• A Probabilistic Approach to Information Control 

      Nyre, Åsmund Ahlmann; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
    • Achieving "Good Enough" Software Security: The Role of Objectivity 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)
      Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ...
    • Agile Software Development: The Straight and Narrow Path to Secure Software? 

      Nicolaysen, Torstein; Sassoon, Richard; Bartnes, Maria; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010)
      In this article, we contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken ...
    • All in a day's work: Password cracking for the rest of us 

      Blakstad, Jørgen Wahl; Nergård, Rune; Jaatun, Martin Gilje; Gligoroski, Danilo (Chapter, 2009)
      The majority of computer systems are still protected primarily with a user name and password, and many users employ the same password on multiple systems. Additionally, some of the most popular operating systems such as ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Collaborative security risk estimation in agile software development 

      Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)
      Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software ...
    • A continuous OT cybersecurity risk analysis and Mitigation process 

      Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje (Chapter, 2023)
      Operational Technology (OT) systems are becoming increasingly software-driven and connected. This creates new digitalization opportunities but can also increase the risk of cyber security breaches than can have severe ...
    • Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port 

      Fredriksen, Isa Agnete Halmøy (Master thesis, 2018)
      As a part of a modernized electric power system, mechanical electricity meters are being exchanged with smart meters. The smart meters are to be equipped with a communication interface that customers may use to get a better ...
    • Cyber-physical Hardening of the DigitalWater Infrastructure 

      Cali, Umit; Catak, Ferhat Özgur; Balogh, Zsolt György; Ugarelli, Rita Maria; Jaatun, Martin Gilje (Chapter, 2023)
      Water supply and drainage systems, which are categorized as critical infrastructure, serve a crucial role in preserving societal health and well-being. Since climate change effects, harsher regulations, population changes, ...
    • Cybersecurity Preparedness Exercises in Smart Grid: Collaboration With Suppliers During Incident Response 

      Langås, Mari; Løfqvist, Sanna (Master thesis, 2021)
      Introduksjonen av informasjons- og kommunikasjonsteknologi (IKT) i det tradisjonelle strømnettet har resultert i et digitalisert strømnett, ofte referert til som smart grid. Smart grid gjør driften og hendelseshåndteringen ...
    • Cybersecurity Preparedness Exercises in Smart Grid: Collaboration With Suppliers During Incident Response 

      Løfqvist, Sanna; Langås, Mari (Master thesis, 2021)
      Introduksjonen av informasjons- og kommunikasjonsteknologi (IKT) i det tradisjonelle strømnettet har resultert i et digitalisert strømnett, ofte referert til som smart grid. Smart grid gjør driften og hendelseshåndteringen ...
    • An Empirical Study of CERT Capacity in the North Sea 

      Jaatun, Martin Gilje; Bodsberg, Lars; Grøtan, Tor Olav; Moe, Marie Elisabeth Gaup (Chapter, 2020)
      This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors ...
    • Er Bug Bounty Programmer en Bærekraftig Behandling for Sikkerhetsmangler? 

      Trond Hønsi (Master thesis, 2020)
      I en verden hvor hackere tar datasystemer som gisler i bytte mot løsepenger, og myndighetene truer med bøter hvis personinformasjon kommer på avveie, blir det stadig viktigere å sikre datasystemene sine mot trusler. Flere ...
    • Exchange of Security Incident Information in the context of Cloud Services 

      Frøystad, Christian (Master thesis, 2015)
      In recent years, the use of cloud computing has increased significantly. More and more organizations are moving their services to the cloud as there are rather compelling benefits from using cloud computing. Some of these ...
    • Implementing a Secure Ad Hoc Network 

      Graarud, Espen Grannes (Master thesis, 2011)
      In emergency situations such as natural disasters the emergency personell shouldbe able to establish communication fast and reliably. Depending on the nature ofthe disaster one cannot rely on existing communication ...
    • Is a Smarter Grid Also Riskier? 

      Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian (Journal article; Peer reviewed, 2019)
      The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of ...
    • Monitoring Intrusions and Security Breaches in Highly Distributed Cloud Environments 

      Taheri Monfared, Aryan; Jaatun, Martin Gilje (Chapter, 2011)
      Cloud computing is a new computing model, and security is ranked first among its challenges. This paper reviews existing security monitoring mechanisms compared with new challenges which are caused by this new model. We ...
    • OWASP Top 10 - Do Startups Care? 

      Søhoel, Halldis M; Jaatun, Martin Gilje; Boyd, Colin Alexander (Chapter, 2018)
      In a cut-throat world where time-to-market can be the difference between success and failure, it can be tempting for startups to think “let’s get it to work first, and then we’ll worry about security later.” However, major ...
    • OWASP top ten - What is the state of practice among start-ups? 

      Søhoel, Halldis Margrete (Master thesis, 2018)
      New apps and web services are increasingly serving our everyday needs, and they are appearing at high speed. How secure are all these services? This thesis has tested the security of five web services developed by startups. ...
    • Prioritisation of security in agile software development projects 

      Tøndel, Inger Anne (Doctoral theses at NTNU;2022:285, Doctoral thesis, 2022)
      Agile software development is driven by business value, and strives towards visible progressthrough features. Consequently, the somewhat invisible and overarching aspect of softwaresecurity is at the risk of being neglected.A ...