The modernisation of the power grid is ongoing, and the level of digitalisation of the power grid in, say, ten years may be quite different than today. Cyber security needs will change correspondingly. In this paper we utilise a qualitative research approach to explore misuse cases related to three ...

This paper documents the results of an empirical study of cyber incident response readiness in the Norwegian petroleum industry. The study addressed the Computer Emergency Response Team (CERT) capacity among various actors in the industry in handling critical cybersecurity incidents in industrial co...

Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have ina...

The use of IoT devices in the future electricity domain (known as the smart grid) has numerous benefits, such as improved reliability of the power system, enhanced functions of SCADA (Supervisory Control and Data Acquisition), improved monitoring and management of operational power grid assets, and ...

Threat modelling is considered a key activity in secure software engineering. However, despite its documented benefits it has not (yet) been widely adopted by agile software development projects. In this paper we present results from a qualitative study of how it is performed in practice by four dif...

If the cloud is just someone else's computer, securing forensic evidence in case of a breach can be tricky. A blockchain-based distributed ledger could contribute to solve this problem, provided the required forensic information finds its way onto the blockchain. In this paper we sketch how blockcha...

Software in the cloud is predominantly developed using agile methodologies, where practices such as continuous deployment and DevOps contribute to increased speed and quick turnarounds. This increased speed does however require additional focus on software security in order to avoid security bugs an...