• A holistic approach to email security 

      Kleiven, Gaute Solbu (Master thesis, 2019)
      E-post er involvert i en overveldende andel av alle cyberangrep. E-poststandardene er gamle og usikre, og kan enkelt forfalskes, avlyttes eller modifiseres av en ondsinnet aktør. Et stort utvalg av sikkerhetstiltak har ...
    • A server-side approach to privacy policy matching 

      Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian (Chapter, 2011)
      With the increasing use of online services that require sharing of information there is a need for Privacy Enhancing Technology tailored for personal information con- trol. Commonly, web privacy is handled through matching ...
    • An experimental evaluation of bow-tie analysis for cybersecurity requirements 

      Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)
      Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of ...
    • An experimental evaluation of bow-tie analysis for security 

      Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)
      Purpose Within critical-infrastructure industries, bow-tie analysis is an established way of eliciting requirements for safety and reliability concerns. Because of the ever-increasing digitalisation and coupling between ...
    • Best practices and motivational factors for information security in startups: An exploratory case study of four Norwegian tech startups 

      Futsæter, Nora (Master thesis, 2019)
      Teknologibransjen gjennomgår en revolusjon. Med innovasjon og ny teknologi kommer også stadig nye trusler. For eksempel er norske bedrifter, organisasjoner og offentlige sektorer i stadig større grad ofre for avanserte ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Controlled Sharing of Personal Information in Android 

      Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Journal article; Peer reviewed, 2011)
      Smartphones with third-party applications have become very popular. Recently, they have received attention for quietly monitoring and transferring personal information without the users’ knowledge. The objective of this ...
    • Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port 

      Fredriksen, Isa Agnete Halmøy (Master thesis, 2018)
      As a part of a modernized electric power system, mechanical electricity meters are being exchanged with smart meters. The smart meters are to be equipped with a communication interface that customers may use to get a better ...
    • Endpoint security in the modern enterprise 

      Sandberg, Simen Espeseth (Master thesis, 2013)
      Endpoints, such as workstations, laptops, tablets and smartphones, may contain sensitive information. How we use such endpoints are changing, as new device types become available, and due to trends such as Bring Your Own ...
    • Er Bug Bounty Programmer en Bærekraftig Behandling for Sikkerhetsmangler? 

      Trond Hønsi (Master thesis, 2020)
      I en verden hvor hackere tar datasystemer som gisler i bytte mot løsepenger, og myndighetene truer med bøter hvis personinformasjon kommer på avveie, blir det stadig viktigere å sikre datasystemene sine mot trusler. Flere ...
    • Improving Security Posture by Learning from Intrusions 

      Nese, Anders (Master thesis, 2018)
      Previous research have found that organisations lack structured approaches for learning from incidents, which results in organisations missing out on opportunities to improve their security posture. In this thesis, qualitative ...
    • Information Security Incident Management: An Empirical Study of Current Practice 

      Hove, Cathrine; Tårnes, Marte (Master thesis, 2013)
      An increasing use of digital solutions suggests that organizations today are more exposed to attacks than before. Recent reports show that attacks get more advanced and that attackers choose their targets more wisely. ...
    • Is a Smarter Grid Also Riskier? 

      Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian (Journal article; Peer reviewed, 2019)
      The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of ...
    • IT-sikkerhetsberedskapsøvelser i smartgrids 

      Graffer, Ingrid (Master thesis, 2015)
      Overgangen fra tradisjonelt strømnett til smartgrids introduserer teknologi som gjør at både kunder og produsenter kan bruke og generere strøm på en mer effektiv måte. Fordelene ved smartgrids er mange, men det fører også ...
    • Perceived Information Security in the Maritime Sector 

      Skoglund, Roy (Master thesis, 2017)
      The maritime sector is increasingly dependent on digital systems; systems that in many cases was initially designed without security in mind. At the same time, it is reported that the levels of information security awareness ...
    • Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations 

      Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin (Journal article; Peer reviewed, 2015)
      Industrial control organizations need to perform IT security preparedness exercises more frequently than today. However, limited support material currently exists. This paper presents a board game, Play2Prepare, ...
    • Privacy services for mobile devices 

      Bø, Solvår; Pedersen, Stian Rene (Master thesis, 2011)
      Recent studies have shown that privacy on mobile devices is not properly ensured. Due to a heavy increase of smartphones in the market, in addition to a variety of third-party applications, a demand for improved solutions ...
    • Securing software systems in the health care domain 

      Kosmo, Monika Katrin (Master thesis, 2014)
      Cloud computing is a continuously emerging technology of which new areas of utilization is adopted. Among these, medical sensor networks are increasingly used for purposes like remote monitoring of the health condition of ...
    • Security evaluation of communication interfaces on smart meters 

      Willett, Henrik (Master thesis, 2018)
      By 2019, almost all households in Norway will have a smart meter installed. The digitization of the electrical grid may create new vulnerabilities to the critical infrastructure. In this thesis, we evaluated the security ...
    • The Challenges of Performing IT Security Preparedness Exercises in Organizations 

      Johnsrud, Kine (Master thesis, 2016)
      Organizations can take measures to secure their data to the best of their knowledge, but it is impossible to secure an organization 100 \% against attacks and incidents. This calls for the need to handle the incidents as ...