• A Comparison between Business Process Management and Information Security Management 

      Wangen, Gaute; Snekkenes, Einar (Chapter, 2014)
      Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing ...
    • A framework for estimating information security risk assessment method completeness: Core Unified Risk Framework 

      Wangen, Gaute; Hallstensen, Christoffer V; Snekkenes, Einar Arthur (Journal article; Peer reviewed, 2017)
      In general, an information security risk assessment (ISRA) method produces risk estimates, where risk is the product of the probability of occurrence of an event and the associated consequences for the given organization. ...
    • An Empirical Study of Root-Cause Analysis in Information Security Management 

      Wangen, Gaute; Hellesen, Niclas; Torres, Henrik; Brækken, Erlend (Chapter, 2017)
      This paper studies the application of Root-cause analysis (RCA) methodology to a complex socio-technical information security (InfoSec) management problem. InfoSec risk assessment (ISRA) is the common approach for dealing ...
    • An initial insight into Information Security Risk Assessment practices 

      Wangen, Gaute (Chapter, 2016)
      Much of the debate surrounding risk management in information security (InfoSec) has been at the academic level, where the question of how practitioners view predominant issues is an essential element often left unexplored. ...
    • An Initial Insight Into InfoSec Risk Management Practices 

      Wangen, Gaute (Journal article; Peer reviewed, 2015)
      Much of the debate surrounding risk management in information security (InfoSec) has been at the academic level, and how practitioners view predominant issues is an important element often left unexplored. Thus, this article ...
    • A Taxonomy of Challenges in Information Security Risk Management 

      Wangen, Gaute; Snekkenes, Einar (Chapter, 2013)
      Risk Management is viewed by many as the cornerstone of information security and is used to determine what to protect and how. How to approach risk management for information security is an ongoing debate as there are ...
    • Conflicting Incentives Risk Analysis: A Case Study of the Normative Peer Review Process 

      Wangen, Gaute (Journal article; Peer reviewed, 2015)
      This paper presents an approach to conduct risk assessments of complex incentive systems, using a case study of the normative Peer Review Process (PRP). This research centers on appliances and adaptations of the Conflicting ...
    • Cyber security risk assessment of a DDoS attack 

      Wangen, Gaute; Shalaginov, Andrii; Hallstensen, Christoffer V (Journal article; Peer reviewed, 2016)
      This paper proposes a risk assessment process based on distinct classes and estimators, which we apply to a case study of a common communications security risk; a distributed denial of service attack (DDoS) attack. The ...
    • Empirical Case Studies of the Root Cause Analysis Method in Information Security 

      Hellesen, Niclas; Torres, Henrik; Wangen, Gaute (Journal article; Peer reviewed, 2018)
      Root cause analysis is a methodology that comes from the quality assurance and improvement fields. Root-cause analysis is a seven-step methodology that proposes multiple tools per step, which are designed to identify and ...
    • Information Security Risk Assessment: A Method Comparison 

      Wangen, Gaute (Journal article; Peer reviewed, 2017)
      Numerous methods for information security risk assessment (ISRA) are available, yet there is little guidance on how to choose one. Through a comprehensive risk identification, estimation, and evaluation framework, the ...
    • Mørketallsundersøkelsen ved NTNU 2018 

      Wangen, Gaute; Brodin, Even Østby; Skari, Bent Håkon; Berglind, Christopher (Research report, 2019)
      Formålet med denne rapporten er å undersøke sikkerhetssituasjonen på NTNU og avdekke urapporterte hendelser for å få et bedre beslutningsgrunnlag innenfor cybersikkerhet. Rapporten er utarbeidet av IT avdelingen ved Seksjon ...
    • Quantitative Risk, Statistical Methods and the Four Quadrants for Information Security 

      Wangen, Gaute; Shalaginov, Andrii (Chapter, 2016)
      Achieving the quantitative risk assessment has long been an elusive problem in information security, where the subjective and qualitative assessments dominate. This paper discusses the appropriateness of statistical and ...
    • Security Awareness of the Digital Natives 

      Gkioulos, Vasileios; Wangen, Gaute; Katsikas, Sokratis; Kavallieratos, George; Kotzanikolaou, Panayiotis (Journal article; Peer reviewed, 2017)
      Young generations make extensive use of mobile devices, such as smartphones, tablets and laptops, while a plethora of security risks associated with such devices are induced by vulnerabilities related to user behavior. ...
    • The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism 

      Wangen, Gaute (Journal article; Peer reviewed, 2015)
      The recent emergence of the targeted use of malware in cyber espionage versus industry requires a systematic review for better understanding of its impact and mechanism. This paper proposes a basic taxonomy to document ...
    • User Modeling Validation Over the Security Awareness of Digital Natives 

      Gkioulos, Vasileios; Wangen, Gaute; Katsikas, Sokratis (Journal article; Peer reviewed, 2017)
      Young generations make extensive use of mobile devices, such as smart-phones, tablets and laptops, for a variety of daily tasks with potentially critical impact, while the number of security breaches via portable devices ...