Inger Anne Tøndel

Norwegian University of Science and Technology, Nidaros, Sør-Trøndelag, Norway

Are you Inger Anne Tøndel?

Claim your profile

Publications (40)5.55 Total impact

  • Maria Bartnes Line · Inger Anne Tøndel · Martin G. Jaatun
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper reports on the results of an interview study that surveyed current practices regarding information security incident management in small and large distribution system operators (DSOs) in the Norwegian electric power industry. The findings indicate that current risk perception and preparedness are low, especially among small electricity distribution system operators. Further, small distribution system operators rely heavily on their suppliers should incidents occur. At the same time, small distribution system operators are confident that they can handle the worst-case scenarios. This paper documents current perceptions and discusses the extent to which they are likely to hold given the transition towards smart electric grids. Several recommendations are provided based on the findings and the accompanying discussion. In particular, small distribution system operators should strengthen the collaboration with their information technology (IT) suppliers and other small distribution system operators. Furthermore, distribution system operators in general should establish written documentation of procedures, perform preparedness exercises and improve detection capabilities in control systems.
    No preview · Article · Dec 2015 · International Journal of Critical Infrastructure Protection
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of knowledge gaps related to cyber-insurance as a risk management strategy. These are grouped into three high-level topics; cyber-insurance products, understanding and measuring risk and estimation of consequences. The topics are further divided into 11 knowledge areas with recommendations for further research. The work is based on a study of academic literature and other written materials, such as various reports and newspaper articles. There is a clear lack of empirical data on cyber-insurance, and in particular qualitative studies aiming to understand and describe needs, obstacles and processes relevant for cyber-insurance. We recommend a stronger emphasis on research related to topics that are specific to cyber-insurance, covering decision models for buyers of insurance, barriers for information sharing, impact of cyber-insurance on security, and business models for insurers.
    Full-text · Technical Report · Nov 2015
  • Per Hakon Meland · Inger Anne Tondel · Bjornar Solhaug

    No preview · Article · Nov 2015 · IEEE Security and Privacy Magazine
  • Martin Gilje Jaatun · Inger Anne Tøndel
    [Show abstract] [Hide abstract]
    ABSTRACT: See http://jaatun.no/papers/2015/cloudincident-nonblind-as-submitted.pdf for author version. Outsourcing computing and storage to the cloud does not eliminate the need for handling of information security incidents. However, the long provider chains and unclear responsibilities in the cloud make incident response difficult. In this paper we present results from interviews in critical infrastructure organisations that highlight incident handling needs that would apply to cloud customers, and suggest mechanisms that facilitate inter-provider collaboration in handling of incidents in the cloud, improving the accountability of the cloud service providers.
    No preview · Conference Paper · Aug 2015
  • I.A. Tøndel · M.B. Line · G. Johansen
    [Show abstract] [Hide abstract]
    ABSTRACT: A rich selection of methods for information security risk assessments exist, but few studies evaluate how such methods are used, their perceived ease-of-use, and whether additional support is needed. Distribution system operators (DSOs) find it difficult to perform information security risk assessments of Advanced Metering Infrastructure (AMI). We have performed a case study in order to identify these difficulties and the reasons for them. Our findings indicate that the risk assessment method in itself is not the main challenge. The difficulties regard competence; more specifically, insight in possible information security threats and vulnerabilities, being able to foresee consequences, and making educated guesses about probability. Improved guidelines can be a valuable aid, but including information security experts as participants in the process is even more important.
    No preview · Article · Jan 2015
  • Source
    Inger Anne Tøndel · Maria B. Line · Martin Gilje Jaatun
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper reports results of a systematic literature review on current practice and experiences with incident management, covering a wide variety of organisations. Identified practices are summarised according to the incident management phases of ISO/IEC 27035. The study shows that current practice and experience seem to be in line with the standard. We identify some inspirational examples that will be useful for organisations looking to improve their practices, and highlight which recommended practices generally are challenging to follow. We provide suggestions for addressing the challenges, and present identified research needs within information security incident management.
    Full-text · Article · Sep 2014 · Computers & Security
  • Maria B. Line · Inger Anne Tondel · Martin G. Jaatun
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper reports on an interview study on information security incident management that has been conducted in organizations operating industrial control systems that are highly dependent on conventional IT systems. Six distribution service operators from the power industry have participated in the study. We have investigated current practice regarding planning and preparation activities for incident management, and identified similarities and differences between the two traditions of conventional IT systems and industrial control systems. The findings show that there are differences between the IT and ICS disciplines in how they perceive an information security incident and how they plan and prepare for responding to such. The completeness of documented plans and procedures for incident management varies. Where documentation exists, this is in general not well-established throughout the organization. Training exercises with specific focus on information security are rarely performed. There is a need to create amore unified approach to information security incident management in order for the power industry to be sufficiently prepared to meet the challenges posed by Smart Grids in the near future.
    No preview · Conference Paper · May 2014
  • Martin Gilje Jaatun · Inger Anne Tøndel · Geir M. Køien
    [Show abstract] [Hide abstract]
    ABSTRACT: Also in: Availability, Reliability, and Security in Information Systems and HCI Lecture Notes in Computer Science Volume 8127, 2013, pp 195-207
    No preview · Conference Paper · Sep 2013
  • Karin Bernsmed · I.A. Tøndel
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a method for evaluating an organization's ability to manage security incidents. The method is based on resilient thinking, and describes how to identify, select and implement early-warning indicators for information security incident management.
    No preview · Conference Paper · Jan 2013
  • Karin Bernsmed · Inger Anne Tondel · Asmund Ahlmann Nyre
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents Privacy Advisor; a software which uses machine-learning techniques to help the users make online privacy decisions. Privacy Advisor is based on Case Based Reasoning (CBR), which relies on the ability to identify similar situations from the past and use these to provide recommendations in new situations. This paper focuses on the algorithms necessary to calculate the similarity of privacy policies. In addition, we provide results from a focus group study on the perceived similarity of data items and data handling purposes from a privacy point of view.
    No preview · Conference Paper · Aug 2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Privacy Enhancing Technologies (PETs) help to protect the personal information of users. This chapter will discuss challenges and opportunities of PETs in a business context, and present examples of currently available PETs. We will further study the Platform for Privacy Preferences (P3P), and discuss why it so far has failed to deliver on its promise. Finally, we provide our advice on further research on privacy preferences, and conclude with our conviction that businesses need to take a progressive stance on providing privacy to their customers.
    No preview · Chapter · Jan 2012
  • Inger Anne Tøndel
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a solution for visualization control aimed at public displays used in a hospital setting. The solution controls what is displayed on a screen based on its location and the current time of day. In addition it makes risk/benefit trade-offs based on the quality and newness of the information, as well as its sensitivity and its importance for intended users. The solution can be realized by utilizing an existing publish/subscribe middleware solution.
    No preview · Conference Paper · Oct 2011
  • I.A. Tondel · A.A. Nyre · K. Bernsmed
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected from actual situations. Instead, historical privacy decisions are used as a basis for providing privacy recommendations to users in new situations. The solution also takes into account the reasons why users act as they do, and allows users to benefit from information on the privacy trade-offs made by others.
    No preview · Conference Paper · Sep 2011
  • Source
    Maria B. Line · Inger Anne Tøndel · Erlend Andreas Gjære
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper focuses on access control approaches usable for information sharing through large screens where several individuals are present at the same time. Access control in this setting is quite different from traditional systems where a user logs on to the system. The paper outlines a number of possible approaches to access control, and evaluates them based on criteria derived from risk analyses of a planned coordination system for the perioperative hospital environment. It concludes that future work should focus on extending the location-based approach with situation awareness, and add support for using pop-ups or handheld devices for sharing of the most sensitive information.
    Full-text · Conference Paper · Aug 2011
  • Inger Anne Tøndel · Åsmund Ahlmann Nyre
    [Show abstract] [Hide abstract]
    ABSTRACT: Current approaches to privacy policy comparison use strict evaluation criteria (e.g. user preferences) and are unable to state how close a given policy is to fulfil these criteria. More flexible approaches for policy comparison is a prerequisite for a number of more advanced privacy services, e.g. improved privacy-enhanced search engines and automatic learning of privacy preferences. This paper describes the challenges related to policy comparison, and outlines what solutions are needed in order to meet these challenges in the context of preference learning privacy agents.
    No preview · Conference Paper · Jan 2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Large wall-mounted screens placed at locations where health personnel pass by will assist in self-coordination and improve utilisation of both resources and staff at hospitals. The sensitivity level of the information visible on these screens must be adapted to a close-to-public setting, as passers-by may not have the right or need to know anything about patients being treated. We have conducted six informal interviews with health personnel in order to map what kind of information they use when identifying their patients and their next tasks. We have compared their practice and needs to legislative requirements and conclude that it is difficult, if not impossible, to fulfil all requirements from all parties.
    Full-text · Article · Jan 2011 · Studies in health technology and informatics
  • Maria B. Line · Inger Anne Tondel · Martin G. Jaatun
    [Show abstract] [Hide abstract]
    ABSTRACT: The introduction of telecommunication in the energy grid, leading the way towards Smart Grids, challenges the way safe operations have traditionally been assured in the energy sector. New cyber security challenges emerge, especially related to privacy, connectivity and security management, and these need to be properly addressed. Existing cyber security technology and good practice mainly come from the traditional telecommunication environment where the requirements on safety and availability are less strict. For Smart Grids, lessons can be learned from the oil and gas industry on how they have dealt with security challenges in their implementation of integrated operations. Still, Smart Grids face a slightly different reality, due to their extensive geographical distribution and the enormous number of end-users. The contribution of this paper is a survey of cyber security challenges for Smart Grids, together with a roadmap of how these challenges must be addressed in the near future.
    No preview · Article · Jan 2011
  • Jostein Jensen · Inger Anne Tøndel · Per Håkon Meland
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents an experiment on the reusability of threat models, specifically misuse case diagrams. The objective was to investigate the produced and perceived differences when modelling with or without the aid of existing models. 30 participants worked with two case studies using a Latin-squares experimental design. Results show that reuse is the preferred alternative. However, the existing models must be of high quality, otherwise a security risk would arise due to false confidence. Also, reuse of misuse case diagrams is perceived to improve the quality of the new models as well as improve productivity compared to modelling from scratch.
    No preview · Conference Paper · Dec 2010
  • Per Håkon Meland · Inger Anne Tøndel · Jostein Jensen
    [Show abstract] [Hide abstract]
    ABSTRACT: To support software developers in addressing security, we encourage to take advantage of reusable threat models for knowledge sharing and to achieve a general increase in efficiency and quality. This paper presents a controlled experiment with a qualitative evaluation of two approaches supporting threat modelling - reuse of categorised misuse case stubs and reuse of full misuse case diagrams. In both approaches, misuse case threats were coupled with attack trees to give more insight on the attack techniques and how to mitigate them through security use cases. Seven professional software developers from two European software companies took part in the experiment. Participants were able to identify threats and mitigations they would not have identified otherwise. They also reported that both approaches were easy to learn, seemed to improve productivity and that using them were likely to improve their own skills and confidence in the results.
    No preview · Conference Paper · Feb 2010
  • Inger Anne Tøndel · Jostein Jensen · Lillian Røstad
    [Show abstract] [Hide abstract]
    ABSTRACT: Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identified strengths and weaknesses of both model types. In this paper we present how misuse cases and attack trees can be linked to get a high-level view of the threats towards a system through misuse case diagrams and a more detailed view on each threat through attack trees. Further, we introduce links to security activity descriptions in the form of UML activity graphs. These can be used to describe mitigating security activities for each identified threat. The linking of different models makes most sense when security modeling is supported by tools, and we present the concept of a security repository that is being built to store models and relations such as those presented in this paper.
    No preview · Conference Paper · Feb 2010