Welcome to our shop. We offer 30-day returns on all in-stock items. The full policy can be found here.

A special welcome to members of Aukakrónur Landsbankann, who get special discounts on all their purchases.

ABOUT ÖRUGGT NET EHF

Our values are trustworthiness, professionalism, and security. We are experts in cybersecurity, computer security and data security. We simplify cybersecurity and provide “No-BS” advice on everything that is relevant to digital security. We audit and report on what needs to be improved. We also offer to implement all our proposals and help you maintain security.
We also offer to take over digital security issues at your company in subscription. Then we offer various courses for different groups on most issues related to digital security for companies and individuals.

Follow us on social media

• Facebook
• LinkedIn
• Instagram
• X
• Vimeo
• Mastodon

Öruggt Net ehf, your cybersecurity experts

Welcome to the home of Öruggt Net (Secured Network). We are a small cybersecurity consultant company in Iceland. Our focus is advising Icelandic companies and helping them with their cybersecurity challenges. We specialize in preventive measures. As the saying goes, it’s best to close the barn door before the horses get out. For example, we can evaluate your current security posture, establish a cybersecurity lifecycle, review your cybersecurity tools, and formulate an action plan to harden your environment. We can even help you execute that plan if needed. Vulnerability Management and continuous threat exposure management (CTEM) are some of the best ways to accomplish this. We have a lot of experience with Vulnerability Management Programs and would love to help you establish yours. With a great Vulnerability Management Program in place, you gain confidence in your security posture and enjoy increased security resiliency.

The main foundation of a good cybersecurity lifecycle is having all the right tools, policies, and procedures in place. We can audit how strong your security foundation is and make recommendations on how to improve it. Certainly, if you need help with implementation, we can handle that as well.

Book a free meeting with us to go over our services and how we can help you increase your security.

Cybersecurity training

We offer three different courses in cybersecurity training for different groups. Check out the courses available

TRANING

Virtual CISO services

We offer security manager services where we are responsible for carrying out daily security work such as monitoring

CISO SERVICES

Cybersecurity consultation

We advise companies and individuals on everything related to network and data security and assist in the implementation

CONSULTATION

How we can help

Are you looking to obtain any certifications? For example, PCI-DSS, ISO 27001:2022, NIST? Or are you worried about compliance with NIS, NIS-2, or DORA requirements from the European Union or Icelandic Law? Let us work with you to ensure your full compliance. Then, we can help you obtain your desired certifications as well as shore up your cybersecurity foundation.

Worried about becoming the latest cybersecurity breach news item? We can review your threat matrix and exposure and help you formulate a plan to shore up your defenses. If desired, we’ll even help you implement said plan.

Just need help deciding which tool is best for your environment or advice on selecting the best vendor for your needs? We have a lot of experience in this area and would be happy to help.

If you don’t already have a strong vulnerability management program or a continuous threat exposure management program, we strongly recommend starting with that.

Cybersecurity Background

Our founder has been in the computer business since the dawn of personal computers, so he has a lot of experience from which you can benefit. He started going online as a teenager in the 1980s. However, there were no web browsers available until 1993, when Mosaic was developed as a college project. Mosaic became the first commercially available browser, Netscape Navigator, in December 1994.

Our founder completed a BS in Computer Engineering in 1994 and an MS in Cybersecurity and information assurance in 2019. You can read more about the adventures of our founder on our About Us page, and our founder’s qualifications can be found on the Qualifications and Credentials page.

After completing his master’s degree, he wrote a book on how the public can stay safe online; you can find out more about that on the Book page.

Service examples

You can see examples of the services we provide below. Despite this listing, we always tailor each service individually and it is just as likely that your service needs are a combination of all of these.
Please contact us for any questions or to book an appointment with us.

Designing a Vulnerability Management Program

A vulnerability management program is one of the cornerstones of a great cybersecurity program. Therefore, one of our services is to help you design a program custom-made for your business, mold tool requirements that help you with that program, and get those tools set up and maximize their usage. Similar to our philosophy above, a good vulnerability Management Program consists mostly of policies and procedures, with tools playing a support role only. Once your policies and procedures have been nailed down, we will work with you to compile tool selection requirements. Once the requirements are clear, we will help you work with vendors to select the right tool for your environment.

Establishing proper policies and procedures

Some think that all they have to do to be secure is to buy the right tool because a sales guy told them that it would make them safe, then buy another tool because that sales guy said it was better. Then they stand there with many tools and no idea how to use any of them. We believe buying a tool and looking for a problem to solve with it is very unproductive. Our advice is to start by creating sound policies and procedures and, from that, create requirements for tools to help you with your new policies and procedures. This way, you start by identifying a problem or a need and then find a tool to fulfill the need. With this approach, you won’t have all sorts of tools you don’t use. Therefore, this is the approach we always use. This service offering is similar to the one above, just a little more comprehensive.

Internal audits Services

If you are working towards a certification or simply maintaining one, you need to have an independent party review your setup and confirm that you are ready for the final review. Without that, you have very little chance of passing your certification audit. This is one of the core services we provide

End User Awareness Training

One thing you absolutely need to pay attention to is training your staff to be security conscious. This is one of the cornerstones of any decent security program, which is why many security frameworks and compliance requirements require this. There are two approaches to this:

• You can purchase a subscription to a video training service, which will check all the required boxes.
• Or you can bring an expert in for true in-person training.

There are pros and cons to each. The video training service makes getting everyone to complete and show compliance easier. It is often bite-sized and easier to fit into busy schedules. The problem is that there is a much greater chance that folks won’t get the material or, worse, will sleep through it.

On the other hand, in-person training, like the one we offer, is more engaging and more comprehensive and ensures everyone is learning the material. The problem is that scheduling can be challenging.

While we typically recommend in-person training for that personal touch, we realize it isn’t practical for everyone. Therefore, we can also put you in touch with some great video training solutions.

NIS2 or DORA Implementation or planning services

We can work with you to ensure you meet NIS2 or DORA government regulations. With the expansion in scope in NIS2, there is a long list of companies that are required to be compliant that weren’t before. Does your company fall under the expanded scope? You may not have the expertise in-house to understand, plan, and implement programs to become NIS2 or DORA compliant, so let us help you. We can provide as much or as little help here as you desire.

Our virtual CISO service works by providing long-term service and being there if needed. We customize the service according to your needs and take over the role of security manager. Usually the service is a combination of the following elements:

• Be available for advice regarding daily questions that may arise

• Keep your processes alive and in sync with the company. Updates the processes when the company or the company’s needs change

• Help with prioritizing cybersecurity safety issues as needed

• Do the necessary preventive measures in the company’s cybersecurity

The cost of this service depends on the scope of the project, such as the number of employees in the company, the nature of the business and more. We offer free consultation on the best way to go for each company. Click on the button below to book an appointment for a free consultation.

Here, you’ll find details about our pricing. Interviews to discuss what services we offer and consultation regarding services you might need are always free.

For clients in the Reykjavik metro area, we can do these interviews in person, at your offices or ours, via teleconferencing or telephone. For clients outside the Reykjavik metro area, teleconference or telephone would be best for this introductory discussion. After that, we can plan a site visit.

Contact us if you have questions or want to book a meeting.

Package 1: Pay by the hour

Charged after delivery of service: 24.000 ISK per hour plus VAT

Package 2: Initial review*

We arrive on-site and review your setup, policies, and procedures. From that, we write a report on how you can reduce your risk of cyber incidents. The report will be delivered within two days, and the invoice will be sent after the report is accepted.

Implementation assistance is available but not included. We will include a proposal for implementation costs along with the report.

This package includes four hours on-site and travels within the Reykjavik metro area between the hours of 10 and 16. Travel outside the metro area is available by special arrangements. The price is 95.000 ISK plus VAT.

*Please note this is just an informal review and lacks all the formality and rigor of a formal audit. Formal audits are approx 10x more expensive and require significant more time from you as well. If you need a formal audit report instead of just a casual observation report, please contact us for a quote

Package 3: Small audit

This is a smaller version of package 2, suitable for smaller companies where the review will take a short time. It includes two hours on-site, but all other details are the same. The price is 45.000 ISK plus VAT.

Package 4: Prepaid hours

Pay for time ahead of time at the special rate of 19.200 ISK plus VAT per hour. That’s a 20% discount on the standard rate. You can purchase a maximum of 50 hours each month at this rate. Once you pay for the hours, they are yours to use whenever you choose and do not expire.

Package 5: Virtual CISO Service

This package is for those who wish for an ongoing service. We’ll conduct regular meetings, go over the status of your security tools, answer your questions, and generally be available to you when it comes to cybersecurity matters. This package comes in three sizes:

• Small: 90.000 ISK plus VAT (limit to 4 hours per month)
• Medium: 160.000 ISK plus VAT (limit to 8 hours per month)
• Large: 290.000 ISK plus VAT (limit to 16 hours per month)

Driving

Visiting your office in the greater Capital region between 10:00 and 16:00 on regular weekdays is always included without any additional charge. Contact us for travel costs for site visits outside the Capital region.

As stated on our about us page, we are registered as a legal entity in Seattle, WA, USA, and Iceland. Here are the contact information and registration numbers for both entities. We can also be reached via social media in the header and the chatbot on this site. We have Slack and Teams and would be happy to federate with you on those and other platforms. Just send us an invite, and we’ll be happy to accept.

You can book a teams meeting with us here, and in person meeting here.