• An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS 

      Tran, Le Minh Sang; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)
      Security risk analysis should be conducted regularly for organizations to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. ...
    • Compositional Refinement of Policies in UML – Exemplified for Access Control 

      Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)
      The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram ...
    • DeSPoT: A Method for the Development and Specification of Policies for Trust Negotiation 

      Håvaldsrud, Tormod; Møller-Pedersen, Birger; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)
      Information systems are ever more connected to the Internet, which gives wide opportunities for interacting with other actors, systems and resources and for exploiting the open and vast marked. This pushes the limits for ...
    • Divide and Conquer – Towards a Notion of Risk Model Encapsulation 

      Refsdal, Atle; Rideng, Øyvind; Solhaug, Bjørnar; Stølen, Ketil (Lecture Notes in Computer Science;8431, Chapter, 2014)
      The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more ...
    • ENFORCE Conceptual Framework 

      Lysemoset, Tom; Mahler, Tobias; Solhaug, Bjørnar; Bing, Jon; Elgesom, Dag; Stølen, Ketil (Research report, 2007)
      ENFORCE is a multi-disciplinary research project addressing trust management. The research objectives include the development of a methodology for the capture and analysis of policies for security and trust management, the ...
    • Evaluation of a Method for the Analysis and Development of Policies for Trust Negotiation 

      Håvaldsrud, Tormod; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)
      This report documents the evaluation of our method for the analysis   and development of policies for trust negotiation. The method was evaluated in an industrial case study with evaluation criteria focusing on ...
    • Evaluation of experiences from applying the PREDIQT method in an industrial case study 

      Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)
      We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ...
    • Evaluation of experiences from applying the PREDIQT method in an industrial case study 

      Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Chapter, 2011)
      We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ...
    • Evaluations of methodology and tools used during the 8th SECURIS field trail 

      Refsdal, Atle; Solhaug, Bjørnar (Research report, 2007)
      This report presents the evaluation of the risk analysis in the 8th SECURIS field trial carried out the autumn 2006 and early 2007. FLO/IKT was the client and the target of the analysis was work with/handling of information ...
    • ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System 

      Beckers, Kristian; Heisel, Maritta; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)
      Realizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive ...
    • Preservation of Policy Adherence under Refinement 

      Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)
      Policy-based management is an approach to the management of systems with respect to issues such as security, access control and trust by the enforcement of policy rules. This paper addresses the problem of integrating the ...
    • Report on ESUMS Risk Analysis 

      Omerovic, Aida; Kofod-Petersen, Anders; Solhaug, Bjørnar; Svagård, Ingrid Storruste; Tran, Le Minh Sang (Research report, 2012)
      This report documents the results of the first case study in the FRISK project, namely a risk analysis. The target of analysis is the ESUMS (Enhanced Sustained Use Monitoring System) prototype system and services for remote ...
    • Security risk analysis of system changes exemplified within the oil and gas domain 

      Refsdal, Atle; Solhaug, Bjørnar; Stølen, Ketil (Journal article; Peer reviewed, 2015)
      Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows ...
    • Specifying Policies Using UML Sequence Diagrams - An Evaluation Based on a Case Study 

      Solhaug, Bjørnar; Elgesem, Dag; Stølen, Ketil (Research report, 2007)
      This report provides a case study based evaluation of UML sequence diagrams as a notation for policy specification. Policy rules are defined on the basis of deontic logic, and provided a trace based semantics interpreted ...
    • Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research 

      Tøndel, Inger Anne; Meland, Per Håkon; Omerovic, Aida; Gjære, Erlend Andreas; Solhaug, Bjørnar (Research report, 2015)
      Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of ...