Background and activities
I received my MSc from NTNU, Dept. of Telematics, in 2002. After graduation I started as a research scientist at SINTEF ICT in Trondheim. I still hold this position part-time while pursuing my PhD at NTNU. My PhD project is called Smart Grids as Critical Infrastructures, and I am studying how Distribution System Operators (DSOs) in the power industry prepare for, and respond to, information security incidents in their IT and control systems.
My scientific interests include:
- Incident management
- Risk assessments
For more information on my PhD project, please go to my webpage at the department.
Scientific, academic and artistic work
A selection of recent journal publications, artistic productions, books, including book and report excerpts. See all publications in the database
- (2014) Why securing smart grids is not just a straightforward consultancy exercise. Security and Communication Networks. vol. 7 (1).
- (2014) Information security incident management: Current practice as reported in the literature. Computers & security (Print). vol. 45.
- (2011) Personal Health Information on Display: Balancing Needs, Usability and Legislative Requirements. Studies in Health Technology and Informatics. vol. 169.
- (2011) A Risk-Based Evaluation of Group Access Control Approaches in a Healthcare Setting. Lecture Notes in Computer Science. vol. 6908.
- (2011) Cyber Security Challenges in Smart Grids. IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies.
- (2007) CheckIT-- A program to measure and improve information security and safety culture. International Journal of Performability Engineering. vol. 3 (1).
- (2007) Check-IT - a Program to Measure and Improve Information Security and Safety Culture. International Journal of Performability Engineering. vol. 3 (1).
- (2006) Measurement and improvement of information security culture. Measurement and control (London. 1968). vol. 39.
Part of book/report
- (2014) Information security incident management: Identified practice in large organizations. 8th International Conference on IT Security Incident Management and IT Forensics (IMF 2014), May 12-14, 2014, Münster, Germany.
- (2014) Information security incident management: Planning for failure. 8th International Conference on IT Security Incident Management and IT Forensics (IMF 2014), May 12-14, 2014, Münster, Germany.
- (2014) Targeted Attacks against Industrial Control Systems: Is the Power Industry Prepared?. CCS'14 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA — November 03 - 07, 2014 : SEGS '14 Proceedings of the 2nd Workshop on Smart Energy Grid Security.
- (2013) A Case Study: Preparing for the Smart Grids - Identifying Current Practice for Information Security Incident Management in the Power Industry. IMF 2013 - 7th International Conference on IT Security Incident Management and IT Forensics, Nürnberg, Germany, 12-14 March, 2013.
- (2013) A Study of Resilience within Information Security in the Power Industry. Proceedings from IEEE Africon 2013.
- (2013) Threat Modeling of AMI. Critical Information Infrastructures Security 7th International Workshop, CRITIS 2012, Lillehammer, Norway, September 17-18, 2012.
- (2012) Information and Communication Technology (ICT) – Enabling and Challenging Critical Infrastructure. Risk and Interdependencies in Critical Infrastructures. A Guideline for Analysis..
- (2006) Monitoring of Incident Response Management Performance. IT-Incident Management & IT-Forensics - IMF 2006.
- (2014) Informasjonssikkerhet og personvern: Støtte til risikoanalyse av AMS og tilgrensende systemer. 2014. ISBN 978-82-14-05363-0.
- (2012) Risikovurdering av AMS. Kartlegging av informasjonssikkerhetsmessige sårbarheter i AMS. 2012. ISBN 978-82-14-05280-0.