2023

• Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje. (2023) A continuous OT cybersecurity risk analysis and Mitigation process. Research Publishing Services
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Okstad, Eivind Halvard; Bains, Robert; Mewcha, Abera Hailu; Flå, Lars Halvdan; Bernsmed, Karin Elisabeth. (2023) Cybersecurity in railway - alternatives of independent assessors’ involvement in cybersecurity assurance. Research Publishing Services
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2022

• Bernsmed, Karin; Bour, Guillaume; Lundgren, Martin; Bergström, Erik. (2022) An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects. Journal of Air Transport Management
  Vitenskapelig artikkel

2021

• Meland, Per Håkon; Tokas, Shukun; Erdogan, Gencer; Bernsmed, Karin; Omerovic, Aida. (2021) A Systematic Mapping Study on Cyber Security Indicator Data. Electronics
  Vitenskapelig oversiktsartikkel/review
• Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao. (2021) D2.3 CySiMS Cyber Event Exercise Handbook. SINTEF Rapport (2021:00319)
  Rapport
• Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) D2.2 Updated cyber risk assessment for the maritime industry. SINTEF Rapport (2021:00341)
  Rapport
• Bernsmed, Karin; Bour, Guillaume; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao; Wille, Egil. (2021) D4.3 Multi-modal communication - Securing future communication across different sectors and technologies. SINTEF Rapport (2021:00314)
  Rapport
• Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation
  Vitenskapelig artikkel
• Bernsmed, Karin; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Iovan, Monica. (2021) Adopting threat modelling in agile software development projects. Journal of Systems and Software
  Vitenskapelig artikkel
• Nesheim, Dag Atle; Bernsmed, Karin; Zernichow, Bjørn Marius von; Rødseth, Ørnulf Jan; Meland, Per Håkon. (2021) Secure, Trustworthy and Efficient Information Exchange – Enabling Added Value through The Maritime Data Space and Public Key Infrastructure. Technische Universität Hamburg-Harburg
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Meland, Per Håkon; Sindre, Guttorm; Bernsmed, Karin; Jaccheri, Letizia. (2021) Storyless cyber security: Modelling threats with economic incentives. Doctoral theses at NTNU (329)
  Doktorgradsavhandling
• Grigoriadis, Christos; Papastergiou, Spyridon; Kotzanikolaou, Panayiotis; Douligeris, Christos; Dionysiou, Antreas; Elias, Athanasopoulos. (2021) Integrating and Validating Maritime Transport Security Services: Initial Results from the CS4EU Demonstrator. Association for Computing Machinery (ACM)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm. (2021) Assessing cyber threats for storyless systems. Journal of Information Security and Applications
  Vitenskapelig artikkel
• Bernsmed, Karin; Meland, Per Håkon; Wille, Egil; Borgaonkar, Ravishankar Bhaskarrao; Bour, Guillaume. (2021) Security challenges in multi-modal communication.
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle; Rødseth, Ørnulf Jan; Midtun, Birthe; Goff, Lacie Maura. (2021) Eksplosiv økning i cyberangrepsforsøk i maritim sektor under korona.
  Nettsider (opplysningsmateriale)
• Bour, Guillaume; Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao; Meland, Per Håkon. (2021) On the Certificate Revocation Problem in the Maritime Sector. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel
• JAATUN, Martin Gilje; Wille, Egil; Bernsmed, Karin; Kilskar, Stine Skaufel. (2021) Grunnprinsipper for IKT-sikkerhet i industrielle IKT-systemer. SINTEF Rapport (2021:00055)
  Rapport

2020

• Cruzes, Daniela Soares; Jaatun, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin. (2020) Sju steg til bedre programvaresikkerhet. ComputerWorld Norge
  Kronikk
• Rødseth, Ørnulf Jan; Frøystad, Christian; Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle. (2020) The need for a public key infrastructure for automated and autonomous ships. IOP Conference Series: Materials Science and Engineering
  Vitenskapelig artikkel
• Øien, Knut; Bernsmed, Karin; Petersen, Stig. (2020) Kommunikasjonssystemer for ekstern nødkommunikasjon. SINTEF akademisk forlag SINTEF Rapport (2020:01349)
  Rapport

2019

• Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian. (2019) Is a Smarter Grid Also Riskier?. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel
• Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for security. Information and Computer Security
  Vitenskapelig artikkel
• Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for cybersecurity requirements. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel
• Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Threat modelling and agile software development: Identified practice in four Norwegian organisations. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Rindell, Kalle; Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Managing Security in Software Or: How I Learned to Stop Worrying and Manage the Security Technical Debt. Association for Computing Machinery (ACM)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Jaatun, Martin Gilje; Bernsmed, Karin; Cruzes, Daniela Soares; Tøndel, Inger Anne. (2019) Threat Modeling in Modern Software Development. IGI Global
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2018

• Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2018) Safety Critical Software and Security - How Low Can You Go?. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne. (2018) Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. 2018 25th Australasian Software Engineering Conference (ASWEC)
  Vitenskapelig artikkel
• Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2018) Accountability Requirements in the Cloud Provider Chain. Symmetry
  Vitenskapelig artikkel
• Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan. (2018) Visualizing cyber security risks with bow-tie diagrams. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel

2017

• Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre. (2017) Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon. (2017) Protecting Future Maritime Communication. Association for Computing Machinery (ACM)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2017) Accountability requirements for the cloud. IEEE conference proceedings
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2016

• Bernsmed, Karin. (2016) Applying Privacy by Design in Software Engineering - An European Perspective. International Academy, Research and Industry Association (IARIA)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2015

• Nordland, Odd; Sujan, Mark Alexander; Koornneef, Floor; Bernsmed, Karin. (2015) Assurance requirements for networked medical sensor applications. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Benghabrit, Walid; Grall, Hervé; Royer, Jean Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2015) From regulatory obligations to enforceable accountability policies in the cloud. Communications in Computer and Information Science (CCIS)
  Vitenskapelig artikkel
• Gjære, Erlend Andreas; Jaatun, Martin Gilje; Meland, Per Håkon; Tøndel, Inger Anne; Bernsmed, Karin; Moe, Marie Elisabeth Gaup. (2015) Blogg fra SINTEF forskningsgruppe informasjonssikkerhet.
  Nettsider (opplysningsmateriale)
• Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin. (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK)
  Vitenskapelig artikkel
• Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2015) Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services . SINTEF Rapport (A27131)
  Rapport
• Jaatun, Martin Gilje; Cruzes, Daniela Soares; Bernsmed, Karin; Tøndel, Inger Anne; Røstad, Lillian. (2015) Software Security Maturity in Public Organisations. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel
• Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; De Oliveira, Anderson Santana; Sendor, Jakub. (2015) A-PPL: An accountability policy language. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel

2014

• Gjære, Erlend Andreas; Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2014) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
  Nettsider (opplysningsmateriale)
• Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2014) A Cloud Accountability Policy Representation Framework. SciTePress
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; Hon, W.K; Millard, Christopher. (2014) Deploying medical sensor networks in the cloud - Accountability obligations from a european perspective. IEEE conference proceedings
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; Fischer-Hübner, Simone. (2014) Secure IT Systems; 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings. Springer Lecture Notes in Computer Science (LNCS) (8788)
  Vitenskapelig antologi/Konferanseserie
• Bernsmed, Karin; Cruzes, Daniela Soares; Jaatun, Martin Gilje; Haugset, Børge; Gjære, Erlend Andreas. (2014) Healthcare Services in the Cloud -- Obstacles to Adoption, and a Way Forward. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Hove, Cathrine; Tårnes, Marte; Line, Maria Bartnes; Bernsmed, Karin. (2014) Information security incident management: Identified practice in large organizations. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin. (2014) Accountable Health Care Service Provisioning in the Cloud. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Bernsmed, Karin; Santana De Oliviera, Anderson. (2014) Abstract Accountability Language. Springer
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Castejon, Humberto Nicolas; Undheim, Astrid. (2014) Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers. International Journal of Cloud Computing
  Vitenskapelig artikkel
• Jaatun, Martin Gilje; Bernsmed, Karin; Rong, Chunming. (2014) Security Governance and SLAs in Cloud Computing. International Journal of Cloud Computing
  Leder

2013

• Bernsmed, Karin; Undheim, Astrid; Meland, Per Håkon; Jaatun, Martin Gilje. (2013) Towards an Ontology for Cloud Security Obligations. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Frtunic, Milena; Jovanovic, Filip; Gligorijvic, Mladen; Dordevic, Lazar; Janicijevic, Srecko; Meland, Per Håkon. (2013) CloudSurfer - A Cloud Broker Application for Security Concerns. SciTePress
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Meland, Per Håkon; Gjære, Erlend Andreas; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne; Jaatun, Martin Gilje; Line, Maria Bartnes. (2013) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
  Nettsider (opplysningsmateriale)
• Bernsmed, Karin; Tøndel, Inger Anne. (2013) Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2012

• JAATUN, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin; Nyre, Åsmund Ahlmann. (2012) Privacy Enhancing Technologies for Information Control. IGI Global
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; Jaatun, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2012) Thunder in the Clouds: Security Challenges and Solutions for Federated Clouds. IEEE conference proceedings
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Jaatun, Martin Gilje; Bernsmed, Karin; Undheim, Astrid. (2012) Security SLAs - An Idea Whose Time Has Come?. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel
• Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Undheim, Astrid; Castejon, Humberto Nicolas. (2012) Expressing Cloud Security Requirements in Deontic Contract Languages. SciTePress
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; Tøndel, Inger Anne; Nyre, Åsmund Ahlmann. (2012) Design and implementation of a CBR-based privacy agent. IEEE conference proceedings
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Line, Maria Bartnes; Jaatun, Martin Gilje; Tøndel, Inger Anne; Meland, Per Håkon; Jensen, Jostein; Gjære, Erlend Andreas. (2012) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
  Nettsider (opplysningsmateriale)

2011

• Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Learning Privacy Preferences. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Controlled Sharing of Personal Information in Android. NIKT: Norsk IKT-konferanse for forskning og utdanning
  Vitenskapelig artikkel
• Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian. (2011) A server-side approach to privacy policy matching. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje. (2011) User agents for matching privacy policies with user preferences. IEEE conference proceedings
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid. (2011) Security in Service Level Agreements for Cloud Computing. SciTePress
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Bernsmed, Karin; JAATUN, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2011) Security SLAs for Federated Cloud Services. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

2007

• Sallhammar, Karin. (2007) Stochastic Models for Combined Security and Dependability Evaluation. Doktoravhandlinger ved NTNU (2007:150)
  Doktorgradsavhandling
• Helvik, Bjarne Emil; Sallhammar, Karin; Knapskog, Svein Johan. (2007) Integrated Dependability and Security Evaluation Using Game Theory and Markov Models. Elsevier
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2007) A Framework for Predicting Security and Dependability Measures in Real-time. International Journal of Computer Science and Network Security
  Vitenskapelig artikkel

2006

• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) Towards a Stochastic Model for Integrated Security and Dependability Evaluation. IEEE (Institute of Electrical and Electronics Engineers)
  Annet
• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) On Stochastic Modeling for Integrated Security and Dependability Evaluation. Journal of Networks
  Vitenskapelig artikkel

2005

• Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Teaching Information Security by Software Laboratory Didactics.
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Houmb, Siv Hilde; Sallhammar, Karin. (2005) Modeling System Integrity of a Security Critical System Using Colored Petri Nets. WIT Press
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Using Stochastic Game Theory to Compute the Expected Behavior of Attackers. IEEE (Institute of Electrical and Electronics Engineers)
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2005) Incorporating Attacker Behavior in Stochastic Models of Security. CSREA Press
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
• Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Web security laboratory didactics. IADAT Journal of Advanced Technology
  Vitenskapelig artikkel
• Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Building a Stochastic Model for Security and Trust Assessment Evaluation. ERCIM News
  Vitenskapelig artikkel
• Årnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie Elisabeth Gaup; Knapskog, Svein Johan. (2005) Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. Lecture Notes in Computer Science (LNCS)
  Vitenskapelig artikkel

2004

• Sallhammar, Karin; Knapskog, Svein Johan. (2004) Using Game Theory in Stochastic Models for Quantifying Security.
  Vitenskapelig Kapittel/Artikkel/Konferanseartikkel