Welcome to the website of Öruggur Nets ehf.
We specialize in helping Icelandic companies and individuals strengthen computer, network and data security through advice, education and prevention.
We place great emphasis on prevention to reduce the likelihood of safety deviations.
What do we do?
We advise, educate, train employees and managers of companies as well as individuals with everything related to computer security. We sell both software and hardware related to cybersecurity, offer courses, consulting and security manager services on subscription. We can help from start to finish and take care of everything related to computer and network security for companies. Book an appointment for a free consultation today.
We offer three different courses in cybersecurity for different groups. Our basic course is designed for the general public or the average employee of a company. As the name suggests, the basics of cybersecurity are covered. A Vulnerability Management course is for IT professionals who seek knowledge in vulnerability management and other preventative cybersecurity issues. The course for business managers is intended for managers and those who want to better understand cybersecurity without getting lost in details. Check out the courses that are available
We advise companies and individuals on all matters relating to network and data security and assist in implementation. We assist with audits, feedback and implementation of security plans, design processes, set up vulnerability management, manage training and much more. If your company falls under NIS2 or DORA regulations, we can help with that.
We offer virtual CISO services where we take care of daily security work. Our Safety Manager service works by providing long-term service and being available if needed. We tailor the service to your needs and take over the role of safety manager in contractor work.
Our values are reliability, professionalism and safety. We are experts in cybersecurity, computer security, and data security. We simplify cybersecurity issues and provide advice in plain language on all matters relating to digital security. We carry out audits and submit reports on what needs to be fixed. We also offer to implement all our suggestions and help you maintain the security.
We also offer to take over digital security issues at your company on a subscription. We also offer various courses for different groups on most issues related to digital security for companies and individuals.
Are you concerned about requirements from NIS, NIS-2 or DORA? Or maybe don’t know what it is? Are you seeking certification from PCI-DSS, ISO, NIST or other certification bodies? We help prepare you for an audit from these parties. Are you reading about hacking in the news and wondering if you might be caught by this? Although it is not possible to guarantee that you will never be broken into, there are certain preventive measures that greatly reduce the risk. We can review the systems and processes and give our assessment of the likelihood that you will be attacked and fend off the attack. Finally, we return to you a report with our recommendations for improvement. If you need help getting these improvements done, we’re here to help.
The founder of Öruggt Net ehf, Sigurður Gísli Bjarnason, has been in the computer industry since shortly after home computers came on the market and therefore has extensive experience to build on. He started using the internet around the year 1985 or a decade before the first browser was available. The first browser was not designed until 1993 when the Mosaic browser was designed in a university in the United States. Mosaic was then the basis for the first browser available on the market when Netscape Navigator was released in December 1994.
Our founder has a bachelor’s degree in Computer Engineering which he completed in 1994 and an MS degree in Computer Security which he completed in 2019. Both of these degrees are from universities in the United States where he resided for 30 years and worked for companies such as Microsoft and T-Mobile US inc. You can read more about his adventures on our about us page. Under the tab Culture is a list of the degrees and exams he has taken.
After completing his master’s degree, he wrote a book on how the public can be safer while browsing the internet. You can find out more about the book on our book page .
Below you can see examples of four different software packages that we offer. It is also possible to select just individual elements, an overview of which can be found HERE.
Asset management Targeted protection Vulnerability scanning, detection, and management Hardening recommendation from the CIS Compliance reports on standards
✓ Backup
Immutable backups Automatic three backups of all data All data double-encrypted Encryption keys stored in a key management system Security and privacy ensured at the core Role-based access Multi-factor authentication User self-service Shared storage per user 20 GB Choice of 5 storage areas Backup and restore Exchange online, OneDrive, SharePoint, Teams
✓ End-Point-Protection
Windows and macOS support ChromeOS, iOS, and Android support Virus and malware protection and user behavior analysis Predictive modeling AI Reflex protection/virtual patch Full encryption on disk Device manager Homepage reputation and URL filtering
Everything included in the Bronze package Shared storage per user 50 GB Public folder backup and restore Background and recovery of MS groups (including Planner) Can choose to make backups multiple times a day Data Lock Option to purchase extra storage (300 GB per user)
✓ End-Point-Protection
Everything included in the Bronze package Automated analysis, farrowing, fishing and root cause analysis Advanced hazard analysis with cloud sandbox Analysis, research, and response that spans across all customers.
Everything included in the Silver Package Shared storage per user 300 GB Automatic deletion of unused/unnecessary data Federated Search eDiscovery (Legal Hold)
Basic protection against data hostage taking Safety Control Center Unusual Data Functionality (UDA) SIEM integration Movement of the back muscles Security Events
✓ End-Point-Protection
Everything included in the Silver Package Cloud email portal with DLP Microsoft 365/G Suite protection based on API Cloud sandbox BEC and protection of confidential data File password extraction Layers search box Message size limits Email Continuity Box & Dropbox protection (only for Bix accounts) Automatically integrate data between email and endpoint in a single admin panel
Everything included in the Gold Package Updated protection against data hostage taking along with recovery SOAR Automation Snapshots of infection prevention Cowed recovery Recovery Scans Sandbox Recovery (VM)
✓ End-Point-Protection
Everything included in the Gold Package Detection: 24/7 critical alert and monitoring, IOC search Study: Incident Investigation, Root Cause Analysis Study: Customer Analysis Actions: Recommendations or sources for action, monthly report
Our Safety Manager service works by providing long-term service and being available if needed. We tailor the service to your needs and take over the role of safety manager in contractor work. Typically, the service is a combination of the following components:
Be available for advice on daily questions that arise
Keep your processes alive and aligned with your business. Updates the processes when the business or business needs change
Help prioritize security items as needed
Takes care of necessary preventive measures in the company’s cyber security matters
The cost of these services depends on the scope of the project such as the number of employees in the company, the nature of the company’s operations, and more. We offer a free consultation on the best way to go for each company. Click on the button below to book an appointment for a free consultation.
Below you can see examples of the services we provide. Despite this list, we always tailor each individual’s service and it is just as likely that your service needs are a combination of all of these.
Please contact us with any questions or to book an appointment with us.
Vulnerability Management Design
Vulnerability management is fundamental when it comes to a secure computing environment. This is multifaceted and includes, among other things, asset management. We help you set up a strong vulnerability management tailored to your company, recommend the best tools for the job and help with their installation in the future.
Strong vulnerability management mostly consists of good work processes with tools and equipment in a support role. Once we have good work processes, we work together to find what your company requires of these tools, and by doing so, we ensure that the right one is chosen.
Set up the right processes
Some people believe the salesperson when he tells them that if they buy their tool, they will be 100% safe. Then the next salesman comes along and makes them believe that their device is much better. Then they end up with a lot of tools and tools that they don’t know anything about and a very false sense of security.
The truth is that it is not possible to guarantee 100% safety, and certainly not by buying any tools and equipment. It’s never good to start with a solution and then go on to find a problem that that solution can solve.
We recommend reviewing all work processes to make sure they contribute to good computer security and then to see which tools and tools can help and support your processes. With this way, you start by finding the problem and then solutions to the problem.
Internal audits
If you are working on any kind of certifications or just maintaining the certifications you have, then an external and independent party needs to audit your company before you can go through the certification audit. It is also a requirement of most certification bodies that this is done annually. This is one of the services we offer.
User Awareness Training
One of the key elements of good computer security is to make sure that all your employees are aware and informed about computer security issues. This is one of the basics of any good computer security process. It is not possible to get any certification without this being in order.
The majority of computer hacks occur due to poor computer security awareness. Therefore, this is very important even if you are not pursuing any certification. There are two basic methods to ensure this:
You can purchase a subscription to e-learning platforms.
Or you can get an expert to come to your office and provide training for your employees.
There are pros and cons to both as so often.
E-learning is easy to use and easy for staff to find time to watch the videos, and you can check the box that you have met these requirements. These are often short videos and hence easy to find time for very busy people. The problem is to ensure that employees are able to absorb what they are watching in the videos. You also have little or no control over what your people are learning.
On the other hand, lessons like what we offer are more customized and engaging. It is easier to make sure that everyone is on board with the content and it is possible to establish a conversation that often results in a lot. The problem is that finding the time to get everyone into the classroom can be a big challenge.
We usually recommend having on-site tutoring, but we know it doesn’t work for everyone, so we can help you find the right teaching material online.
NIS2 or DORA updates
Ef þitt fyrirtæki fellur undir NIS2 eða DORA reglugerðir þá getum við hjálpað við það. There are many more companies and institutions that are covered by NIS2 than NIS, and possibly your company is one of them. If you need help understanding the requirements set by the regulations, organizing and implementing the activities so that you meet the requirements of the regulations, please contact us and we will get into the matter. We tailor our assistance to what you need help with.
We offer three different courses in cybersecurity for different groups. Our basic course is designed for the general public or the average employee of a company. As the name suggests, the basics of cybersecurity are covered. A Vulnerability Management course is for IT professionals who seek knowledge in vulnerability management and other preventative cybersecurity issues. The course for business managers is intended for managers and those who want to better understand cybersecurity without getting lost in details. Check out the courses that are available
We advise companies and individuals on all matters relating to network and data security and assist in implementation. We assist with audits, feedback and implementation of security plans, design processes, set up vulnerability management, manage training and much more. If your company falls under NIS2 or DORA regulations, we can help with that.
We offer virtual CISO services where we take care of daily security work. Our Safety Manager service works by providing long-term service and being available if needed. We tailor the service to your needs and take over the role of safety manager in contractor work.
We offer three training classes: one for the general public, known as Cybersecurity Awareness training, one for IT staff and management, and one for the C-Suite. Here are the details of each
Please contact us if you have any questions or are interested in a private training class.
Cybersecurity Awareness
This training class uses everyday language and is designed for the general public, whether on the job market or not. So, no computer expertise is expected. It comes with a certificate of completion. This is an excellent option for your company’s Cybersecurity Awareness requirements, which NIS, DORA, and other regulations require, as well as certifications like ISO 27001.
Security Basics Topics
In this section, we will discuss and define the following topics
Password Management
MFA
Critical Thinking
Links, Attachment, USB Drives
Social Engineering
Scams
FUD
Risks and Threat Profiling
Threat Protection
Online Privacy Topics
In this section, we’ll discuss what footprint you leave online and how to minimize it. Furthermore, we’ll discuss general online privacy tips and tricks.
Price and schedule
Head on over to our Series Event Calendar to find the schedule and pricing for this training. Please contact us if you don’t find a schedule that meets your needs or to request an alternative location.
Vulnerability Management How-To Training
This is for IT staff and management looking for training on either setting up cybersecurity programs in their orgs or looking to beef it up. We explore topics in enough detail so you have a good overview and know what you need to focus on. If we need to do a deep dive into any of these topics, please let us know, as we’d love to get feedback on what other training to offer.
Topics
In this section, we will discuss and define the following topics
What is Vulnerability Management, and why is it important
How do you set up a Vulnerability Management Program? What are the components?
Cybercrime and its nature.
Data Classification
Governmental requirements include NIS, NIS2, and DORA. Who is subject to which directive, and what are the requirements
Who is CERT-is, and how do they play into all of this?
Price and schedule
Head on over to our Series Event Calendar to find the schedule and pricing for this training. Please contact us if you don’t find a schedule that meets your needs or to request an alternative location.
Cybersecurity for Executives
This high-level training is designed for executives and the C-suite who want to better understand cybersecurity, why it is important, and what they can expect from cybersecurity programs. We are still developing this one; further details will be posted here when available. If you have questions, please contact us.
As stated on our about us page, we are registered as a legal entity in Seattle, WA, USA, and Iceland. Here are the contact information and registration numbers for both entities. We can also be reached via social media in the header and the chatbot on this site. We have Slack and Teams and would be happy to federate with you on those and other platforms. Just send us an invite, and we’ll be happy to accept.
WA UBI: 604 502 651 001 0001 FEIN: 84-2787519 1037 NE 65TH ST UNIT 80031 SEATTLE, WA 98115 +1-425-223-3342 See website for email https://infosechelp.net
Below you can see a more detailed description of everything that the Bronze package contains and we will update the explanations and translations over time.
Asset Management is about managing all endpoints (computers, phones, and all other network equipment) that could potentially be vulnerable to attacks in order to better identify the vulnerabilities. This can also apply to software. “You can’t protect what you don’t know”.
Proactive protection
The software uses artificial intelligence that analyzes other customers to learn more and be able to anticipate problems before they arise.
Vulnerability scanning, detection, and management
All company-owned endpoints are scanned for vulnerabilities.
Hardening recommendations from the Center for Internet Security (CIS)
You will be instructed to tighten the security according to CIS standards if something is not as it should be.
Compliance reports on standards
You’ll get reports on whether and how you’re adhering to computer security standards.
Windows and macOS support ChromeOS, iOS, and Android support Virus and malware protection and user behavior analysis
Analysis of a user’s behavior means that the software detects deviations from the user’s “normal” behavior. For example, if the user is not used to opening Powershell on their computer, the software detects it as an anomaly.
Predictive modeling AI Reflex protection/virtual patch Full encryption on disk Device manager Homepage reputation and URL filtering
Immutable means that something cannot be changed or deleted. Generally, immutable backups can only be deleted after a certain time period has passed. Immutable backups are safe from possible alteration or deletion, which means that their original integrity remains unchanged. With the advent of ransomware, having an immutable backup has been crucial for recovery. The reason is that threatening actors now regularly attack backups. With an immutable backup, the data is protected from these kinds of attacks.
Automatic three backups of all data
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending.
Double encryption significantly increases the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack one layer of crypto, they must still be unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
All data double-encrypted
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending. Double encryption significantly enhances the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack a single layer of crypto, they are still unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
Encryption keys stored in a key management system
Encrypted keys are an important part of any security system. They do everything from data encryption and decryption to user authentication. Using encrypted keys can lead to the collapse of all organizational security functionality, and the attacker can decrypt sensitive data, identify themselves as user rights holders, or give themselves access to other confidential information. Fortunately, proper management of keys and related factors can ensure the security of confidential information. Key management is the process of setting certain standards to ensure the security of encrypted keys in an organization. Key management is responsible for creating, exchanging, storing, deleting, and updating accounts. Also about access to the keys for parties.
Security and privacy ensured at the core Role-based access control
In the security of computer systems, Role-Based Access Control or role-based security is an approach to restricting access to the system to authorized users and to implement Manditory Access Control or Discretionary Access Control. Role-based access control is a strategic access control that is defined around roles and privileges. Its elements, such as role permissions, user roles, and relationship to roles, make it easy to accomplish user tasks.
Multi-factor authentication User self-service Shared storage per user 20 GB Choice of 5 storage areas Backup and restore Exchange online, OneDrive, SharePoint, Teams
Below you can see a more detailed description of everything that the Silver Package contains and we will update explanations and translations over time.
Asset Management is about managing all endpoints (computers, phones, and all other network equipment) that could potentially be vulnerable to attacks in order to better identify the vulnerabilities. This can also apply to software. “You can’t protect what you don’t know”.
Proactive protection
The software uses artificial intelligence that analyzes other customers to learn more and be able to anticipate problems before they arise.
Vulnerability scanning, detection, and management
All company-owned endpoints are scanned for vulnerabilities.
Hardening recommendations from the Center for Internet Security (CIS)
You will be instructed to tighten the security according to CIS standards if something is not as it should be.
Compliance reports on standards
You’ll get reports on whether and how you’re adhering to computer security standards.
Windows and macOS support ChromeOS, iOS, and Android support
Virus and malware protection and user behavior analysis
Analysis of a user’s behavior means that the software detects deviations from the user’s “normal” behavior. For example, if the user is not used to opening Powershell on their computer, the software detects it as an anomaly.
Predictive modeling AI Reflex protection/virtual patch Full encryption on disk Device manager Homepage reputation and URL filtering
Automated analysis, farrowing, fishing and root cause analysis Advanced hazard analysis with cloud sandbox Analysis, investigation, and response spanning across all customers
Immutable means that something cannot be changed or deleted. Generally, immutable backups can only be deleted after a certain time period has passed. Immutable backups are safe from possible alteration or deletion, which means that their original integrity remains unchanged. With the advent of ransomware, having an immutable backup has been crucial for recovery. The reason is that threatening actors now regularly attack backups. With an immutable backup, the data is protected from these kinds of attacks.
Automatic three backups of all data
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending.
Double encryption significantly increases the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack one layer of crypto, they must still be unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
All data double-encrypted
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending. Double encryption significantly enhances the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack a single layer of crypto, they are still unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
Encryption keys stored in a key management system
Encrypted keys are an important part of any security system. They do everything from data encryption and decryption to user authentication. Using encrypted keys can lead to the collapse of all organizational security functionality, and the attacker can decrypt sensitive data, identify themselves as user rights holders, or give themselves access to other confidential information. Fortunately, proper management of keys and related factors can ensure the security of confidential information. Key management is the process of setting certain standards to ensure the security of encrypted keys in an organization. Key management is responsible for creating, exchanging, storing, deleting, and updating accounts. Also about access to the keys for parties.
Security and privacy ensured at the core
Role-based access control
In the security of computer systems, Role-Based Access Control or role-based security is an approach to restricting access to the system to authorized users and to implement Manditory Access Control or Discretionary Access Control. Role-based access control is a strategic access control that is defined around roles and privileges. Its elements, such as role permissions, user roles, and relationship to roles, make it easy to accomplish user tasks.
Multi-factor authentication User self-service Shared storage per user 50 GB Choice of 5 storage areas Backup and restore Exchange online, OneDrive, SharePoint, Teams Public folder backup and restore Background and recovery of MS groups (including Planner) Can choose to make backups multiple times a day Data Lock Option to purchase extra storage (300 GB per user)
Below you can see a more detailed description of everything that the Platinum Package contains and we will update the notes and translations over time.
Asset Management is about managing all endpoints (computers, phones, and all other network equipment) that could potentially be vulnerable to attacks in order to better identify the vulnerabilities. This can also apply to software. “You can’t protect what you don’t know”.
Proactive protection
The software uses artificial intelligence that analyzes other customers to learn more and be able to anticipate problems before they arise.
Vulnerability scanning, detection, and management
All company-owned endpoints are scanned for vulnerabilities.
Hardening recommendations from the Center for Internet Security (CIS)
You will be instructed to tighten the security according to CIS standards if something is not as it should be.
Compliance reports on standards
You’ll get reports on whether and how you’re adhering to computer security standards.
Windows and macOS support ChromeOS, iOS, and Android support Virus and malware protection and user behavior analysis
Analysis of a user’s behavior means that the software detects deviations from the user’s “normal” behavior. For example, if the user is not used to opening Powershell on their computer, the software detects it as an anomaly.
Predictive modeling AI Reflex protection/virtual patch Full encryption on disk Device manager Homepage reputation and URL filtering
Automated analysis, farrowing, fishing and root cause analysis Advanced hazard analysis with cloud sandbox Analysis, research, and response that spans across all customers.
Cloud email portal with DLP Microsoft 365/G Suite protection based on API Cloud sandbox BEC and protection of confidential data File password extraction Layers search box Message size limits Email Continuity Box & Dropbox protection (only for Bix accounts) Automatically integrate data between email and endpoint in a single admin panel
Detection: 24/7 critical alert and monitoring, IOC search Study: Incident Investigation, Root Cause Analysis Study: Customer Analysis Actions: Recommendations or sources for action, monthly report
Immutable means that something cannot be changed or deleted. Generally, immutable backups can only be deleted after a certain time period has passed. Immutable backups are safe from possible alteration or deletion, which means that their original integrity remains unchanged. With the advent of ransomware, having an immutable backup has been crucial for recovery. The reason is that threatening actors now regularly attack backups. With an immutable backup, the data is protected from these kinds of attacks.
Automatic three backups of all data
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending.
Double encryption significantly increases the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack one layer of crypto, they must still be unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
All data double-encrypted
Double encryption is an encryption technology that enhances the security of data and digital communications. By using two separate encryption methods on an email or file, double encryption ensures secure file sharing, managed file transfers, secure web forms, and email message sending. Double encryption significantly enhances the security of sensitive files and email communications at rest and in motion. Even if malicious actors manage to crack a single layer of crypto, they are still unable to access the original data due to the second layer of crypto. This makes it much more difficult for cybercriminals to access sensitive information.
Encryption keys stored in a key management system
Encrypted keys are an important part of any security system. They do everything from data encryption and decryption to user authentication. Using encrypted keys can lead to the collapse of all organizational security functionality, and the attacker can decrypt sensitive data, identify themselves as user rights holders, or give themselves access to other confidential information. Fortunately, proper management of keys and related factors can ensure the security of confidential information. Key management is the process of setting certain standards to ensure the security of encrypted keys in an organization. Key management is responsible for creating, exchanging, storing, deleting, and updating accounts. Also about access to the keys for parties.
Security and privacy ensured at the core Role-based access control
In the security of computer systems, Role-Based Access Control or role-based security is an approach to restricting access to the system to authorized users and to implement Manditory Access Control or Discretionary Access Control. Role-based access control is a strategic access control that is defined around roles and privileges. Its elements, such as role permissions, user roles, and relationship to roles, make it easy to accomplish user tasks.
Multi-factor authentication User self-service Shared storage per user 300 GB Choice of 5 storage areas Backup and restore Exchange online, OneDrive, SharePoint, Teams
Public folder backup and restore Background and recovery of MS groups (including Planner) Can choose to make backups multiple times a day Data Lock
Automatic deletion of unused/unnecessary data Federated Search eDiscovery (Legal Hold) Safety Control Center Unusual Data Functionality (UDA) SIEM integration Movement of the back muscles Security Events
Updated protection against data hostage taking along with recovery SOAR Automation Snapshots of infection prevention Cowed recovery Recovery Scans Sandbox Recovery (VM)
