AGRA Dissemination

Books

• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Cyber-risk management. Springer, 2015.

Articles

• Vetle Volden-Freberg, Gencer Erdogan. An empirical study on the comprehensibility of graphical security risk models based on sequence diagrams. To appear in Proc. 13th International Conference on Risks and Security (CRISIS'18).
• Roman Wirtz, Maritta Heisel, Angela Borchert, Rene Meis, Aida Omerovic, Ketil Stølen. Risk-based elicitation of security requirements according to the ISO 27005 standard. To appear in Communications in Computer and Information Science, Springer.
• Roman Wirtz, Maritta Heisel, Rene Meis, Aida Omerovic, Ketil Stølen. Problem-based elicitation of security requirements: The ProCOR method. In Proc. 13th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE'18), pages 26-38, SCITEPRESS, 2018.
• Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, Ole Petter Rosland. Risk-based decision support model for offshore installations. In Business Systems Research Journal, Vol. 9, No. 2, 2018.
• Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, Ole Petter Rosland. Experiences from developing an algorithm to support risk-based decisions for offshore installations. In Proc. 14th International Symposium on Operational Research (SOR'17). Slovenian Society Informatika, Section for Operational Research, pages 167-173, 2017.
• Gencer Erdogan, Ketil Stølen. Design decisions in the development of a graphical language for risk-driven security testing. In Proc. 4th Workshop on Risk Assessment and Risk-Driven Quality Assurance (RISK'16), LNCS 10224, pages 99-114, 2017.
• Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Mandatory and potential choice: Comparing Event-B and STAIRS. In book titled From Action System to Distributed Systems: The Refinement Approach, pages 15-28, CRC Press, 2016.
• Gencer Erdogan, Ketil Stølen, Jan Øyvind Aagedal. Evaluation of the CORAL approach for risk-driven security testing based on an industrial case study. In Proc. 2nd International Conference on Information Systems Security and Privacy (ICISSP'16), pages 219-226, 2016.
• Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jon Hofstad, Jan Øyvind Aagedal. Assessing the usefulness of testing for validating and correcting security risk models based on two industrial case studies. In International Journal of Secure Software Engineering, volume 6, pages 90-112, 2015.

Press Contributions

• Interview of Aida Omerovic on security and risk management titled "Roter du det til her er du ferdig. Punktum." published by TirsdagMorgen (April 4, 2018) and Norwegian Computer Society (April 9, 2018).
• Ketil Stølen. Tingenes internett – Et gode, men også en trussel for nasjonen. Teknisk Ukeblad, May 23, 2017.
• Ketil Stølen. Tillitsledelse – Hva er det, egentlig? Dagens Perspektiv, March 28, 2017.
• Ketil Stølen. Personvern og kybersikkerhet går ikke hånd i hånd. Computerworld, No. 7, 2017.

Proceedings

• Peng Lui, Sjouke Mauw, Ketil Stølen (Eds.). Proceedings of 4th International Workshop on Graphical Models for Security (GraMSec'17). Santa Barbara, CA, USA, August 21, 2017. LNCS 10744, Springer, 2018.

Academic Seminars

• Ketil Stølen. Co-organizer Gemini IoT Center PhD Seminar. NTNU, Trondheim, June 20, 2018.
• Ketil Stølen. PC co-chair GraMSec'17 – 4th International Workshop on Graphical Models for Security, Santa Barbara, CA, USA, August 21, 2017.
• Ketil Stølen. Co-organizer Lorentz-seminar on Adversial Risk Analysis for Critical Infrastructure, Leiden, the Netherlands, May 23, 2016.

Public Seminars organized by Ketil Stølen

• Tingenes internett og utvikling av sikre og smarte systemer. Oslo, 25. oktober, 2018
• Det fremtidige "mennesket". Oslo, June 13, 2018.
• Tingenes internett og sikkerhet. Oslo, December 14, 2017.
• Aggregering av risiko – Hva fungerer i praksis. Oslo, April 4, 2017.
• Cybersikkerhet og personvern – Hånd i hånd eller hver for seg? Oslo, November 9, 2016.
• Personvern i vårt cyberspacebaserte samfunn. Oslo, June 22, 2016.
• Cyberspace – Hva er utfordringene fra et risikoperspektiv? Oslo, January 22, 2016.
• Estimering av sikkerhetsnivå: Fra et tverrfaglig perspektiv. Oslo, September 29, 2015.
• Kost-nytte-analyse i en risikoevaluering. Oslo, February 18, 2015.

Presentations

• Ketil Stølen. Lessons learnt from the design of a method and a domain specific language for security-risk modelling – The CORAS experience. Dagstuhl-seminar 18471: Next Generation Domain Specific Conceptual Modeling – Principles and Methods, Schloss Dagstuhl, Germany, November 20, 2018.
• Ketil Stølen. Fremtidens sikkerhetssystemer og løsninger. NOROFF University College and Vocational School. Oslo, Norway, November 1, 2018.
• Ketil Stølen. Security risk assessment. NOROFF University College and Vocational School. Oslo, Norway, November 1, 2018.
• Ketil Stølen. IoT, edge, fog, cloud og alt det der – et forsøk på opprydning. Public SINTEF-seminar titled "Tingenes internett og utvikling av sikre og smarte systemer", Oslo, October 25, 2018.
• Aida Omerovic. Hvordan senke terskelen for effektiv sikkerhetsrisikostyring? – Et utdrag av råd, tips, lavthengende frukter og noen typiske fallgruver. ISACA seminar, Oslo, June 13, 2018.
• Aida Omerovic (with Erik Hagen, Difi). Arkitektur som døråpner for Digitalisering og Verdiskapning. Conference organised by the Norwegian Computer Society titled "Software 2018", Oslo, February 13, 2018.
• Vetle Volden-Freberg. Empirical study: Evaluation of comprehensibility. Guest lecture at course "Unassailable IT-systems", Department of Informatics, the University of Oslo, November 15, 2017.
• Gencer Erdogan. CORAL – A model-based approach to risk-driven security testing. Guest lecture at course "Unassailable IT-systems", Department of Informatics, the University of Oslo, November 15, 2017.
• Ketil Stølen. Fremtidens sikkerhetssystemer og løsninger. NOROFF University College and Vocational School. Stavanger, Norway, October 26, 2017.
• Ketil Stølen. Security risk assessment using CORAS. NOROFF University College and Vocational School. 2 lectures. Stavanger, Norway, October 26, 2017.
• Ketil Stølen. Guidelines for aggregation of cyber-risk in large institutions. Invited talk at 5th Symposium on Games and Decisions in Reliability and Risk (GDRR'17), the Royal Academy of Sciences, Madrid, June 8, 2017.
• Atle Refsdal. Utvikling av risikobasert beslutningsstøtte. Presentation for crisis management decision makers within Sauda municipality, Stavanger, May 11, 2017.
• Atle Refsdal. Utvikling av risikobasert beslutningsstøtte. Presentation for crisis management decision makers within Stavanger municipality, Stavanger, May 10, 2017.
• Ketil Stølen. Fremtidens sikkerhetssystemer og løsninger. Conference organised by the Norwegian Society of Security and Safety titeled "Sikkerhetskonferansen 2017", Stena line, April 27, 2017.
• Atle Refsdal. Erfaringer fra utvikling av risikobasert beslutningsstøtte for offshore-installasjoner. Public SINTEF-seminar titled "Aggregering av risiko – Hva fungerer i praksis?", Oslo, April 4, 2017.
• Ketil Stølen. Retningslinjer for aggregering av risiko. Public SINTEF-seminar titled "Aggregering av risiko – Hva fungerer i praksis?", Oslo, April 4, 2017.
• Ketil Stølen. Sammenhengen mellom tillit, sikkerhet og risiko. Conference organised by the Norwegian Computer Society titled "Software 2017", Oslo, February 16, 2017.
• Atle Refsdal. Beslutningstøtte for løfting av gangvei. Presentation for technical leaders within the petroleum company Statoil. Oslo, December 20, 2016.
• Gencer Erdogan. CORAL – a model-based approach to risk-driven security testing. Public seminar titled "Temamøte IKT – Sikkerhet og apper", NITO Vestfold, Borre, November 10, 2016.
• Ketil Stølen. Personvern fra et cyberperspektiv. Public SINTEF-seminar titled "Cybersikkerhet og personvern – Hånd i hånd eller hver for seg?", Oslo, November 9, 2016.
• Ketil Stølen. Cyber-risk. Statoil Leadership Academy, Oslo, November 3, 2016.
• Ketil Stølen. Security risk assessment using CORAS. NOROFF University College and Vocational School. 2 lectures. Stavanger, Norway, October 25, 2016.
• Ketil Stølen. Introduction to modelling, security and risk. NOROFF University College and Vocational School. 2 lectures. Stavanger, Norway, October 25, 2016.
• Gencer Erdogan. Design decisions in the development of a graphical language for risk-driven security testing. 4th International Workshop on Risk Assessment and Risk-driven Quality Assurance (RISK'16), Graz, Austria, October 18, 2016.
• Ketil Stølen. Cyber-risk management – What are the real challenges? Lorentz-seminar on Adversial Risk Analysis for Critical Infrastructure, Leiden, the Netherlands, May 23, 2016.
• Ketil Stølen. Cyber-risk management – What are the real challenges? University of Duisburg-Essen, May 12, 2016.
• Ketil Stølen. Kjente utfordringer og hva man kan gjøre for å håndtere dem. Public SINTEF-seminar titled "Cyberspace – Hva er utfordringene fra et risikoperspektiv?", Oslo, January 22, 2016.
• Ketil Stølen. Uncertainty, subjectivity, trust and risk – How it all fits together. University of Linkøping, December 16, 2015.
• Ketil Stølen. Cyber-risk management – What are the real challenges? University of Linkøping, December 16, 2015.
• Ketil Stølen. Cyberspace, cybersecurity and cyber-risk – What is new and what are the real challenges? University of Malaga, December 9, 2015.
• Ketil Stølen. Cyberspace, cybersecurity and cyber-risk - What is new and what are the real challenges? University of Bergen, Institute for Informatics, May 7, 2015.
• Ketil Stølen. What I would measure right now. Dagstuhl-seminar 14491: Socio-technical Security Metrics, Schloss Dagstuhl, Germany, December 4, 2014.
• Ketil Stølen. Three challenges with respect to measurement from a risk perspective. Dagstuhl-seminar 14491: Socio-technical Security Metrics, Schloss Dagstuhl, Germany, December 2, 2014.

MSc thesis

• Vetle Volden-Freberg. Development of tool support within the domain of risk-driven security testing. University of Oslo, 2017.
• Tuan Khoa Pham. A decision making method for selection of security controls based on cost-effectiveness analysis and modeling. University of Oslo, 2017.
• Tan Hoang Duy Tran. Risk assessment based on CORAS and fuzzy logic. University of Oslo, 2017.

Technical Reports (only open ones)

• Gencer Erdogan, Ketil Stølen, Jan Øyvind Aagedal. Evaluation of the CORAL approach for risk-driven security testing based on an industrial case study. Technical Report SINTEF A27097, SINTEF ICT, July 2015.