Browsing NTNU Open by Author "Jaatun, Martin Gilje"
Now showing items 1-20 of 41
-
A Probabilistic Approach to Information Control
Nyre, Åsmund Ahlmann; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010) -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Agile Software Development: The Straight and Narrow Path to Secure Software?
Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ... -
All in a day's work: Password cracking for the rest of us
Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ... -
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ... -
Collaborative security risk estimation in agile software development
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software ... -
A continuous OT cybersecurity risk analysis and Mitigation process
Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje (Chapter, 2023)Operational Technology (OT) systems are becoming increasingly software-driven and connected. This creates new digitalization opportunities but can also increase the risk of cyber security breaches than can have severe ... -
Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port
Fredriksen, Isa Agnete Halmøy (Master thesis, 2018)As a part of a modernized electric power system, mechanical electricity meters are being exchanged with smart meters. The smart meters are to be equipped with a communication interface that customers may use to get a better ... -
Cyber-physical Hardening of the DigitalWater Infrastructure
Cali, Umit; Catak, Ferhat Özgur; Balogh, Zsolt György; Ugarelli, Rita Maria; Jaatun, Martin Gilje (Chapter, 2023)Water supply and drainage systems, which are categorized as critical infrastructure, serve a crucial role in preserving societal health and well-being. Since climate change effects, harsher regulations, population changes, ... -
Cybersecurity Preparedness Exercises in Smart Grid: Collaboration With Suppliers During Incident Response
Langås, Mari; Løfqvist, Sanna (Master thesis, 2021)Introduksjonen av informasjons- og kommunikasjonsteknologi (IKT) i det tradisjonelle strømnettet har resultert i et digitalisert strømnett, ofte referert til som smart grid. Smart grid gjør driften og hendelseshåndteringen ... -
Cybersecurity Preparedness Exercises in Smart Grid: Collaboration With Suppliers During Incident Response
Løfqvist, Sanna; Langås, Mari (Master thesis, 2021)Introduksjonen av informasjons- og kommunikasjonsteknologi (IKT) i det tradisjonelle strømnettet har resultert i et digitalisert strømnett, ofte referert til som smart grid. Smart grid gjør driften og hendelseshåndteringen ... -
An Empirical Study of CERT Capacity in the North Sea
Jaatun, Martin Gilje; Bodsberg, Lars; Grøtan, Tor Olav; Moe, Marie Elisabeth Gaup (Chapter, 2020)This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors ... -
Er Bug Bounty Programmer en Bærekraftig Behandling for Sikkerhetsmangler?
Trond Hønsi (Master thesis, 2020)I en verden hvor hackere tar datasystemer som gisler i bytte mot løsepenger, og myndighetene truer med bøter hvis personinformasjon kommer på avveie, blir det stadig viktigere å sikre datasystemene sine mot trusler. Flere ... -
Exchange of Security Incident Information in the context of Cloud Services
Frøystad, Christian (Master thesis, 2015)In recent years, the use of cloud computing has increased significantly. More and more organizations are moving their services to the cloud as there are rather compelling benefits from using cloud computing. Some of these ... -
Fuzzing Connected Embedded Devices
Solnør, Åse Marie; Sørlien, Silje Marie (Master thesis, 2024)Dette prosjektet har som formål å undersøke anvendeligheten av fuzzing som en metode for sikkerhetstesting av tilkoblede innebygde enheter som bruker den vanligste serien med mikroprosessorer: ARM Cortex-M. Dette for å ... -
Fuzzing Connected Embedded Devices
Solnør, Åse Marie; Sørlien, Silje Marie (Master thesis, 2024)Dette prosjektet har som formål å undersøke anvendeligheten av fuzzing som en metode for sikkerhetstesting av tilkoblede innebygde enheter som bruker den vanligste serien med mikroprosessorer: ARM Cortex-M. Dette for å ... -
Implementing a Secure Ad Hoc Network
Graarud, Espen Grannes (Master thesis, 2011)In emergency situations such as natural disasters the emergency personell shouldbe able to establish communication fast and reliably. Depending on the nature ofthe disaster one cannot rely on existing communication ... -
Is a Smarter Grid Also Riskier?
Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian (Journal article; Peer reviewed, 2019)The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of ... -
Monitoring Intrusions and Security Breaches in Highly Distributed Cloud Environments
Taheri Monfared, Aryan; Jaatun, Martin Gilje (Chapter, 2011)Cloud computing is a new computing model, and security is ranked first among its challenges. This paper reviews existing security monitoring mechanisms compared with new challenges which are caused by this new model. We ... -
OWASP Top 10 - Do Startups Care?
Søhoel, Halldis M; Jaatun, Martin Gilje; Boyd, Colin Alexander (Chapter, 2018)In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think “let’s get it to work first, and then we’ll worry about security later.” However, major ...