Browsing NTNU Open by Author "Tøndel, Inger Anne"
Now showing items 1-18 of 18
-
Access Control in Heterogenous Health Care Systems - A comparison of Role Based Access Control Versus Decision Based Access Control
Stavik, Stig; Magnussen, Gaute (Master thesis, 2006)Role based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned ... -
Access Control in Heterogenous Health Care Systems: A comparison of Role Based Access Control Versus Decision Based Access Control
Magnussen, Gaute; Stavik, Stig (Master thesis, 2006)Role based access control (RBAC) is widely used in health care systems today. Some of the biggest systems in use at Norwegian hospitals utilizes role based integration. The basic concept of RBAC is that users are assigned ... -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ... -
Collaborative security risk estimation in agile software development
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software ... -
Continuous software security through security prioritisation meetings
Tøndel, Inger Anne; Cruzes, Daniela Soares (Journal article; Peer reviewed, 2022) -
Facing uncertainty in cyber insurance policies
Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ... -
Fremtidens fleksible distribusjonsnett - Fleksibel nettdrift, forbrukerfleksibilitet, plusskunder og forretningsmodeller
Sæle, Hanne; Bremdal, Bernt Arild; Tøndel, Inger Anne; Istad, Maren Kristine; Foosnæs, Jan Andor; Nordbø, Per Erik; Kirkeby, Henrik; Høverstad, Boye Annfelt; Mathisen, Geir (Research report, 2016) -
Influencing the security prioritisation of an agile software development project
Tøndel, Inger Anne; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Sindre, Guttorm (Peer reviewed; Journal article, 2022)Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and ... -
IT Security Is From Mars, Software Security Is From Venus
Tøndel, Inger Anne; JAATUN, Martin Gilje; Cruzes, Daniela Soares (Journal article, 2020) -
Next generation privacy policy
Lillebo, Ole Kristian (Master thesis, 2011)Privacy policies are commonly used by service providers to notify users what information is collected, how it will be used and with whom it will be shared. These policies are however known to be notoriously long and hard ... -
Personal Health Information on Display: Balancing Needs, Usability and Legislative Requirements
Gjære, Erlend Andreas; Tøndel, Inger Anne; Line, Maria Bartnes; Andresen, Herbjørn; Toussaint, Pieter Jelle (Journal article; Peer reviewed, 2011)Large wall-mounted screens placed at locations where health personnel pass by will assist in self-coordination and improve utilisation of both resources and staff at hospitals. The sensitivity level of the information ... -
Prioritisation of security in agile software development projects
Tøndel, Inger Anne (Doctoral theses at NTNU;2022:285, Doctoral thesis, 2022)Agile software development is driven by business value, and strives towards visible progressthrough features. Consequently, the somewhat invisible and overarching aspect of softwaresecurity is at the risk of being neglected.A ... -
Security Threats in Demo Steinkjer. Report from the Telenor-SINTEF collaboration project on Smart Grids
Tøndel, Inger Anne; Jaatun, Martin Gilje; Bartnes, Maria (SINTEF Rapport;A23351, Research report, 2012)This report describes security threats associated with the deployment of an Advanced Metering Infrastructure (AMI) in the Demo Steinkjer demonstration project. The description is based on the first phase of the actual smart ... -
Towards a Conceptual Framework for Security Requirements Work in Agile Software Development
Tøndel, Inger Anne; JAATUN, Martin Gilje (Peer reviewed; Journal article, 2020)Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in ... -
Understanding challenges to adoption of the Microsoft Elevation of Privilege game
Tøndel, Inger Anne; Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform ... -
Understanding Challenges to Adoption of the Protection Poker Software Security Game
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Oyetoyan, Tosin Daniel (Chapter, 2019)Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited ... -
Using situational and narrative analysis for investigating the messiness of software security
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2020)Background: Software engineering work and its context often has characteristics of what in social science is termed 'messy'; it has ephemeral and irregular qualities. This puts high demands on researchers doing inquiry and ...