Karin Bernsmed

About

Karin Bernsmed is an Adjunct Associate Professor at the Department of information Security and Communication Technology since 2012. She also holds a permanent full-time position as a Senior Research Scientist at SINTEF Digital. She has a Ph.D. from the Norwegian University of Science and Technology on the topic security and dependability modelling and evaluation.

Karin has a long experience in cyber security threat and risk assessment, requirements engineering and design of secure and robust ICT systems in a number of different domains, including aviation, maritime and the energy sector. She is a certified ISO/IEC 27001 Lead Implementer.

Teaching

TTM4185 - Security and robustness in ICT systems (since 2016)

TTM4120 - Dependable systems (2013)

Supervision of Master students

Jens Dovland, "Cyber influence operations in the Norwegian public debate", 2021.

Aleksander Walde og Einar Gaustad Hanus, "The feasibility of AIS- and GNSS-based attacks within the maritime industry", 2020.

Gaute Kleiven, "A holistic approach to e-mail security", 2019.

Nora Futsæter, "Best practices and motivational factors for security in startups", 2019.

Anders Nese, "Improving Security Posture by Learning from Intrusions", 2018.

Henrik Willett. "Security evaluation of communication interfaces on smart meters", 2018.

Isa Agnete Halmøy Fredriksen. "Cyber Security in Smart Meters: Vulnerability Investigation in the Home Area Network Port", 2018.

Adrian Alexander Eriksen, "The Risks of Marine Cloud Computing", 2017.

Roy Skoglund, "Perceived Information Security in the Maritime Sector", 2017.

Kine Johnsrud, "The Challenges of Performing IT Security Preparedness Exercises in Organizations", 2016.

Maria Sørlie, "Identifying and evaluating security risk in software based telco", 2015.

Ingrid Graffer, "IT-sikkerhetsberedskapsøvelser i smartgrids", 2015.

Publications

2023

Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje. (2023) A continuous OT cybersecurity risk analysis and Mitigation process. Research Publishing Services
Academic chapter/article/Conference paper
Okstad, Eivind Halvard; Bains, Robert; Mewcha, Abera Hailu; Flå, Lars Halvdan; Bernsmed, Karin Elisabeth. (2023) Cybersecurity in railway - alternatives of independent assessors’ involvement in cybersecurity assurance. Research Publishing Services
Academic chapter/article/Conference paper

2022

Bernsmed, Karin; Bour, Guillaume; Lundgren, Martin; Bergström, Erik. (2022) An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects. Journal of Air Transport Management
Academic article

2021

Meland, Per Håkon; Tokas, Shukun; Erdogan, Gencer; Bernsmed, Karin; Omerovic, Aida. (2021) A Systematic Mapping Study on Cyber Security Indicator Data. Electronics
Academic literature review
Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao. (2021) D2.3 CySiMS Cyber Event Exercise Handbook. SINTEF Rapport (2021:00319)
Report
Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) D2.2 Updated cyber risk assessment for the maritime industry. SINTEF Rapport (2021:00341)
Report
Bernsmed, Karin; Bour, Guillaume; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao; Wille, Egil. (2021) D4.3 Multi-modal communication - Securing future communication across different sectors and technologies. SINTEF Rapport (2021:00314)
Report
Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation
Academic article
Bernsmed, Karin; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Iovan, Monica. (2021) Adopting threat modelling in agile software development projects. Journal of Systems and Software
Academic article
Nesheim, Dag Atle; Bernsmed, Karin; Zernichow, Bjørn Marius von; Rødseth, Ørnulf Jan; Meland, Per Håkon. (2021) Secure, Trustworthy and Efficient Information Exchange – Enabling Added Value through The Maritime Data Space and Public Key Infrastructure. Technische Universität Hamburg-Harburg
Academic chapter/article/Conference paper
Meland, Per Håkon; Sindre, Guttorm; Bernsmed, Karin; Jaccheri, Letizia. (2021) Storyless cyber security: Modelling threats with economic incentives. Doctoral theses at NTNU (329)
Doctoral dissertation
Grigoriadis, Christos; Papastergiou, Spyridon; Kotzanikolaou, Panayiotis; Douligeris, Christos; Dionysiou, Antreas; Elias, Athanasopoulos. (2021) Integrating and Validating Maritime Transport Security Services: Initial Results from the CS4EU Demonstrator. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm. (2021) Assessing cyber threats for storyless systems. Journal of Information Security and Applications
Academic article
Bernsmed, Karin; Meland, Per Håkon; Wille, Egil; Borgaonkar, Ravishankar Bhaskarrao; Bour, Guillaume. (2021) Security challenges in multi-modal communication.
Academic chapter/article/Conference paper
Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle; Rødseth, Ørnulf Jan; Midtun, Birthe; Goff, Lacie Maura. (2021) Eksplosiv økning i cyberangrepsforsøk i maritim sektor under korona.
Website (informational material)
Bour, Guillaume; Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao; Meland, Per Håkon. (2021) On the Certificate Revocation Problem in the Maritime Sector. Lecture Notes in Computer Science (LNCS)
Academic article
JAATUN, Martin Gilje; Wille, Egil; Bernsmed, Karin; Kilskar, Stine Skaufel. (2021) Grunnprinsipper for IKT-sikkerhet i industrielle IKT-systemer. SINTEF Rapport (2021:00055)
Report

2020

Cruzes, Daniela Soares; Jaatun, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin. (2020) Sju steg til bedre programvaresikkerhet. ComputerWorld Norge
Feature article
Rødseth, Ørnulf Jan; Frøystad, Christian; Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle. (2020) The need for a public key infrastructure for automated and autonomous ships. IOP Conference Series: Materials Science and Engineering
Academic article
Øien, Knut; Bernsmed, Karin; Petersen, Stig. (2020) Kommunikasjonssystemer for ekstern nødkommunikasjon. SINTEF akademisk forlag SINTEF Rapport (2020:01349)
Report

2019

Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian. (2019) Is a Smarter Grid Also Riskier?. Lecture Notes in Computer Science (LNCS)
Academic article
Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for security. Information and Computer Security
Academic article
Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for cybersecurity requirements. Lecture Notes in Computer Science (LNCS)
Academic article
Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Threat modelling and agile software development: Identified practice in four Norwegian organisations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Rindell, Kalle; Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Managing Security in Software Or: How I Learned to Stop Worrying and Manage the Security Technical Debt. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Jaatun, Martin Gilje; Bernsmed, Karin; Cruzes, Daniela Soares; Tøndel, Inger Anne. (2019) Threat Modeling in Modern Software Development. IGI Global
Academic chapter/article/Conference paper

2018

Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2018) Safety Critical Software and Security - How Low Can You Go?. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne. (2018) Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. 2018 25th Australasian Software Engineering Conference (ASWEC)
Academic article
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2018) Accountability Requirements in the Cloud Provider Chain. Symmetry
Academic article
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan. (2018) Visualizing cyber security risks with bow-tie diagrams. Lecture Notes in Computer Science (LNCS)
Academic article

2017

Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre. (2017) Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon. (2017) Protecting Future Maritime Communication. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2017) Accountability requirements for the cloud. IEEE conference proceedings
Academic chapter/article/Conference paper

2016

Bernsmed, Karin. (2016) Applying Privacy by Design in Software Engineering - An European Perspective. International Academy, Research and Industry Association (IARIA)
Academic chapter/article/Conference paper

2015

Nordland, Odd; Sujan, Mark Alexander; Koornneef, Floor; Bernsmed, Karin. (2015) Assurance requirements for networked medical sensor applications. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Benghabrit, Walid; Grall, Hervé; Royer, Jean Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2015) From regulatory obligations to enforceable accountability policies in the cloud. Communications in Computer and Information Science (CCIS)
Academic article
Gjære, Erlend Andreas; Jaatun, Martin Gilje; Meland, Per Håkon; Tøndel, Inger Anne; Bernsmed, Karin; Moe, Marie Elisabeth Gaup. (2015) Blogg fra SINTEF forskningsgruppe informasjonssikkerhet.
Website (informational material)
Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin. (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK)
Academic article
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2015) Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services . SINTEF Rapport (A27131)
Report
Jaatun, Martin Gilje; Cruzes, Daniela Soares; Bernsmed, Karin; Tøndel, Inger Anne; Røstad, Lillian. (2015) Software Security Maturity in Public Organisations. Lecture Notes in Computer Science (LNCS)
Academic article
Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; De Oliveira, Anderson Santana; Sendor, Jakub. (2015) A-PPL: An accountability policy language. Lecture Notes in Computer Science (LNCS)
Academic article

2014

Gjære, Erlend Andreas; Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2014) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)
Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2014) A Cloud Accountability Policy Representation Framework. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; Hon, W.K; Millard, Christopher. (2014) Deploying medical sensor networks in the cloud - Accountability obligations from a european perspective. IEEE conference proceedings
Academic chapter/article/Conference paper
Bernsmed, Karin; Fischer-Hübner, Simone. (2014) Secure IT Systems; 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings. Springer Lecture Notes in Computer Science (LNCS) (8788)
Academic anthology/Conference proceedings
Bernsmed, Karin; Cruzes, Daniela Soares; Jaatun, Martin Gilje; Haugset, Børge; Gjære, Erlend Andreas. (2014) Healthcare Services in the Cloud -- Obstacles to Adoption, and a Way Forward. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Hove, Cathrine; Tårnes, Marte; Line, Maria Bartnes; Bernsmed, Karin. (2014) Information security incident management: Identified practice in large organizations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bernsmed, Karin. (2014) Accountable Health Care Service Provisioning in the Cloud. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Bernsmed, Karin; Santana De Oliviera, Anderson. (2014) Abstract Accountability Language. Springer
Academic chapter/article/Conference paper
Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Castejon, Humberto Nicolas; Undheim, Astrid. (2014) Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers. International Journal of Cloud Computing
Academic article
Jaatun, Martin Gilje; Bernsmed, Karin; Rong, Chunming. (2014) Security Governance and SLAs in Cloud Computing. International Journal of Cloud Computing
Editorial

2013

Bernsmed, Karin; Undheim, Astrid; Meland, Per Håkon; Jaatun, Martin Gilje. (2013) Towards an Ontology for Cloud Security Obligations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Frtunic, Milena; Jovanovic, Filip; Gligorijvic, Mladen; Dordevic, Lazar; Janicijevic, Srecko; Meland, Per Håkon. (2013) CloudSurfer - A Cloud Broker Application for Security Concerns. SciTePress
Academic chapter/article/Conference paper
Meland, Per Håkon; Gjære, Erlend Andreas; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne; Jaatun, Martin Gilje; Line, Maria Bartnes. (2013) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)
Bernsmed, Karin; Tøndel, Inger Anne. (2013) Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper

2012

JAATUN, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin; Nyre, Åsmund Ahlmann. (2012) Privacy Enhancing Technologies for Information Control. IGI Global
Academic chapter/article/Conference paper
Bernsmed, Karin; Jaatun, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2012) Thunder in the Clouds: Security Challenges and Solutions for Federated Clouds. IEEE conference proceedings
Academic chapter/article/Conference paper
Jaatun, Martin Gilje; Bernsmed, Karin; Undheim, Astrid. (2012) Security SLAs - An Idea Whose Time Has Come?. Lecture Notes in Computer Science (LNCS)
Academic article
Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Undheim, Astrid; Castejon, Humberto Nicolas. (2012) Expressing Cloud Security Requirements in Deontic Contract Languages. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; Tøndel, Inger Anne; Nyre, Åsmund Ahlmann. (2012) Design and implementation of a CBR-based privacy agent. IEEE conference proceedings
Academic chapter/article/Conference paper
Line, Maria Bartnes; Jaatun, Martin Gilje; Tøndel, Inger Anne; Meland, Per Håkon; Jensen, Jostein; Gjære, Erlend Andreas. (2012) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)

2011

Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Learning Privacy Preferences. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Controlled Sharing of Personal Information in Android. NIKT: Norsk IKT-konferanse for forskning og utdanning
Academic article
Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian. (2011) A server-side approach to privacy policy matching. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bernsmed, Karin; Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje. (2011) User agents for matching privacy policies with user preferences. IEEE conference proceedings
Academic chapter/article/Conference paper
Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid. (2011) Security in Service Level Agreements for Cloud Computing. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; JAATUN, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2011) Security SLAs for Federated Cloud Services. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper

2007

Sallhammar, Karin. (2007) Stochastic Models for Combined Security and Dependability Evaluation. Doktoravhandlinger ved NTNU (2007:150)
Doctoral dissertation
Helvik, Bjarne Emil; Sallhammar, Karin; Knapskog, Svein Johan. (2007) Integrated Dependability and Security Evaluation Using Game Theory and Markov Models. Elsevier
Academic chapter/article/Conference paper
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2007) A Framework for Predicting Security and Dependability Measures in Real-time. International Journal of Computer Science and Network Security
Academic article

2006

Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) Towards a Stochastic Model for Integrated Security and Dependability Evaluation. IEEE (Institute of Electrical and Electronics Engineers)
Other
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) On Stochastic Modeling for Integrated Security and Dependability Evaluation. Journal of Networks
Academic article

2005

Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Teaching Information Security by Software Laboratory Didactics.
Academic chapter/article/Conference paper
Houmb, Siv Hilde; Sallhammar, Karin. (2005) Modeling System Integrity of a Security Critical System Using Colored Petri Nets. WIT Press
Academic chapter/article/Conference paper
Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Using Stochastic Game Theory to Compute the Expected Behavior of Attackers. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2005) Incorporating Attacker Behavior in Stochastic Models of Security. CSREA Press
Academic chapter/article/Conference paper
Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Web security laboratory didactics. IADAT Journal of Advanced Technology
Academic article
Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Building a Stochastic Model for Security and Trust Assessment Evaluation. ERCIM News
Academic article
Årnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie Elisabeth Gaup; Knapskog, Svein Johan. (2005) Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. Lecture Notes in Computer Science (LNCS)
Academic article

2004

Sallhammar, Karin; Knapskog, Svein Johan. (2004) Using Game Theory in Stochastic Models for Quantifying Security.
Academic chapter/article/Conference paper

Journal publications

Bernsmed, Karin; Bour, Guillaume; Lundgren, Martin; Bergström, Erik. (2022) An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects. Journal of Air Transport Management
Academic article
Meland, Per Håkon; Tokas, Shukun; Erdogan, Gencer; Bernsmed, Karin; Omerovic, Aida. (2021) A Systematic Mapping Study on Cyber Security Indicator Data. Electronics
Academic literature review
Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation
Academic article
Bernsmed, Karin; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Iovan, Monica. (2021) Adopting threat modelling in agile software development projects. Journal of Systems and Software
Academic article
Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm. (2021) Assessing cyber threats for storyless systems. Journal of Information Security and Applications
Academic article
Bour, Guillaume; Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao; Meland, Per Håkon. (2021) On the Certificate Revocation Problem in the Maritime Sector. Lecture Notes in Computer Science (LNCS)
Academic article
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin. (2020) Sju steg til bedre programvaresikkerhet. ComputerWorld Norge
Feature article
Rødseth, Ørnulf Jan; Frøystad, Christian; Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle. (2020) The need for a public key infrastructure for automated and autonomous ships. IOP Conference Series: Materials Science and Engineering
Academic article
Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian. (2019) Is a Smarter Grid Also Riskier?. Lecture Notes in Computer Science (LNCS)
Academic article
Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for security. Information and Computer Security
Academic article
Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for cybersecurity requirements. Lecture Notes in Computer Science (LNCS)
Academic article
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne. (2018) Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. 2018 25th Australasian Software Engineering Conference (ASWEC)
Academic article
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2018) Accountability Requirements in the Cloud Provider Chain. Symmetry
Academic article
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan. (2018) Visualizing cyber security risks with bow-tie diagrams. Lecture Notes in Computer Science (LNCS)
Academic article
Benghabrit, Walid; Grall, Hervé; Royer, Jean Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2015) From regulatory obligations to enforceable accountability policies in the cloud. Communications in Computer and Information Science (CCIS)
Academic article
Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin. (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK)
Academic article
Jaatun, Martin Gilje; Cruzes, Daniela Soares; Bernsmed, Karin; Tøndel, Inger Anne; Røstad, Lillian. (2015) Software Security Maturity in Public Organisations. Lecture Notes in Computer Science (LNCS)
Academic article
Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; De Oliveira, Anderson Santana; Sendor, Jakub. (2015) A-PPL: An accountability policy language. Lecture Notes in Computer Science (LNCS)
Academic article
Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Castejon, Humberto Nicolas; Undheim, Astrid. (2014) Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers. International Journal of Cloud Computing
Academic article
Jaatun, Martin Gilje; Bernsmed, Karin; Rong, Chunming. (2014) Security Governance and SLAs in Cloud Computing. International Journal of Cloud Computing
Editorial
Jaatun, Martin Gilje; Bernsmed, Karin; Undheim, Astrid. (2012) Security SLAs - An Idea Whose Time Has Come?. Lecture Notes in Computer Science (LNCS)
Academic article
Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Controlled Sharing of Personal Information in Android. NIKT: Norsk IKT-konferanse for forskning og utdanning
Academic article
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2007) A Framework for Predicting Security and Dependability Measures in Real-time. International Journal of Computer Science and Network Security
Academic article
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) On Stochastic Modeling for Integrated Security and Dependability Evaluation. Journal of Networks
Academic article
Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Web security laboratory didactics. IADAT Journal of Advanced Technology
Academic article
Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Building a Stochastic Model for Security and Trust Assessment Evaluation. ERCIM News
Academic article
Årnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie Elisabeth Gaup; Knapskog, Svein Johan. (2005) Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. Lecture Notes in Computer Science (LNCS)
Academic article

Books

Bernsmed, Karin; Fischer-Hübner, Simone. (2014) Secure IT Systems; 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings. Springer Lecture Notes in Computer Science (LNCS) (8788)
Academic anthology/Conference proceedings

Part of book/report

Hanssen, Geir Kjetil; Thieme, Christoph Alexander; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje. (2023) A continuous OT cybersecurity risk analysis and Mitigation process. Research Publishing Services
Academic chapter/article/Conference paper
Okstad, Eivind Halvard; Bains, Robert; Mewcha, Abera Hailu; Flå, Lars Halvdan; Bernsmed, Karin Elisabeth. (2023) Cybersecurity in railway - alternatives of independent assessors’ involvement in cybersecurity assurance. Research Publishing Services
Academic chapter/article/Conference paper
Nesheim, Dag Atle; Bernsmed, Karin; Zernichow, Bjørn Marius von; Rødseth, Ørnulf Jan; Meland, Per Håkon. (2021) Secure, Trustworthy and Efficient Information Exchange – Enabling Added Value through The Maritime Data Space and Public Key Infrastructure. Technische Universität Hamburg-Harburg
Academic chapter/article/Conference paper
Grigoriadis, Christos; Papastergiou, Spyridon; Kotzanikolaou, Panayiotis; Douligeris, Christos; Dionysiou, Antreas; Elias, Athanasopoulos. (2021) Integrating and Validating Maritime Transport Security Services: Initial Results from the CS4EU Demonstrator. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Bernsmed, Karin; Meland, Per Håkon; Wille, Egil; Borgaonkar, Ravishankar Bhaskarrao; Bour, Guillaume. (2021) Security challenges in multi-modal communication.
Academic chapter/article/Conference paper
Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Threat modelling and agile software development: Identified practice in four Norwegian organisations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Rindell, Kalle; Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Managing Security in Software Or: How I Learned to Stop Worrying and Manage the Security Technical Debt. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Jaatun, Martin Gilje; Bernsmed, Karin; Cruzes, Daniela Soares; Tøndel, Inger Anne. (2019) Threat Modeling in Modern Software Development. IGI Global
Academic chapter/article/Conference paper
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2018) Safety Critical Software and Security - How Low Can You Go?. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre. (2017) Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon. (2017) Protecting Future Maritime Communication. Association for Computing Machinery (ACM)
Academic chapter/article/Conference paper
Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2017) Accountability requirements for the cloud. IEEE conference proceedings
Academic chapter/article/Conference paper
Bernsmed, Karin. (2016) Applying Privacy by Design in Software Engineering - An European Perspective. International Academy, Research and Industry Association (IARIA)
Academic chapter/article/Conference paper
Nordland, Odd; Sujan, Mark Alexander; Koornneef, Floor; Bernsmed, Karin. (2015) Assurance requirements for networked medical sensor applications. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar. (2014) A Cloud Accountability Policy Representation Framework. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; Hon, W.K; Millard, Christopher. (2014) Deploying medical sensor networks in the cloud - Accountability obligations from a european perspective. IEEE conference proceedings
Academic chapter/article/Conference paper
Bernsmed, Karin; Cruzes, Daniela Soares; Jaatun, Martin Gilje; Haugset, Børge; Gjære, Erlend Andreas. (2014) Healthcare Services in the Cloud -- Obstacles to Adoption, and a Way Forward. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Hove, Cathrine; Tårnes, Marte; Line, Maria Bartnes; Bernsmed, Karin. (2014) Information security incident management: Identified practice in large organizations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bernsmed, Karin. (2014) Accountable Health Care Service Provisioning in the Cloud. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Benghabrit, Walid; Grall, Hervé; Royer, Jean-Claude; Sellami, Mohamed; Bernsmed, Karin; Santana De Oliviera, Anderson. (2014) Abstract Accountability Language. Springer
Academic chapter/article/Conference paper
Bernsmed, Karin; Undheim, Astrid; Meland, Per Håkon; Jaatun, Martin Gilje. (2013) Towards an Ontology for Cloud Security Obligations. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Frtunic, Milena; Jovanovic, Filip; Gligorijvic, Mladen; Dordevic, Lazar; Janicijevic, Srecko; Meland, Per Håkon. (2013) CloudSurfer - A Cloud Broker Application for Security Concerns. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; Tøndel, Inger Anne. (2013) Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
JAATUN, Martin Gilje; Tøndel, Inger Anne; Bernsmed, Karin; Nyre, Åsmund Ahlmann. (2012) Privacy Enhancing Technologies for Information Control. IGI Global
Academic chapter/article/Conference paper
Bernsmed, Karin; Jaatun, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2012) Thunder in the Clouds: Security Challenges and Solutions for Federated Clouds. IEEE conference proceedings
Academic chapter/article/Conference paper
Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Undheim, Astrid; Castejon, Humberto Nicolas. (2012) Expressing Cloud Security Requirements in Deontic Contract Languages. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; Tøndel, Inger Anne; Nyre, Åsmund Ahlmann. (2012) Design and implementation of a CBR-based privacy agent. IEEE conference proceedings
Academic chapter/article/Conference paper
Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Learning Privacy Preferences. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian. (2011) A server-side approach to privacy policy matching. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Bernsmed, Karin; Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje. (2011) User agents for matching privacy policies with user preferences. IEEE conference proceedings
Academic chapter/article/Conference paper
Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid. (2011) Security in Service Level Agreements for Cloud Computing. SciTePress
Academic chapter/article/Conference paper
Bernsmed, Karin; JAATUN, Martin Gilje; Meland, Per Håkon; Undheim, Astrid. (2011) Security SLAs for Federated Cloud Services. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Helvik, Bjarne Emil; Sallhammar, Karin; Knapskog, Svein Johan. (2007) Integrated Dependability and Security Evaluation Using Game Theory and Markov Models. Elsevier
Academic chapter/article/Conference paper
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) Towards a Stochastic Model for Integrated Security and Dependability Evaluation. IEEE (Institute of Electrical and Electronics Engineers)
Other
Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Teaching Information Security by Software Laboratory Didactics.
Academic chapter/article/Conference paper
Houmb, Siv Hilde; Sallhammar, Karin. (2005) Modeling System Integrity of a Security Critical System Using Colored Petri Nets. WIT Press
Academic chapter/article/Conference paper
Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Using Stochastic Game Theory to Compute the Expected Behavior of Attackers. IEEE (Institute of Electrical and Electronics Engineers)
Academic chapter/article/Conference paper
Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2005) Incorporating Attacker Behavior in Stochastic Models of Security. CSREA Press
Academic chapter/article/Conference paper
Sallhammar, Karin; Knapskog, Svein Johan. (2004) Using Game Theory in Stochastic Models for Quantifying Security.
Academic chapter/article/Conference paper

Report

Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao. (2021) D2.3 CySiMS Cyber Event Exercise Handbook. SINTEF Rapport (2021:00319)
Report
Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle. (2021) D2.2 Updated cyber risk assessment for the maritime industry. SINTEF Rapport (2021:00341)
Report
Bernsmed, Karin; Bour, Guillaume; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao; Wille, Egil. (2021) D4.3 Multi-modal communication - Securing future communication across different sectors and technologies. SINTEF Rapport (2021:00314)
Report
Meland, Per Håkon; Sindre, Guttorm; Bernsmed, Karin; Jaccheri, Letizia. (2021) Storyless cyber security: Modelling threats with economic incentives. Doctoral theses at NTNU (329)
Doctoral dissertation
JAATUN, Martin Gilje; Wille, Egil; Bernsmed, Karin; Kilskar, Stine Skaufel. (2021) Grunnprinsipper for IKT-sikkerhet i industrielle IKT-systemer. SINTEF Rapport (2021:00055)
Report
Øien, Knut; Bernsmed, Karin; Petersen, Stig. (2020) Kommunikasjonssystemer for ekstern nødkommunikasjon. SINTEF akademisk forlag SINTEF Rapport (2020:01349)
Report
Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje. (2015) Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services . SINTEF Rapport (A27131)
Report
Sallhammar, Karin. (2007) Stochastic Models for Combined Security and Dependability Evaluation. Doktoravhandlinger ved NTNU (2007:150)
Doctoral dissertation

INFORMASJONSMATR

Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle; Rødseth, Ørnulf Jan; Midtun, Birthe; Goff, Lacie Maura. (2021) Eksplosiv økning i cyberangrepsforsøk i maritim sektor under korona.
Website (informational material)
Gjære, Erlend Andreas; Jaatun, Martin Gilje; Meland, Per Håkon; Tøndel, Inger Anne; Bernsmed, Karin; Moe, Marie Elisabeth Gaup. (2015) Blogg fra SINTEF forskningsgruppe informasjonssikkerhet.
Website (informational material)
Gjære, Erlend Andreas; Tøndel, Inger Anne; Jaatun, Martin Gilje; Meland, Per Håkon; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2014) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)
Meland, Per Håkon; Gjære, Erlend Andreas; Nyre, Åsmund Ahlmann; Tøndel, Inger Anne; Jaatun, Martin Gilje; Line, Maria Bartnes. (2013) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)
Line, Maria Bartnes; Jaatun, Martin Gilje; Tøndel, Inger Anne; Meland, Per Håkon; Jensen, Jostein; Gjære, Erlend Andreas. (2012) Infosec - Blogg fra faggruppe for informasjonssikkerhet, SINTEF IKT.
Website (informational material)

Teaching

Courses

Media

2023

Academic lecture

Thieme, Christoph Alexander; Hanssen, Geir Kjetil; Bjarkø, Andrea Vik; Lundteigen, Mary Ann; Bernsmed, Karin Elisabeth; Jaatun, Martin Gilje. (2023) A continuous cybersecurity risk analysis and mitigation process. Mário P. Brito, Terje Aven, Piero Baraldi, Marko Čepin and Enrico Zio 33rd European Safety and Reliability Conference (ESREL 2023) , Southampton 2023-09-03 - 2023-09-07

2021

Academic lecture

Nesheim, Dag Atle; Bernsmed, Karin; Zernichow, Bjørn Marius von; Rødseth, Ørnulf Jan; Meland, Per Håkon. (2021) Secure, Trustworthy and Efficient Information Exchange – Enabling Added Value through the Maritime Data Space and Public Key Infrastructure. Hamburg University of Technology, COMPIT’21 - 20th Conference on Computer and IT Applications in the Maritime Industries 2021-08-09 - 2021-08-10
Lecture

Nesheim, Dag Atle; Bernsmed, Karin; Zernichow, Bjørn Marius von; Rødseth, Ørnulf Jan; Meland, Per Håkon. (2021) Secure, Trustworthy and Efficient Information Exchange – Enabling Added Value through The Maritime Data Space and Public Key Infrastructure. Computer Applications and Information Technology in the Maritime Industries 20th International Conference on Computer Applications and Information Technology in the Maritime Industries , Mülheim, Tyskland 2021-08-09 - 2021-08-10

2019

Poster

Bernsmed, Karin; Bour, Guillaume. (2019) Ensuring ATM cyber security by applying SecRAM. SESAr Innovation Days 2019-12-03 - 2019-12-05
Lecture

Bernsmed, Karin. (2019) Sikre løsninger for digital kommunikasjonen mellom fly og bakke. ISF Sikkerhetsfestivalen 2019 , Lillehammer 2019-08-26 - 2019-08-28
Lecture

Bernsmed, Karin. (2019) The CySiMS PKI. SESAME2 STM + CySiMS workshop 2019-08-13 - 2019-08-13

2018

Lecture

Bernsmed, Karin. (2018) Hjelp vi flyr!. Den Norske Dataforening Sikkerhet & sårbarhet 2018 , Trondheim 2018-05-08 - 2018-05-09

2017

Popular scientific lecture

Bernsmed, Karin. (2017) Clear skies ahead: re(se)a(r)ch for the sky. Jenteprosjektet ADA, NTNU PhD-fest , Trondheim 2017-03-01 - 2017-03-01

2014

Poster

Bernsmed, Karin. (2014) OPTET: Secure and trustworty services. University of Tromsø NordSec 2014 , Tromsø 2014-10-15 - 2014-10-17
Lecture

Bernsmed, Karin. (2014) Medisinske sensordata i skyen: Vi tar ansvaret!. Den Norske Dataforening Helsedata i skyen: Friskt tiltak eller helt sykt? , Trondheim 2014-02-25 - 2014-02-25
Academic lecture

Bernsmed, Karin. (2014) Security, privacy and accountability in cloud-based medical sensor networks. TU Delft International workshop on safety & security of (wireless) medical sensor networks , Delft, the Netherlands 2014-01-21 -

2013

Lecture

Bernsmed, Karin. (2013) Hvordan vet vi at dataene er trygge?. Telenor Research and Innovation Cloud computing , Oslo 2013-06-06 - 2013-06-06

2012

Popular scientific lecture

Bernsmed, Karin. (2012) Cloud Computing. Juristenes Utdanningssenter Det årlige IKT-rettskurset , Sandefjord 2012-02-15 - 2012-02-16

2011

Popular scientific lecture

Bernsmed, Karin. (2011) Days of Thunder: Security challenges in the Clouds. Telenor Telenor Cloud Security Workshop , Oslo 2011-11-30 - 2011-11-30

2010

Lecture

Bernsmed, Karin. (2010) Security in Cloud Computing. Telenor Telenor Cloud Computing Workshop 2010-11-09 - 2010-11-09

2006

Academic lecture

Sallhammar, Karin. (2006) Towards a Stochastic Model for Integrated Security and Dependability Evaluation. The First International Conference on Availability, Reliability and Security (AReS 2006) , Vienna 2006-04-20 - 2006-04-22
Academic lecture

Årnes, Andre; Sallhammar, Karin; Haslum, Kjetil; Knapskog, Svein Johan. (2006) Real-time Risk Assessment with Network Sensors and Hidden Markov Models. Linköping Univeristet 11th Nordic Workshop on Secure IT Systems , Linköping 2006-10-19 - 2006-10-20
Academic lecture

Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) A Game-theoretic Approach to Stochastic Security and Dependability Evaluation. The 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06) , Indiana 2006-09-29 - 2006-10-01

2005

Academic lecture

Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Using Stochastic Game Theory to Compute the Expected Behavior of Attackers. The International Symposium on Applications and the Internet (SAINT 2005) Workshops , Trento 2005-02-01 - 2005-02-03
Poster

Sallhammar, Karin. (2005) Stochastic models for security assessment. CIRM Spring School on Security , Marseille 2005-04-25 - 2005-04-29
Academic lecture

Årnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie Elisabeth Gaup; Knapskog, Svein Johan. (2005) Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. 2005 International Conference on Computational Intelligence and Security (CIS-05) , Xi'an 2005-12-15 - 2005-12-19
Academic lecture

Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Teaching Information Security by Software Laboratory Didactics. IADAT IADAT-e2005 International Conference on Education , Biarritz 2005-07-07 - 2005-07-09
Academic lecture

Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2005) Incorporating Attacker Behavior in Stochastic Models of Security. Proceedings of the 2005 International Conference on Security and Management (SAM'05) , Las Vegas 2005-06-20 - 2005-06-22
Academic lecture

Houmb, Siv Hilde; Sallhammar, Karin. (2005) Modeling System Integrity of a Security Critical System Using Colored Petri Nets. Proceedings of Safety and Security Engineering (Safe 2005) , Roma 2005-06-13 - 2005-06-15

2004

Academic lecture

Sallhammar, Karin; Knapskog, Svein Johan. (2004) Using Game Theory in Stochastic Models for Quantifying Security. The 9th Nordic Workshop on Secure IT Systems (NORDSEC 2004) , Espoo 2004-11-01 - 2004-11-03

Språkvelger

Karin Bernsmed

Karin Bernsmed

About

Teaching

Supervision of Master students

Publications

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2007

2006

2005

2004

Journal publications

Books

Part of book/report

Report

INFORMASJONSMATR

Teaching

Courses

Media

2023

2021

2019

2018

2017

2014

2013

2012

2011

2010

2006

2005

2004