• A Framework for Incident Response Management in the Petroleum Industry 

      Jaatun, Martin Gilje (Journal article; Peer reviewed, 2009)
      Incident response is the process of responding to and handling security-related incidents involving information and communications technology (ICT) infrastructure and data. Incident response has traditionally been reactive ...
    • A Secure MANET Routing Protocol for Crisis Situations 

      Jaatun, Martin Gilje; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
    • A Study of Information Security Practice in a Critical Infrastructure Application 

      Jaatun, Martin Gilje; Albrechtsen, Eirik; Bartnes, Maria; Johnsen, Stig Ole; Wærø, Irene; Longva, Odd Helge; Tøndel, Inger Anne (Journal article; Peer reviewed, 2008)
      Based on multiple methods we have studied how information security practices, and in particular computer security incident response practices, are handled in the Norwegian offshore oil and gas industry. Our findings show ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • Achieving "Good Enough" Software Security: The Role of Objectivity 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)
      Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ...
    • Achieving "Good Enough" Software Security: The Role of Objectivity 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)
      Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ...
    • Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs 

      Erdogan, Gencer; Sperstad, Iver Bakken; Garau, Michele; Gjerde, Oddbjørn; Tøndel, Inger Anne; Tokas, Shukun; Jaatun, Martin Gilje (Communications in Computer and Information Science;1859, Chapter; Peer reviewed, 2023)
      Adapting Cyber-Risk Assessment for the Planning of Cyber-Physical Smart Grids Based on Industrial Needs
    • Agile Software Development: The Straight and Narrow Path to Secure Software? 

      Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
      In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ...
    • All in a day's work: Password cracking for the rest of us 

      Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)
      The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ...
    • Automating Security in a Continuous Integration Pipeline 

      Chalishhafshejani, Sohrab; Pham, Bao Khanh; Jaatun, Martin Gilje (Chapter, 2022)
      Traditional approaches to software security are based on manual methods, which tend to stall development, leading to inefficiency. To speed up a software development lifecycle, security needs to be integrated and automated ...
    • Care and Feeding of Your Security Champion 

      Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter; Peer reviewed, 2021)
      In agile software development, adoption of security practices poses challenges, often because security activities are not prioritized, or because the practitioners are not able to see the relevance and importance of the ...
    • Challenges and approaches of performing canonical action research in software security: research paper 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Oyetoyan, Tosin Daniel (Chapter, 2018)
      When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problemsolving actions implemented ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security ...
    • A continuous OT cybersecurity risk analysis and Mitigation process 

      Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje (Chapter, 2023)
      Operational Technology (OT) systems are becoming increasingly software-driven and connected. This creates new digitalization opportunities but can also increase the risk of cyber security breaches than can have severe ...
    • Could the Outsourcing of Incident Response Management Provide a Blueprint for Managing Other Cloud Security Requirements? 

      Duncan, Bob; Whittington, Mark; Jaatun, Martin Gilje; Reyes, Alfredo (Journal article; Peer reviewed, 2017)
      In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to ...
    • Cyber Security Considerations for Self-healing Smart Grid Networks 

      Jaatun, Martin Gilje; Moe, Marie Elisabeth Gaup; Per Erik, Nordbø (Chapter, 2018)
      Fault Location, Isolation and System Restoration (FLISR) mechanisms allow for rapid restoration of power to customers that are not directly implicated by distribution network failures. However, depending on where the logic ...
    • A Cyber-Physical All-Hazard Risk Management Approach: The Case of the Wastewater Treatment Plant of Copenhagen 

      Bosco, Camillo; Thirsing, Carsten; Jaatun, Martin Gilje; Ugarelli, Rita Maria (Peer reviewed; Journal article, 2023)
      The ongoing digitalization of critical infrastructures enables more efficient processes, but also comes with new challenges related to potential cyber-physical attacks or incidents. To manage their associated risk, a precise ...