Background and activities
Karin Bernsmed is an Adjunct Associate Professor at the Department of information Security and Communication Technology since 2012. She also holds a permanent full-time position as a Senior Research Scientist at SINTEF Digital. She has a Ph.D. from the Norwegian University of Science and Technology on the topic security and dependability modelling and evaluation.
Karin has a long experience in cyber security threat and risk assessment, requirements engineering and design of secure and robust ICT systems in a number of different domains, including aviation, maritime and the energy sector. She is a certified ISO/IEC 27001 Lead Implementer.
TTM4185 - Security and robustness in ICT systems (since 2016)
TTM4120 - Dependable systems (2013)
Supervision of Master students
Jens Dovland, "Cyber influence operations in the Norwegian public debate", 2021.
Aleksander Walde og Einar Gaustad Hanus, "The feasibility of AIS- and GNSS-based attacks within the maritime industry", 2020.
Gaute Kleiven, "A holistic approach to e-mail security", 2019.
Nora Futsæter, "Best practices and motivational factors for security in startups", 2019.
Anders Nese, "Improving Security Posture by Learning from Intrusions", 2018.
Henrik Willett. "Security evaluation of communication interfaces on smart meters", 2018.
Isa Agnete Halmøy Fredriksen. "Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port", 2018.
Adrian Alexander Eriksen, "The Risks of Marine Cloud Computing", 2017.
Roy Skoglund, "Perceived Information Security in the Maritime Sector", 2017.
Kine Johnsrud, "The Challenges of Performing IT Security Preparedness Exercises in Organizations", 2016.
Maria Sørlie, "Identifying and evaluating security risk in software based telco", 2015.
Ingrid Graffer, "IT-sikkerhetsberedskapsøvelser i smartgrids", 2015.
- IIK6514 - Introduction to Cyber Security
- TTM4905 - Communication Technology, Master's Thesis
- TTM4185 - Security and robustness in ICT systems
- IIK6515 - Introduction to Cyber Security: Risk Management
- TTM4502 - Communication Technology, Specialization Project
Scientific, academic and artistic work
A selection of recent journal publications, artistic productions, books, including book and report excerpts. See all publications in the database
- (2022) An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects. Journal of Air Transport Management.
- (2021) Adopting threat modelling in agile software development projects. Journal of Systems and Software. vol. 183.
- (2021) On the Certificate Revocation Problem in the Maritime Sector. Lecture Notes in Computer Science (LNCS).
- (2021) A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation. vol. 15 (3).
- (2021) Assessing cyber threats for storyless systems. Journal of Information Security and Applications. vol. 64.
- (2021) A Systematic Mapping Study on Cyber Security Indicator Data. Electronics. vol. 10 (9).
- (2020) The need for a public key infrastructure for automated and autonomous ships. IOP Conference Series: Materials Science and Engineering. vol. 929.
- (2019) Is a Smarter Grid Also Riskier?. Lecture Notes in Computer Science (LNCS). vol. 11738.
- (2019) An experimental evaluation of bow-tie analysis for cybersecurity requirements. Lecture Notes in Computer Science (LNCS). vol. 11387.
- (2019) An experimental evaluation of bow-tie analysis for security. Information and Computer Security. vol. 26 (4).
- (2018) Visualizing cyber security risks with bow-tie diagrams. Lecture Notes in Computer Science (LNCS). vol. 10744.
- (2018) Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. 2018 25th Australasian Software Engineering Conference (ASWEC).
- (2018) Accountability Requirements in the Cloud Provider Chain. Symmetry. vol. 10 (4).
- (2015) A-PPL: An accountability policy language. Lecture Notes in Computer Science (LNCS). vol. 8872.
- (2015) From regulatory obligations to enforceable accountability policies in the cloud. Communications in Computer and Information Science. vol. 512.
- (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK).
- (2015) Software Security Maturity in Public Organisations. Lecture Notes in Computer Science (LNCS). vol. 9290.
- (2014) Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers. International Journal of Cloud Computing. vol. 3 (1).
- (2012) Security SLAs - An Idea Whose Time Has Come?. Lecture Notes in Computer Science (LNCS). vol. 7465.
- (2011) Controlled Sharing of Personal Information in Android. NIKT: Norsk IKT-konferanse for forskning og utdanning.