• A Lightweight Approach to Secure Software Engineering 

      JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)
      Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ...
    • A Secure MANET Routing Protocol for Crisis Situations 

      Jaatun, Martin Gilje; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
    • A secure MANET routing protocol for first responders 

      Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje; Tøndel, Inger Anne (Chapter, 2011)
      Emergency and rescue operations are often carried out in areas where the network infrastructure cannot be relied on for message exchange between first responders. Since the fundamental feature of Mobile Ad Hoc Network is ...
    • A Study of Information Security Practice in a Critical Infrastructure Application 

      Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)
      Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • Behov knyttet til informasjonssikkerhet i forvaltningen - Prioritering av forventninger og behov knyttet til Difis nyopprettede kompetansemiljø for informasjonssikkerhet 

      Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares (SINTEF Rapport;, Research report, 2014)
      Denne rapporten kommer med anbefalinger til prioriterte aktiviteter for Difis nyopprettede kompetansesenter for informasjonssikkerhet. Anbefalingene er gjort på bakgrunn av resultatene fra fire fokusgrupper, samt en ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (Research report, 2016)
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (SINTEF Energi. Rapport;TR A7536, Research report, 2016)
    • IKT og sikkerhet i VA-sektoren: Hva kan gå galt? 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Røstum, Jon (Others, 2013)
      Bruk av IKT gir flere gevinster for VA-sektoren, i form av bedre oversikt og mer effektiv drift. Samtidig fører økt bruk av IKT til at sektoren må forholde seg til trusler også mot IKT-systemene. Denne artikkelen gir en ...
    • Incident Response Management in the oil and gas industry 

      Jaatun, Martin Gilje; Johnsen, Stig Ole; Bartnes, Maria; Longva, Odd Helge; Tøndel, Inger Anne; Albrechtsen, Eirik; Wærø, Irene (, Research report, 2007)
      Incident Response is the process of responding to and handling ICT security related incidents involving infrastructure and data. This has traditionally been a reactive approach, focusing mainly on technical issues. Incident ...
    • Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer 

      Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)
      Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ...
    • Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer 

      Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)
      Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ...
    • Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research 

      Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)
      The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ...
    • Interdependencies and Reliability in the Combined ICT and Power System: An overview of current research 

      Tøndel, Inger Anne; Foros, Jørn; Kilskar, Stine Skaufel; Hokstad, Per Richard; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2017)
      The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will ...
    • Learning From Software Security Testing 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Jensen, Jostein (Chapter, 2008)
      Software security testing tools and methodologies are presently abundant, and the question no longer seems to be ``if to test'' for security, but rather ``where and when to test'' and ``then what?''. In this paper we present ...
    • Learning Privacy Preferences 

      Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Chapter, 2011)
      This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected ...