• A Lightweight Approach to Secure Software Engineering 

      JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)
      Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Ontology-based Use Cases for Design-time and Runtime Composition of Mobile Services 

      Rój, Michal Konrad; Meland, Per Håkon; Floch, Jacqueline; Domaszewicz, Jaroslaw (Chapter, 2009)
      This paper presents application of ontology-based modelling and reasoning related to the different phases of the lifecycle of mobile services. Ontology-based descriptions complement traditional design-time and runtime ...
    • Protecting Future Maritime Communication 

      Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon (Chapter, 2017)
      Our oceans are filled with ships that take care of the most important distribution of goods in the world economy. Evolving from isolated chunks of hollow metal containers, ships are becoming more and more like interconnected ...
    • Safety Critical Software and Security - How Low Can You Go? 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)
      The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ...
    • Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre (Chapter, 2017)
      Aircraft equipped with satellite communication (SATCOM) systems will enable advanced Air Traffic Management (ATM) operations over datalink on a global basis. A key concept of future ATM is 4D trajectory management, which ...
    • Security requirements for the rest of us: A survey 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon (Journal article; Peer reviewed, 2008)
    • Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research 

      Tøndel, Inger Anne; Meland, Per Håkon; Omerovic, Aida; Gjære, Erlend Andreas; Solhaug, Bjørnar (Research report, 2015)
      Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of ...
    • Visualizing Cyber Security Risks with Bow-Tie Diagrams 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018-01-19)
      Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ...
    • Visualizing Cyber Security Risks with Bow-Tie Diagrams 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018)
      Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ...
    • When to Treat Security Risks with Cyber Insurance 

      Meland, Per Håkon; Seehusen, Fredrik (Journal article; Peer reviewed, 2018)
      Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...
    • When to Treat Security Risks with Cyber Insurance 

      Meland, Per Håkon; Seehusen, Fredrik (Chapter, 2018)
      Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...