• A Lightweight Approach to Secure Software Engineering 

      JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)
      Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ...
    • A Secure MANET Routing Protocol for Crisis Situations 

      Jaatun, Martin Gilje; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
    • A secure MANET routing protocol for first responders 

      Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje; Tøndel, Inger Anne (Chapter, 2011)
      Emergency and rescue operations are often carried out in areas where the network infrastructure cannot be relied on for message exchange between first responders. Since the fundamental feature of Mobile Ad Hoc Network is ...
    • A Study of Information Security Practice in a Critical Infrastructure Application 

      Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)
      Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • Achieving "Good Enough" Software Security: The Role of Objectivity 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)
      Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ...
    • Achieving "Good Enough" Software Security: The Role of Objectivity 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)
      Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ...
    • Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs 

      Erdogan, Gencer; Sperstad, Iver Bakken; Garau, Michele; Gjerde, Oddbjørn; Tøndel, Inger Anne; Tokas, Shukun; Jaatun, Martin Gilje (Communications in Computer and Information Science;1859, Chapter; Peer reviewed, 2023)
      Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs
    • Behov knyttet til informasjonssikkerhet i forvaltningen - Prioritering av forventninger og behov knyttet til Difis nyopprettede kompetansemiljø for informasjonssikkerhet 

      Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares (SINTEF Rapport;, Research report, 2014)
      Denne rapporten kommer med anbefalinger til prioriterte aktiviteter for Difis nyopprettede kompetansesenter for informasjonssikkerhet. Anbefalingene er gjort på bakgrunn av resultatene fra fire fokusgrupper, samt en ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (Research report, 2016)
    • Fremtidens fleksible distribusjonsnett : fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller 

      Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (SINTEF Energi. Rapport;TR A7536, Research report, 2016)
    • IKT og sikkerhet i VA-sektoren: Hva kan gå galt? 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Røstum, Jon (Others, 2013)
      Bruk av IKT gir flere gevinster for VA-sektoren, i form av bedre oversikt og mer effektiv drift. Samtidig fører økt bruk av IKT til at sektoren må forholde seg til trusler også mot IKT-systemene. Denne artikkelen gir en ...
    • Improving smart grid security through 5G enabled IoT and edge computing 

      Borgaonkar, Ravishankar Bhaskarrao; Tøndel, Inger Anne; Degefa, Merkebu Zenebe; JAATUN, Martin Gilje (Peer reviewed; Journal article, 2021)
      This article investigates and analyzes the security aspects of 5G specifications from the perspective of IoT-based smart grids. As the smart grid requires high-speed and reliable communication to enable real-time grid ...
    • Incident Response Management in the oil and gas industry 

      Jaatun, Martin Gilje; Johnsen, Stig Ole; Bartnes, Maria; Longva, Odd Helge; Tøndel, Inger Anne; Albrechtsen, Eirik; Wærø, Irene (, Research report, 2007)
      Incident Response is the process of responding to and handling ICT security related incidents involving infrastructure and data. This has traditionally been a reactive approach, focusing mainly on technical issues. Incident ...
    • Influencing the security prioritisation of an agile software development project 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Sindre, Guttorm (Peer reviewed; Journal article, 2022)
      Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and ...
    • Informasjonssikkerhet og personvern:Støtte til risikoanalyse av AMS og tilgrensende systemer 

      Line, Maria Bartnes; Tøndel, Inger Anne; Johansen, Gorm Idar; Sæle, Hanne (SINTEF Rapport;, Research report, 2014)
      Rapporten støtter gjennomføringen av en risikoanalyse av AMS og tilgrensende ITsystemer hos et nettselskap hvor fokus for analysen er informasjonssikkerhet og personvern. Den gir sjekklister og anbefalinger som nettselskapene ...