• A Comparison between Business Process Management and Information Security Management 

      Wangen, Gaute; Snekkenes, Einar (Chapter, 2014)
      Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing ...
    • A Taxonomy of Challenges in Information Security Risk Management 

      Wangen, Gaute; Snekkenes, Einar (Chapter, 2013)
      Risk Management is viewed by many as the cornerstone of information security and is used to determine what to protect and how. How to approach risk management for information security is an ongoing debate as there are ...
    • An Empirical Research on InfoSec Risk Management in IoT-based eHealth 

      Aman, Waqas; Snekkenes, Einar (Chapter, 2013)
      Enabling the healthcare infrastructure with Internet of Things (IoT) will significantly improve quality of service, reduce the costs and efficiently manage remote and mobile patients. To be efficacious, IoT and eHealth ...
    • Automation of the risk assessment process in small and medium-sized enterprises. 

      Haug, Vladimir (Master thesis, 2022)
      Samtlige virksomheter er forpliktet til å foreta risikovurderinger, i henhold til Arbeidstilsynets lov 7-1. Gjennomgående krav til kartlegging og risikovurdering. Til tross for at Arbeidstilsynets beskrivelse og standardordninger ...
    • Context-Aware Adaptive Authentication for the IoT in eHealth 

      Habib, Kashif (Doctoral theses at NTNU;2018:336, Doctoral thesis, 2018)
      The Internet of Things (IoT) presents a concept of smart world around us, where things are trying to assist and benefit people. Patient monitoring outside the hospital environment is one case for the IoT in healthcare. The ...
    • Cyber Security Risk Assessment Practices: Core Unified Risk Framework 

      Wangen, Gaute Bjørklund (Doctoral theses at NTNU;2017:153, Doctoral thesis, 2017)
      We conduct risk assessments to reducing the uncertainty regarding future events in order to make the best decisions possible and to control risk. In industry, the aim is to find the appropriate balance in risk-taking ...
    • EDAS: An evaluation prototype for autonomic event-driven adaptive security in the internet of things 

      Aman, Waqas; Snekkenes, Einar (Journal article; Peer reviewed, 2015)
      In Internet of Things (IoT), the main driving technologies are considered to be tiny sensory objects. These objects cannot host traditional preventive and detective technologies to provide protection against the increasing ...
    • Event Driven Adaptive Security in Internet of Things 

      Aman, Waqas; Snekkenes, Einar (Chapter, 2014)
      With Internet of Things (IoT), new and improved personal, commercial and social opportunities can be explored and availed. However, with this extended network, the corresponding threat landscape will become more complex ...
    • Gait Recognition Using Wearable Motion Recording Sensors 

      Gafurov, Davrondzhon; Snekkenes, Einar (Journal article; Peer reviewed, 2009)
      This paper presents an alternative approach, where gait is collected by the sensors attached to the person's body. Such wearable sensors record motion (e.g. acceleration) of the body parts during walking. The recorded ...
    • High level information security risk in higher education 

      Ulven, Joachim (Master thesis, 2020)
      Identifisere verdier, trusler og sårbarheter er avgjørende når du vurderer risikoer i organisasjoner. Flere av de mest kjente informasjonssikkerhetsrisiko rammeverkene som ISO/IEC 27005, NIST SP 800-39 og OCTAVE bruker ...
    • Information Security Risk Management Practices: Community-Based Knowledge Sharing 

      Agrawal, Vivek (Doctoral theses at NTNU;2018:283, Doctoral thesis, 2018)
      Information security risk management (ISRM) is an integral part of the management practice and is an essential element of good corporate governance. ISRM helps to identify and manage potential problems that could undermine ...
    • Layout Dependent Phenomena A New Side-channel Power Model 

      Dyrkolbotn, Geir Olav; Wold, Knut; Snekkenes, Einar (Journal article; Peer reviewed, 2012)
      The energy dissipation associated with switching in CMOS logic gates can be used to classify the microprocessor’s activity. In VLSI design, layout dependent phenomena, such as capacitive crosstalk, become a major ...
    • Managing Security Trade-offs in the Internet of Things using Adaptive Security 

      Aman, Waqas; Snekkenes, Einar (Chapter, 2015)
      Adaptive security can take dynamic trade-off decisions autonomously at runtime and is considered a key desirable attribute in the Internet of Things (IoT). However, there is no clear evidence that it can handle these ...
    • Password Generation and Search Space Reduction 

      Helkala, Kirsi; Snekkenes, Einar (Journal article; Peer reviewed, 2009)
      It is easy for humans to design passwords that are easily remembered. However, such passwords may have a predictable structure, making exhaustive search feasible. We have divided human-generated passwords into three ...
    • Using Financial Instruments to Transfer the Information Security Risks 

      Pandey, Pankaj; Snekkenes, Einar (Journal article; Peer reviewed, 2016)
      For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem ...