Background and activities
I received my MSc from NTNU, Dept. of Telematics, in 2002, and my PhD from the same department in 2015. In my PhD project I studyed how Distribution System Operators (DSOs) in the power industry prepare for, and respond to, information security incidents in their IT and control systems. I was a research scientist at SINTEF ICT in Trondheim 2002-2015, and since 2015 I am responsible for information security for the SINTEF organization.
My scientific interests include:
- Incident management
- Risk assessments
For more information on my PhD project, please go to my webpage at the department.
Scientific, academic and artistic work
A selection of recent journal publications, artistic productions, books, including book and report excerpts. See all publications in the database
- (2016) Challenges in IT Security Preparedness Exercises: A Case Study. Computers & security (Print).
- (2016) The future of information security incident management training: A case study of electrical power companies. Computers & security (Print). vol. 61.
- (2016) Zebras and Lions: Better Incident Handling Through Improved Cooperation. Communications in Computer and Information Science. vol. 648.
- (2016) Examining the suitability of industrial safety management approaches for information security incident management. Information and Computer Security. vol. 24 (1).
- (2015) Current practices and challenges in industrial control organizations regarding information security incident management – Does size matter? Information security incident management in large and small industrial control organizations. International Journal of Critical Infrastructure Protection. vol. 12.
- (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK).
- (2014) Why securing smart grids is not just a straightforward consultancy exercise. Security and Communication Networks. vol. 7 (1).
- (2014) Information security incident management: Current practice as reported in the literature. Computers & security (Print). vol. 45.
- (2011) Personal Health Information on Display: Balancing Needs, Usability and Legislative Requirements. Studies in Health Technology and Informatics. vol. 169.
- (2011) A Risk-Based Evaluation of Group Access Control Approaches in a Healthcare Setting. Lecture Notes in Computer Science. vol. 6908.
- (2011) Cyber Security Challenges in Smart Grids. IEEE PES Innovative Smart Grid Technologies Conference Europe.
- (2010) Agile Software Development: The Straight and Narrow Path to Secure Software?. International Journal of Secure Software Engineering. vol. 1 (3).
- (2009) Secure Remote Access to Autonomous Safety Systems: A Good Practice Approach. International Journal of Autonomous and Adaptive Communications Systems. vol. 2 (3).
- (2008) A Study of Information Security Practice in a Critical Infrastructure Application. Lecture Notes in Computer Science. vol. 5060.
- (2007) CheckIT-- A program to measure and improve information security and safety culture. International Journal of Performability Engineering. vol. 3 (1).
- (2007) CheckIT - A Program to Measure and Improve Information Security and Safety Culture. International Journal of Performability Engineering. vol. 3 (1, part II).
- (2007) Check-IT - a Program to Measure and Improve Information Security and Safety Culture. International Journal of Performability Engineering. vol. 3 (1).
- (2006) Measurement and improvement of information security culture. Measurement and control (London. 1968). vol. 39.
Part of book/report
- (2015) Understanding Collaborative Challenges in IT Security Preparedness Exercises. ICT Systems Security and Privacy Protection : 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015, Proceedings.
- (2015) Assessing Information Security Risks of AMI: What Makes it so Difficult?. 1st International Conference on Information Systems Security and Privacy (ICISSP 2015), ESEO, Angers, Loire Valley - France, 9-11 February 2015.