• Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • A Lightweight Approach to Secure Software Engineering 

      JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)
      Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ...
    • A secure MANET routing protocol for first responders 

      Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje; Tøndel, Inger Anne (Chapter, 2011)
      Emergency and rescue operations are often carried out in areas where the network infrastructure cannot be relied on for message exchange between first responders. Since the fundamental feature of Mobile Ad Hoc Network is ...
    • A Study of Information Security Practice in a Critical Infrastructure Application 

      Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)
      Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ...
    • Behov knyttet til informasjonssikkerhet i forvaltningen - Prioritering av forventninger og behov knyttet til Difis nyopprettede kompetansemiljø for informasjonssikkerhet 

      Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares (SINTEF Rapport;, Research report, 2014)
      Denne rapporten kommer med anbefalinger til prioriterte aktiviteter for Difis nyopprettede kompetansesenter for informasjonssikkerhet. Anbefalingene er gjort på bakgrunn av resultatene fra fire fokusgrupper, samt en ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (Research report, 2016)
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (SINTEF Energi. Rapport;TR A7536, Research report, 2016)
    • IKT og sikkerhet i VA-sektoren: Hva kan gå galt? 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Røstum, Jon (Others, 2013)
      Bruk av IKT gir flere gevinster for VA-sektoren, i form av bedre oversikt og mer effektiv drift. Samtidig fører økt bruk av IKT til at sektoren må forholde seg til trusler også mot IKT-systemene. Denne artikkelen gir en ...
    • Incident Response Management in the oil and gas industry 

      Jaatun, Martin Gilje; Johnsen, Stig Ole; Bartnes, Maria; Longva, Odd Helge; Tøndel, Inger Anne; Albrechtsen, Eirik; Wærø, Irene (, Research report, 2007)
      Incident Response is the process of responding to and handling ICT security related incidents involving infrastructure and data. This has traditionally been a reactive approach, focusing mainly on technical issues. Incident ...
    • Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer 

      Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)
      Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ...
    • Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer 

      Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)
      Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ...
    • Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research 

      Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)
      The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ...
    • Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research 

      Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)
      The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ...
    • Learning From Software Security Testing 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Jensen, Jostein (Chapter, 2008)
      Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present ...
    • Learning Privacy Preferences 

      Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Chapter, 2011)
      This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected ...
    • Modenhetskartlegging av programvaresikkerhet i offentlige virksomheter 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Cruzes, Daniela Soares (Research report, 2015)
      Difi ønsker å få en kartlegging av modenhet knyttet til informasjonssikkerhet i utvikling og anskaffelser av IKT-løsninger i offentlig sektor. Denne rapporten beskriver resultatene fra en spørreundersøkelse knyttet til i ...
    • Personal Health Information on Display: Balancing Needs, Usability and Legislative Requirements 

      Gjære, Erlend Andreas; Tøndel, Inger Anne; Line, Maria Bartnes; Andresen, Herbjørn; Toussaint, Pieter Jelle (Journal article; Peer reviewed, 2011)
      Large wall-mounted screens placed at locations where health personnel pass by will assist in self-coordination and improve utilisation of both resources and staff at hospitals. The sensitivity level of the information ...
    • Playing Protection Poker for Practical Software Security 

      Jaatun, Martin Gilje; Tøndel, Inger Anne (Journal article, 2016)
      Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe ...