• A Probabilistic Approach to Information Control 

      Nyre, Åsmund Ahlmann; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
    • Agile Software Development: The Straight and Narrow Path to Secure Software? 

      Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
      In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ...
    • All in a day's work: Password cracking for the rest of us 

      Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)
      The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software ...
    • Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port 

      Fredriksen, Isa Agnete Halmøy (Master thesis, 2018)
      As a part of a modernized electric power system, mechanical electricity meters are being exchanged with smart meters. The smart meters are to be equipped with a communication interface that customers may use to get a better ...
    • An Empirical Study of CERT Capacity in the North Sea 

      Jaatun, Martin Gilje; Bodsberg, Lars; Grøtan, Tor Olav; Moe, Marie Elisabeth Gaup (Chapter, 2020)
      This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors ...
    • Er Bug Bounty Programmer en Bærekraftig Behandling for Sikkerhetsmangler? 

      Trond Hønsi (Master thesis, 2020)
      I en verden hvor hackere tar datasystemer som gisler i bytte mot løsepenger, og myndighetene truer med bøter hvis personinformasjon kommer på avveie, blir det stadig viktigere å sikre datasystemene sine mot trusler. Flere ...
    • Exchange of Security Incident Information in the context of Cloud Services 

      Frøystad, Christian (Master thesis, 2015)
      In recent years, the use of cloud computing has increased significantly. More and more organizations are moving their services to the cloud as there are rather compelling benefits from using cloud computing. Some of these ...
    • Implementing a Secure Ad Hoc Network 

      Graarud, Espen Grannes (Master thesis, 2011)
      In emergency situations such as natural disasters the emergency personell shouldbe able to establish communication fast and reliably. Depending on the nature ofthe disaster one cannot rely on existing communication ...
    • Is a Smarter Grid Also Riskier? 

      Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian (Journal article; Peer reviewed, 2019)
      The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of ...
    • Monitoring Intrusions and Security Breaches in Highly Distributed Cloud Environments 

      Taheri Monfared, Aryan; Jaatun, Martin Gilje (Chapter; Conference object, 2011)
      Cloud computing is a new computing model, and security is ranked first among its challenges. This paper reviews existing security monitoring mechanisms compared with new challenges which are caused by this new model. We ...
    • OWASP Top 10 - Do Startups Care? 

      Søhoel, Halldis M; Jaatun, Martin Gilje; Boyd, Colin Alexander (Chapter, 2018)
      In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think “let’s get it to work first, and then we’ll worry about security later.” However, major ...
    • OWASP top ten - What is the state of practice among start-ups? 

      Søhoel, Halldis Margrete (Master thesis, 2018)
      New apps and web services are increasingly serving our everyday needs, and they are appearing at high speed. How secure are all these services? This thesis has tested the security of five web services developed by startups. ...
    • Procedures and Tools to Reset or Recover the Administrator Password on Popular Operating Systems 

      Blakstad, Jørgen Wahl; Nergård, Rune Walsø (Master thesis, 2009)
      Unauthorized access to computers and theft of proprietary information are two problems leading to large economical losses for organizations around the world. Thousands of laptops often containing vital information are lost ...
    • Scanning the Medical Terrain : an aid to quicker adoption of guidelines 

      Jaatun, Ellen A. Andreassen; Hepburn, Leigh-Anne; Jaatun, Martin Gilje (Peer reviewed; Journal article, 2019)
      Guidelines exist in order to ensure efficient, effective and consistent provision of healthcare service. Unfortunately, existing guidelines are often not adopted in a timely manner, even to the point of being outdated at ...
    • Secure information sharing in Integrated Operations 

      Nyre, Åsmund Ahlmann (Doctoral theses at NTNU;2017:358, Doctoral thesis, 2017)
      The oil and gas industry in Norway is moving towards Integrated Operations (IO) to provide better, safer and more cost-effective operations. IO, as it is envisioned, will rely on extensive sharing of information and resources ...
    • Security in Industrial Networks 

      Sørensen, Jan Tore (Master thesis, 2007)
      A major trend in the automation and power industries is the transition from closed proprietary network solutions to open TCP/IP protocols running on Ethernet technologies. As these industries converge on an all IP platform, ...
    • Security Threats in Demo Steinkjer. Report from the Telenor-SINTEF collaboration project on Smart Grids 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Bartnes, Maria (SINTEF Rapport;A23351, Research report, 2012)
      This report describes security threats associated with the deployment of an Advanced Metering Infrastructure (AMI) in the Demo Steinkjer demonstration project. The description is based on the first phase of the actual smart ...
    • Simulation of a Secure Ad Hoc Network Routing Protocol 

      Bowitz, Anne Gabrielle (Master thesis, 2011)
      Secure wireless ad hoc networks possess many properties that are highly valuable in e.g. emergency situations and military applications. By using X.509 certificates, the ad hoc routing protocol B.A.T.M.A.N. has been modified ...