fbpx
Skip to content
Home » Blogg um netöryggi

Blogg um netöryggi

  • Cybersecurity Consultancies Types

    Cybersecurity Consultancies Types

    Introduction In this article, I want to go over how one might classify all the different Cybersecurity Consultancies out there and explain how we see Öruggt Net services fitting in, […]

    Read more…

  • What is FUD

    What is FUD

    Introduction In this article, I will discuss FUD, why it is a problem, how to identify it, and what to do about it. So what is FUD? FUD stands for […]

    Read more…

  • Ten Commandments of Infosec

    Ten Commandments of Infosec

    Introduction Presenting the Ten Commandments of Infosec. Here are ten things everyone can do today to improve their cybersecurity posture, plus one bonus for system administrators. As always, please reach […]

    Read more…

Here, you’ll find details about our pricing. Interviews to discuss what services we offer and consultation regarding services you might need are always free.

For clients in the Reykjavik metro area, we can do these interviews in person, at your offices or ours, via teleconferencing or telephone. For clients outside the Reykjavik metro area, teleconference or telephone would be best for this introductory discussion. After that, we can plan a site visit.

Contact us if you have questions or want to book a meeting.

Package 1: Pay by the hour

Charged after delivery of service: 24.000 ISK per hour plus VAT

Package 2: Initial review*

We arrive on-site and review your setup, policies, and procedures. From that, we write a report on how you can reduce your risk of cyber incidents. The report will be delivered within two days, and the invoice will be sent after the report is accepted.

Implementation assistance is available but not included. We will include a proposal for implementation costs along with the report.

This package includes four hours on-site and travels within the Reykjavik metro area between the hours of 10 and 16. Travel outside the metro area is available by special arrangements. The price is 95.000 ISK plus VAT.

*Please note this is just an informal review and lacks all the formality and rigor of a formal audit. Formal audits are approx 10x more expensive and require significant more time from you as well. If you need a formal audit report instead of just a casual observation report, please contact us for a quote

Package 3: Small audit

This is a smaller version of package 2, suitable for smaller companies where the review will take a short time. It includes two hours on-site, but all other details are the same. The price is 45.000 ISK plus VAT.

Package 4: Prepaid hours

Pay for time ahead of time at the special rate of 19.200 ISK plus VAT per hour. That’s a 20% discount on the standard rate. You can purchase a maximum of 50 hours each month at this rate. Once you pay for the hours, they are yours to use whenever you choose and do not expire.

Package 5: Virtual CISO Service

This package is for those who wish for an ongoing service. We’ll conduct regular meetings, go over the status of your security tools, answer your questions, and generally be available to you when it comes to cybersecurity matters. This package comes in three sizes:

  • Small: 90.000 ISK plus VAT (limit to 4 hours per month)
  • Medium: 160.000 ISK plus VAT (limit to 8 hours per month)
  • Large: 290.000 ISK plus VAT (limit to 16 hours per month)

Driving

Visiting your office in the greater Capital region between 10:00 and 16:00 on regular weekdays is always included without any additional charge. Contact us for travel costs for site visits outside the Capital region.

As stated on our about us page, we are registered as a legal entity in Seattle, WA, USA, and Iceland. Here are the contact information and registration numbers for both entities. We can also be reached via social media in the header and the chatbot on this site. We have Slack and Teams and would be happy to federate with you on those and other platforms. Just send us an invite, and we’ll be happy to accept.

You can book a teams meeting with us here, and in person meeting here.

Öruggt Net ehf

kt: 670224-0740
VAT ID: 152122
Suðurhraun 10, 2nd floor.
210 Garðabær Iceland
+354-551-5120
info@oruggtnet.is
https://oruggtnet.is

InfoSecHelp LLC

WA UBI: 604 502 651 001 0001
FEIN: 84-2787519
1037 NE 65TH ST UNIT 80031
SEATTLE, WA 98115
+1-425-223-3342
See website for email
https://infosechelp.net

Aukakrónur Logo

A special welcome to members of Aukakrónur Landsbankann, who get special discounts on all their purchases.

Authorized reseller

Introduction

To offer our customers the best service, we have selected products from specific vendors that we trust and believe in. Then, we signed up to be authorized resellers for those brands. Regarding our selected products, we are very picky about who we represent and only pick those brands we know and love. Initially, we weren’t going to resell anything because we wanted to be independent and impartial. Then, we realized that we couldn’t give our customers the same level of service without it. Additionally, we would have no way of negotiating good deals for you.

If the vendors we have selected do not meet your requirements, we will not hesitate to find you a vendor who does. We only recommend products and vendors we honestly believe are the best fit for your business. As always, make sure to contact us with any questions.

Trusted and Selected Products vendor list

Here is the list of Vendors and products we already know, trust, and love. We have a formal relationship with all these and can offer you some great deals from them.

Nanitor

Nanitor Authorized Reseller

Nanitor is an easy-to-use vulnerability management solution well-suited for companies with less than 20,000 assets. Its usability, combined with accuracy, makes Nanitor our favorite vulnerability management, or CTEM, product for small and medium-sized businesses. We couldn’t be happier to be an Authorized Reseller for Nanitor. It is a comprehensive system that doesn’t compromise on coverage while staying user-friendly. We did a comprehensive analysis of all the vulnerability management products out there, and Nanitor came out on top.

We also have extensive experience with Nanitor and are among the top 5 worldwide experts in Nanitor, so you know we’ll take good care of you.

Tenable

Authorized Reseller Tenable Assure Bronze Partner Logo

Tenable is a well-known and well-established king of vulnerability management solutions. We are very proud to have been accepted into their Assure Authorized Reseller program at the bronze level. Tenable products are nearly infinitely scalable and equally configurable with feature sets to match. However, all these features and configurability come with much complexity. If you require scalability beyond 20,000 assets or need the extra features and configurability and can spend time learning the system, this could be a good fit.

We have years of experience designing, installing, and running Tenable Vulnerability Management systems with a few hundred thousand assets, so we have the expertise you need.

Apricorn

Apricorn is the innovator and leader in encrypted storage solutions, designed and assembled in California, USA, since 1983.

Dozens of award-winning innovations have been developed under the Apricorn brand and for several leading computer manufacturers on an OEM basis.

All their storage solutions feature on-the-fly 100% hardware-based encryption utilizing AES-XTS 256-bit encryption, satisfying US DoD FIPS PUB 197 requirements. While all their drives employ the same encryption and stringent security, only select models have undergone official FIPS 140-2 certification.

We have been using their portable storage solutions for years and couldn’t recommend them strongly enough. They have an impressive list of clients, many of whom have some of the strongest security requirements in the world. We’re not going to name any specific three letters from the US.

Read more about them here.

1Password

1Password Authorized Reseller

We believe 1Password is the best password manager on the market, and we couldn’t recommend it more strongly. This is why we needed to be part of their Authorized Reseller program. Password management is fundamental to good cybersecurity hygiene, so every company must have this as part of its policies. We have tested all the top password managers, and while they all get the job done, we believe this one is the cream of the crop.

We have been using password managers in one form or another for more than 15 years and 1Password for the last two, and it is by far our favorite. You can be assured that we know 1Password inside and out.

Bitdefender

Bitdefender is an excellent endpoint protection suite of security solutions. A global leader in cybersecurity offering services such as:

  • All-in-one solution: Comprehensive protection for critical business assets and employees, including devices, their email addresses, digital identities, passwords, and much more.
  • Business assets monitoring: A 24/7 digital presence patrol to prevent reputation-damaging data breaches and social media account compromises.  
  • Cross-platform protection: One unified security umbrella shields all employee devices and those vital business servers. It includes macOS, iOS, Android, Windows, and Windows Server systems.
  • Easy centralized management: A user-friendly dashboard to oversee your team’s protection even without cybersecurity expertise.

Fortinet

Fortinet is the leader in network security. They are our go-to solution when it comes to securing the network layer. Here is a brief high-level list of the products they have in their portfolio

  • Next-Gen Firewalls (NGFW)
  • Software-defined Wide Area Network (SD-WAN )
  • Secure access service edge (SASE)
  • Zero Trust Network Access (ZTNA)
  • Application Security products
  • Operational Technology Security
  • Security information event management (SIEM)
  • etc

Gigamon

Gigamon offers a deep observability pipeline that efficiently delivers network-derived intelligence to your cloud, security, and observability tools. Therefore eliminating security blind spots and reducing tool costs, enabling you to better secure and manage your hybrid cloud infrastructure.

Without the proper observability, you are flying blind, and you might be on fire, but you just don’t know it.

Veeam

Veeam® Backup Essentials™ delivers powerful, easy-to-use, affordable backup, recovery, monitoring, and reporting for up to 50 virtual, physical, and cloud workloads. This includes backup for VMware vSphere, Microsoft Hyper-V, Nutanix AHV, Windows and Linux Servers, NAS, AWS, Azure, Google Cloud Platform, and more!

Additionally, Veeam Backup Essentials comes with an easy-to-administer license model: The Veeam Universal License (VUL). VUL is a per-workload, transferable license that protects all workloads from a single platform, both on-premises and in the cloud.

Check out our Veeam page for more

Feitian Technologies

Established in 1998, FEITIAN Technologies is a leading global provider of cybersecurity products and solutions. While they offer a wide range of security products, we currently only carry their FIDO security keys.

Malwarebytes

ThreatDown by Malwarebytes is another excellent endpoint protection suite that protects you from malware, viruses, and other threats. If you are looking for a great EDR/XDR solution, this might be the right solution for you.

Proton AG

Proton AG offers a range of products designed with security and privacy in mind. They are one of the few brands respected and recommended by the majority, if not all, cybersecurity professionals. We’ve been paid users of their services for well over a decade. With headquarters in Switzerland, they are bound by Swiss privacy laws, and they were founded by scientists from CERN, so they have some great lineage.

They offer the following products:

  • Proton VPN: The only VPN service we can recommend and trust
  • Proton Mail: If the security and privacy of your email are of utmost importance, Proton Mail is the only way to go.
  • Proton Calendar: The only fully encrypted calendar service. If you’re serious about your security and privacy, keep your calendar in the Proton Calendar.
  • Proton Drive is the only fully encrypted cloud storage service. While OneDrive and Dropbox offer this as a bolt-on for a subsection of your files, Proton Drive encrypts all your files by default.
  • Proton Pass: A relatively new offering from Proton AG. This password manager is going to take the internet by storm.

Potential future adds

We constantly monitor the market, looking for the next great thing. Here are a few things we are monitoring closely. We might add these to our lineup once we learn more about them, assuming they meet our stringent selection criteria.

Niceland VPN

Niceland VPN is a new VPN provider headquartered in Iceland. It is focused on providing secure and anonymous VPN service and is building the technology from the ground up to ensure it can achieve its goals. Their service is still in beta, so we are watching them closely.

Fortra

Fortra has been around for a long time, starting out as Help/38 in 1982, rebranding as HelpSystems in 1988, and becoming Fortra in 2022. They have grown rapidly through acquisitions; names like Tripwire and Beyond Trust are among the companies they have acquired. Today, they have an impressive lineup of products, and we are in talks with them to learn more about them. They will likely be added to our lineup in the near future.

Artic Wolfe

Artic Wolfe is a managed security service provider (MSSP) with impressive product offerings in security operation centers. We will likely add them to our portfolio very soon.

Awarego

Awarego offers an innovative approach to cybersecurity awareness training. It offers short, entertaining videos to get you thinking about cybersecurity. This is a great option for those who prefer to meet their cybersecurity awareness training requirements through two-minute videos a few times a week over getting everyone into a conference room once a year for an hour for an interactive training session. We are formalizing our relationship with them so we can offer this directly to you.

Data443

We recently encountered Data443 and are intrigued by its product line. We are investigating its offerings to see if we should add it.

Cybersecurity training

We offer three training classes: one for the general public, known as Cybersecurity Awareness training, one for IT staff and management, and one for the C-Suite. Here are the details of each

Please contact us if you have any questions or are interested in a private training class.

Cybersecurity Awareness

This training class uses everyday language and is designed for the general public, whether on the job market or not. So, no computer expertise is expected. It comes with a certificate of completion. This is an excellent option for your company’s Cybersecurity Awareness requirements, which NIS, DORA, and other regulations require, as well as certifications like ISO 27001.

Security Basics Topics

In this section, we will discuss and define the following topics

  • Password Management
  • MFA
  • Critical Thinking
  • Links, Attachment, USB Drives
  • Social Engineering
  • Scams
  • FUD
  • Risks and Threat Profiling
  • Threat Protection

Online Privacy Topics

In this section, we’ll discuss what footprint you leave online and how to minimize it. Furthermore, we’ll discuss general online privacy tips and tricks.

Price and schedule

Head on over to our Series Event Calendar to find the schedule and pricing for this training. Please contact us if you don’t find a schedule that meets your needs or to request an alternative location.

Vulnerability Management How-To Training

This is for IT staff and management looking for training on either setting up cybersecurity programs in their orgs or looking to beef it up. We explore topics in enough detail so you have a good overview and know what you need to focus on. If we need to do a deep dive into any of these topics, please let us know, as we’d love to get feedback on what other training to offer.

Topics

In this section, we will discuss and define the following topics

  • What is Vulnerability Management, and why is it important
  • How do you set up a Vulnerability Management Program? What are the components?
  • Cybercrime and its nature.
  • Data Classification
  • Governmental requirements include NIS, NIS2, and DORA. Who is subject to which directive, and what are the requirements
  • Who is CERT-is, and how do they play into all of this?

Price and schedule

Head on over to our Series Event Calendar to find the schedule and pricing for this training. Please contact us if you don’t find a schedule that meets your needs or to request an alternative location.

Cybersecurity for Executives

This high-level training is designed for executives and the C-suite who want to better understand cybersecurity, why it is important, and what they can expect from cybersecurity programs. We are still developing this one; further details will be posted here when available. If you have questions, please contact us.

Apricorn Aegis Encrypted Storage

Introduction

Company info

Apricorn Inc. is the leader in encrypted storage solutions. Its headquarters are in California, USA, and all drives are designed and assembled there. Since Apricorn started out in 1983 as an innovator in this space, they have kept innovating. During their time, dozens of award-winning innovations have been developed under the Apricorn brand and for several leading computer manufacturers on an OEM basis.

All their storage solutions feature on-the-fly 100% hardware-based encryption utilizing AES-XTS 256-bit encryption, satisfying US DoD FIPS PUB 197 requirements. While all their drives employ the same encryption and stringent security, only select models have undergone official FIPS 140-2 certification.

Apricorn Aegis Encrypted Storage

All Apricorn Aegis Encrypted Storage are software-free setup and operation and feature host-free onboard keypad authentication. Therefore, there is nothing you need to install on the host for the drive to work. When you first plug the drive in, the host only sees a USB device drawing power; it has no idea what it is yet. Then, you unlock the drive using the onboard keypad. Afterward, the drive is presented to the host as a generic USB storage device. Accordingly, the host has no idea the drive is encrypted storage. Markedly, this has several security benefits:

  • Impervious to keylogger attacks
  • Impossible to software brute-force
  • Deletion of the encryption key upon physical brute-force attempt
  • Data is always encrypted at rest and only decrypted on the fly during transit
  • Power interruption requires re-authentication to access the data again
  • Self-Destruct PIN. In a hostage-type situation where one is forced to unlock the drive, a unique duress PIN presents a blank drive
  • Setting the drive as read-only can be done via administrative policy or user action through the onboard keypad.

Since all their storage devices present as generic USB storage, they are 100% cross-platform compatible. The platform can support the Apricorn devices if it supports any USB-type storage solution.

Finally, they all come with a three-year warranty.

If you have questions, need quotes, or want a demo, please contact us.

Model comparison

Model NameForm FactorInterfaceStorage methodIP codeFIPS CertifiedStorage Capacity
Aegis Secure Key 3NXUSB StickUSB 3.2 gen 1 Type AFlash MemoryIP68FIPS 140-2 level 34GB – 256GB
Aegis Secure Key 3NXCUSB StickUSB 3.2 type CFlash MemoryIP68FIPS 140-2 level 34GB – 256GB
Aegis Secure Key 3.0USB StickUSB 3.2 Type AFlash MemoryIP68FIPS 140-2 level 316GB-2TB
Aegis NVXPortable DriveUSB 10Gbs Type-CNVMe SSDIP68None500GB-2TB
Aegis Fortress L3Portable DriveUSB 3.2 Type A and Type C5400 RPM HDD or SSDIP68FIPS 140-2 level 3HDD: 500GB-5TB
SSD: 512GB-20TB
Aegis FortressPortable DriveUSB 3.2 Type A5400 RPM HDD or SSDIP68FIPS 140-2 level 2HDD: 500GB-5TB
SSD: 512GB-20TB
Aegis Padlock 3.0Portable DriveUSB 3.2 Gen 1 Type A5400 RPM HDD or SSDNoneNoneHDD: 500GB-2TB
SSD: 256GB-16TB
Aegis Padlock SSDPortable DriveUSB 3.2 Gen 1 Type ASSDIP66FIPS 140-2 level 2240GB-4TB
Aegis Padlock DTPortable DriveUSB 3.0 Type B Connector7200 RPM HDDNoneNone2TB-24TB
Aegis Padlock DT FIPSPortable DriveUSB 3.0 Type B Connector7200 RPM HDDNoneFIPS 140-2 level 22TB-24TB
Apricorn Model comparison

Note: Padlock DT and Padlock DT FIPS are identical products, except Padlock DT FIPS has been certified for FIPS 140-2, and Padlock DT is less expensive.

IP Code stands for “Ingress Protection code” IP code. (2024, July 6). In Wikipedia. https://en.wikipedia.org/wiki/IP_code

IP68 means it is impervious to dust and can be immersed in over a meter of water for an extended period without any harmful impact.

IP66 can be hosed or rinsed with powerful water jets without any harmful effects but should not be immersed in water.

See Wikipedia. https://en.wikipedia.org/wiki/IP_code for more details

Sales Policy: Process

Here is our sales policy, including refund and return policies. For general terms and conditions, see our Terms and Conditions. Our overriding policy is to provide excellent customer service and keep our customers happy.

All orders, including special orders and back-ordered items, must be paid for at the time of sale. We offer various payment options, including options like Netgiro, which offers delayed payments and installments.

Our focus is to deliver your order as quickly as possible. We commit to getting your order to Dropp, our logistic partner, within two business days, much faster in most cases. Dropp, on the other hand, will deliver the order anywhere in Iceland within three business days. Southwest Iceland will usually get their orders as fast as the same day. It is, therefore, feasible (but not guaranteed) for folks in southwest Iceland to get their orders within 24 hours of placing the order.

Sales Policy: Returns

As part of our sales policy, we offer a 30-day return policy on all in-stock items; special orders or back-ordered items are not eligible for returns. We would be happy to let you try demo items for special orders and back-ordered items so you can see if they will suit your needs.

Please keep the original packaging for the 30-day return window and make sure the product remains in a like-new state.

To return your order, just put your order in a similar packaging as it came in, slap the return label on it, and take it back to a Drop delivery point. They will take it from there and get the product back to us.

Once we receive and inspect your return, we will email you to notify you that we have received your returned item and will process your refund. We will strive to process your refund within one business day of receiving your order.

Late or missing refunds

Start by contacting your credit card company; it may take some time before your refund is officially posted.

If your credit card company has no record of our refund after a few days, please contact us.

Sales Policy Summary

To summarize our sales policy, customer satisfaction is very important to us. Contact us for questions related to refunds and returns. We’ll do all we can to make things right.