The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will increasingly depend on ICT components and systems. While adding functionality, ...

Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering proce...

In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be transferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to...

Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe Protection Poker, a tool for risk estimation to be used as part of the iterat...

Organizations recognize that protecting their assets against attacks is an important business. However, achieving what is adequate security requires taking bold steps to address security practices within the organization. In the Agile software development world, security engineering process is unacc...

The ability to appropriately prepare for, and respond to, information security incidents, is of paramount importance, as it is impossible to prevent all possible incidents from occurring. Current trends show that the power and automation industry is an attractive target for hackers. A main challenge...

This article focuses on the role of accountability within information management, particularly in cloud computing contexts. Key to this notion is that an accountable Cloud Provider must demonstrate both willingness and capacity for being a responsible steward of other people's data. More generally, ...

Cyber Security Incident Management is an emerging paradigm and capability within the aviation domain. To date, limited research has addressed the requirements and developed tangible solutions for the deployment of such a capability. This paper leverages good practice and experiences from other criti...