Empirical Research on Cyber Security Governance and Digital Sovereignty
The goal of this department (CREDS) is to strengthen the evidence base for cyber security governance and digital sovereignty. We conduct rigorous empirical research at the intersection of technology, management, and policy to understand how governance structures and technological dependencies shape the cyber security posture and resilience of modern organisations, across value chains and at the national level.
Our research is based on a socio-technical approach. While we draw on social science methods to study cyber security governance and digital sovereignty, our work is also grounded in empirical measurements of digital infrastructures and services. This includes analysing technological dependencies and collecting operational data to better understand cyber risks.
By using these observations as research-driven insights, we provide a scientific foundation for informed decision-making at all levels of leadership.
The CREDS department aims to ensure that cyber security and digital sovereignty are grounded in a foundation of verifiable data and evidence-based knowledge. Our team is committed to advancing theory while delivering actionable insights for practitioners.
"We move from assumptions to evidence, combining technical measurements with organisational insights to help leaders integrate cyber security into the heart of governance."
- Jostein Jensen, director of Cyber Security
Focus areas
Cyber security governance and management
We examine how leadership at several levels shapes cyber security in organisations and how executive leadership and security teams collaborate. Our research provides evidence-based insights that support leaders in integrating cyber security into core governance structures.
Digital sovereignty and value chains
We analyse technological dependencies and their implications for securing critical infrastructure and strengthening digital sovereignty. Our work contributes insights that help sustain cyber-secure and resilient infrastructures in an increasingly complex global landscape.
Risk management for emerging technologies
We investigate cyber risks in the development and adoption of next-generation technologies, such as AI. CREDS develops analytical frameworks for understanding the governance and security challenges associated with emerging technologies. Simula’s initiatives in AI security and safety, as well as collaborations with the AI and Quantum centres, play an important role in informing our understanding of emerging risks.