Use Cases for Design-time and Runtime Composition of Mobile Services
Rój, Michal Konrad; Meland, Per Håkon; Floch, Jacqueline; Domaszewicz, Jaroslaw (Chapter, 2009)This paper presents application of ontology-based modelling and reasoning related to the different phases of the lifecycle of mobile services. Ontology-based descriptions complement traditional design-time and runtime ... -
Protecting Future Maritime Communication
Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon (Chapter, 2017)Our oceans are filled with ships that take care of the most important distribution of goods in the world economy. Evolving from isolated chunks of hollow metal containers, ships are becoming more and more like interconnected ... -
Safety Critical Software and Security - How Low Can You Go?
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ... -
Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre (Chapter, 2017)Aircraft equipped with satellite communication (SATCOM) systems will enable advanced Air Traffic Management (ATM) operations over datalink on a global basis. A key concept of future ATM is 4D trajectory management, which ... -
Security requirements for the rest of us: A survey
Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon (Journal article; Peer reviewed, 2008) -
A Systematic Mapping Study on Cyber Security Indicator Data
Meland, Per Håkon; Tokas, Shukun; Erdogan, Gencer; Bernsmed, Karin; Omerovic, Aida (Peer reviewed; Journal article, 2021)A security indicator is a sign that shows us what something is like or how a situation is changing and can aid us in making informed estimations on cyber risks. There are many different breeds of security indicators, ... -
Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research
Tøndel, Inger Anne; Meland, Per Håkon; Omerovic, Aida; Gjære, Erlend Andreas; Solhaug, Bjørnar (Research report, 2015)Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of ... -
Visualizing Cyber Security Risks with Bow-Tie Diagrams
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018)Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ... -
Visualizing Cyber Security Risks with Bow-Tie Diagrams
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018-01-19)Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ... -
When to Treat Security Risks with Cyber Insurance
Meland, Per Håkon; Seehusen, Fredrik (Journal article; Peer reviewed, 2018)Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ... -
When to Treat Security Risks with Cyber Insurance
Meland, Per Håkon; Seehusen, Fredrik (Chapter, 2018)Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...