To main content

Maria Bartnes

Research Director

Maria Bartnes

Research Director

Maria Bartnes
Phone: +47 452 18 102
Department: Software Engineering, Safety and Security
Office: Trondheim

Publications and responsibilities

Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1470801

Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of ap...

Authors Gjertsen Eyvind Gaarder Bull Gjære Erlend Andreas Bartnes Maria Flores Waldo Rocha
Year 2017
Type Part of a book/report
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1405690

The electric power industry is currently implementing major technological changes in order to achieve the goal of smart grids. However, these changes are expected to increase the susceptibility of the industry to IT security incidents. IT security preparedness exercises are not commonly performed in...

Year 2017
Type Journal publication
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1404322

The ability to appropriately prepare for, and respond to, information security incidents, is of paramount importance, as it is impossible to prevent all possible incidents from occurring. Current trends show that the power and automation industry is an attractive target for hackers. A main challenge...

Year 2016
Type Journal publication
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1356207

Recent attacks and threat reports indicate that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factor...

Authors Bartnes Maria Moe Nils Brede Heegaard Poul Einar
Year 2016
Type Journal publication
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1321719

Industrial control organizations need to perform IT security preparedness exercises more frequently than today. However, limited support material currently exists. This paper presents a board game, Play2Prepare, which simulates a large scale attack on the electric power grid. The game consists of a ...

Authors Graffer Ingrid Bartnes Maria Bernsmed Karin
Year 2015
Type Journal publication
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1314390

This paper reports on the results of an interview study that surveyed current practices regarding information security incident management in small and large distribution system operators (DSOs) in the Norwegian electric power industry. The findings indicate that current risk perception and prepared...

Year 2015
Type Journal publication
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1245358

IT security preparedness exercises allow for practical collaborative training, which in turn leads to improved response capabilities to information security incidents for an organization. However, such exercises are not commonly performed in the electric power industry. We have observed a tabletop e...

Year 2015
Type Part of a book/report
Publication
https://www.sintef.no/en/publications/publication/?pubid=CRIStin+1223747

A rich selection of methods for information security risk assessments exist, but few studies evaluate how such methods are used, their perceived ease-of-use, and whether additional support is needed. Distribution system operators (DSOs) find it difficult to perform information security risk assessme...

Year 2015
Type Part of a book/report