Blar i Publikasjoner fra CRIStin på forfatter "Jaatun, Martin Gilje"
-
Modenhetsmodell for innebygd sikkerhet (BSIMM). Måling av programvaresikkerhetsaktiviteter i utviklingsorganisasjoner
Jaatun, Martin Gilje (, Research report, 2016)Dette dokumentet inneholder norske oversettelser av aktivitetene beskrevet i Building Security In Maturity Model (BSIMM), lett omarbeidet fra bloggen http://infosec.sintef.no. Teksten er basert på BSIMM-V, men aktivitets ... -
Needs and Challenges Concerning Cyber-Risk Assessment in the Cyber-Physical Smart Grid
Erdogan, Gencer; Tøndel, Inger Anne; Tokas, Shukun; Garau, Michele; Jaatun, Martin Gilje (Chapter, 2022)Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry ... -
Omarbeiding av veileder til sikkerhet for "Avanserte måle- og styringssystemer" - AMS - i avregningsforskriften
Sæle, Hanne; Istad, Maren Kristine; Jaatun, Martin Gilje (SINTEF Rapport;, Research report, 2022) -
Oppfølging av arbeidsseminar om IKT-sikkerhet i Integrerte Operasjoner
Jaatun, Martin Gilje; Johnsen, Stig Ole; Bartnes, Maria; Longva, Odd Helge (Research report, 2007)Den 30/11-2006 ble det på initiativ fra SINTEF avholdt et arbeidsseminar om IKT-sikkerhet i integrerte operasjoner hos Oljedirektoratet (OD) og Petroleumstilsynet (Ptil) i Stavanger, hvor også Oljeindustriens Landsforening ... -
OWASP Top 10 - Do Startups Care?
Søhoel, Halldis M; Jaatun, Martin Gilje; Boyd, Colin Alexander (Chapter, 2018)In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think “let’s get it to work first, and then we’ll worry about security later.” However, major ... -
Playing Protection Poker for Practical Software Security
Jaatun, Martin Gilje; Tøndel, Inger Anne (Journal article, 2016)Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe ... -
Putting the "Account" into Cloud Accountability
Jaatun, Martin Gilje; Pearson, Siani (Proceedings of the 9th International Conference on Cloud Computing and Services Science;, Chapter; Peer reviewed, 2019)Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. ... -
Risk in the Age of Software Security
Jaatun, Martin Gilje (Others, 2017) -
Safety Critical Software and Security - How Low Can You Go?
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ... -
Saving Nine Without Stitching in Time: Integrity Check After-the-fact
Gudmestad, Racin; Houmb, Siv Hilde; Jaatun, Martin Gilje (Chapter; Peer reviewed, 2021)Electrical substations transform voltage from high to low, or low to high for distribution and transmission, respectively, and are a critical part of our electricity infrastructure. The state of a substation is continuously ... -
Secure Remote Access to Autonomous Safety Systems: A Good Practice Approach
Jaatun, Martin Gilje; Line, Maria Bartnes; Grøtan, Tor Olav (Journal article; Peer reviewed, 2009)Safety instrumented systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil and natural gas installations. Partly as a consequence of the evolving 'integrated operations' ... -
Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations
Jaatun, Martin Gilje; Grøtan, Tor Olav (Chapter, 2008)Safety Instrumented Systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil & natural gas installations. SIS typically include the Emergency ShutdownSystem (ESD) that ensures ... -
Security and Independence of Process Safety and Control Systems in the Petroleum Industry
Onshus, Tor Engebret; Bodsberg, Lars; Hauge, Stein; Jaatun, Martin Gilje; Lundteigen, Mary Ann; Myklebust, Thor; Ottermo, Maria Vatshaug; Petersen, Stig; Wille, Egil (Peer reviewed; Journal article, 2022)The developments of reduced manning on offshore facilities and increased information transfer from offshore to land continue and may also be a prerequisite for the future survival of the oil and gas industry. A general ... -
Security Checklists: A Compliance Alibi, or a Useful Tool for Water Network Operators?
Jaatun, Martin Gilje; Røstum, Jon; Petersen, Stig; Ugarelli, Rita Maria (Journal article; Peer reviewed, 2014)Checklist Compliance is a term that has been used derisively in the information security community, implying that checklists are something used for paying lip service to security without instigating real changes to technology ... -
Security Incident Information Exchange for Cloud Service Provisioning Chains
Frøystad, Christian; Tøndel, Inger Anne; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2018)Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about ... -
Security requirements for the rest of us: A survey
Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon (Journal article; Peer reviewed, 2008) -
Security Threats in Demo Steinkjer. Report from the Telenor-SINTEF collaboration project on Smart Grids
Tøndel, Inger Anne; Jaatun, Martin Gilje; Bartnes, Maria (Research report, 2012)This report describes security threats associated with the deployment of an Advanced Metering Infrastructure (AMI) in the Demo Steinkjer demonstration project. The description is based on the first phase of the actual smart ... -
SMS from OSLO VAV - Secure and Monitored Service from Oslo VAV: First periodic progress report Project objectives, work progress and achievements, project management
Ugarelli, Rita Maria; Selseth, Ingrid; Myhre, Bård; Berge, Svein Peder; Jaatun, Martin Gilje (Research report, 2012) -
Software Security Activities that Support Incident Management in Secure DevOps
Jaatun, Martin Gilje (Chapter, 2018)Many software services are currently created using DevOps, where developers and operations personnel are more tightly integrated. The DevOps paradigm enables shorter development cycles, but increased speed has raised ... -
A Survey on Cybersecurity Barrier Management in Process Control Environments
Øien, Knut; Hauge, Stein; Jaatun, Martin Gilje; Flå, Lars; Bodsberg, Lars (Chapter; Peer reviewed, 2022)The concept of barriers is well known in the safety domain that includes traditional process control environments. However, as critical infrastructures are moving to more interconnected scenarios connected to cloud computing ...