This store is in test mode, and no orders will be fulfilled. Nothing shall be considered accurate while testing and validation are ongoing.
CONTENTS
Here, you’ll find details about our pricing. Interviews to discuss what services we offer and consultation regarding services you might need are always free.
For clients in the Reykjavik metro area, we can do these interviews in person, at your offices or ours, via teleconferencing or telephone. For clients outside the Reykjavik metro area, teleconference or telephone would be best for this introductory discussion. After that, we can plan a site visit.
Contact us if you have questions or want to book a meeting.
Charged after delivery of service: 24.000 ISK per hour plus VAT
We arrive on-site and review your setup, policies, and procedures. From that, we write a report on how you can reduce your risk of cyber incidents. The report will be delivered within two days, and the invoice will be sent after the report is accepted.
Implementation assistance is available but not included. We will include a proposal for implementation costs along with the report.
This package includes four hours on-site and travels within the Reykjavik metro area between the hours of 10 and 16. Travel outside the metro area is available by special arrangements. The price is 95.000 ISK plus VAT.
This is a smaller version of package 2, suitable for smaller companies where the review will take a short time. It includes two hours on-site, but all other details are the same. The price is 45.000 ISK plus VAT.
Pay for time ahead of time at the special rate of 19.200 ISK plus VAT per hour. That’s a 20% discount on the standard rate. You can purchase a maximum of 50 hours each month at this rate. Once you pay for the hours, they are yours to use whenever you choose and do not expire.
This package is for those who wish for an ongoing service. We’ll conduct regular meetings, go over the status of your security tools, answer your questions, and generally be available to you when it comes to cybersecurity matters. This package comes in three sizes:
Visiting your office in the greater Capital region between 10:00 and 16:00 on regular weekdays is always included without any additional charge. Contact us for travel costs for site visits outside the Capital region.
Here are a few resources for you. As always, we are available to answer any questions you may have; reach out, and we’ll help you out.
Our values are trustworthiness, professionalism, and security. The following pages provide more information about us and our services.
To receive email updates from us, please subscribe for updates by fill out this form. The only required field is your email address, however, we would love to have a name to call you by to make our interaction more personal. If you are willing to tell us your birthday it would allow us to wish you a happy birthday. We promise to use your contact very sparingly and only for the purpose stated. We are fully compliant with GDPR
Our privacy policy can be found here. In essence, it says that we never share your info with anyone, unless legally complied to do so. We only use it for the purposes you permit us to, and we delete it as soon as you ask. Meaning you subscribe to get updates and that is the only time we use it.
Here is a fun little quiz to help you gauge your security readiness. After reading each question, give yourself a score of 0-3 on how confident you are on that question. You’ll need something to note the score of each question and then add it all up. Self-grading at the bottom. As with most tests, low scores mean you’ve got some work to do.
QUESTION 1: ASSET MANAGEMENT
How confident are you that you can answer all the following questions 100% accurately without prior notice in less than 15 minutes?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 2: IDENTITY AND ACCESS MANAGEMENT
How confident are you that you know exactly who has access to what, and that everyone still needs all that access?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 3: ACCESS POLICIES
How confident are you in your implementation of principle of least access?
0 – Don’t understand the question/not doing principle of least access
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 4: SECURITY POLICIES
If you were to undergo an unannounced security audit how confident that you could produce documentation on all your security processes, change management, etc., to the satisfaction of the auditor on the spot?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 5: MULTI FACTOR AUTHENTICATION (MFA)
How confident are you that your MFA setup, policies, restrictions, etc., will stop a threat actor from compromising accounts?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 6: PASSWORD MANAGEMENT
How confident are you that passwords for your service account and standalone non-AD accounts are being handled securely? How confident are you that your employees are maintaining secure password management processes?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 7: DATA BACKUP
How confident are you that you can restore critical system with all its data in a timely manner that minimizes impact on the business? Confidence based on faith or hope does not count.
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 8: CONFIDENTIALITY, INTEGRITY AND ACCESS (CIA TRIAD)
What is your confidence level that when it comes to your company’s non-public information, only those that are supposed to see it, can see it, when they need to see it, and that it maintains full integrity? Blind faith confidence and faith based on hope is the same as no confidence
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 9: EVENT LOGGING
How confident are you that you will notice if a data leak is taking place, as in threat actor copying non-public information off-site, or other security incidents are taking place? Are you confident that after an incident you will have all the needed data to reconstruct what happened?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 10: VULNERABILITY MANAGEMENT
How confident are you that you know where all your security vulnerabilities are? Again, pure blind faith or confidence = no confidence.
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 11: CHANGE MANAGEMENT
How confident are you that can detail out all the changes happening in your environment at any point in time?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
QUESTION 12: THIRD PARTY RISK MANAGEMENT
How confident are you that employees of your vendors aren’t your threat actors?
0 – Don’t understand the question
1 – Not at all confident
2 – Some confidence
3 – Very confident
25-36: You’ve got all your ducks in a nice and orderly row, and you have a pretty good idea where each row is.
13-24: Your ducks are loosely grouped together, and you kind of know where most of the groups are.
0-12: Ducks??? I have ducks??? Where are my ducks???
In closing the point of this fun little test isn’t to shame or scare you, the point is to get you thinking about all the various aspect of cybersecurity that is needed to keep you safe.
If we can assist you in improving any of these factors please don’t hesitate to reach out and we would be more than happy to help.
For your reference, these are services or products we recommend or endorse for their online security benefits. If you have any questions, feel free to contact us.
Also for your references, here are links to citations from the book
For more details check out his LinkedIn Profile.
Cybersecurity is the practice of enabling businesses to produce and sell their particular products and services in the most secure way possible. Therefore, their role is to find the most secure way to do what the business needs to do and educate the business. Deciding what is and isn’t risky is not their role; therefore, they should never tell the business no. However, it is the role of the business senior management to set the risk appetite and tolerance and decide what risks they are willing to accept. Therefore, it is with this philosophy that we provide our services.
Customer: I need to jump off a bridge that has a 300-meter fall
Security: Are we talking about bungee jumping?
Customer: No, I need to reach the ground.
Security: BASE jumping is probably your best bet; I recommend getting training first.
Our values are trustworthiness, professionalism, and security. We believe in focusing on your policies and procedures to maximize your effort and return on investment. Then, only invest in tools that can assist with those policies and procedures. In other words, each tool you have should have an obvious tie to a specific policy or procedure. This is what all our services are about. Here are some more details on our services. These aren’t distinct packages; they are more the type of things we do; we will mix and match these to suit your needs. Please contact us with questions or to book some time with us.
A vulnerability management program is one of the cornerstones of a great cybersecurity program. Therefore, one of our services is to help you design a program custom-made for your business, mold tool requirements that help you with that program, and get those tools set up and maximize their usage. Similar to our philosophy above, a good vulnerability Management Program consists mostly of policies and procedures, with tools playing a support role only. Once your policies and procedures have been nailed down, we will work with you to compile tool selection requirements. Once the requirements are clear, we will help you work with vendors to select the right tool for your environment.
Some think that all they have to do to be secure is to buy the right tool because a sales guy told them that it would make them safe, then buy another tool because that sales guy said it was better. Then they stand there with many tools and no idea how to use any of them. We believe buying a tool and looking for a problem to solve with it is very unproductive. Our advice is to start by creating sound policies and procedures and, from that, create requirements for tools to help you with your new policies and procedures. This way, you start by identifying a problem or a need and then find a tool to fulfill the need. With this approach, you won’t have all sorts of tools you don’t use. Therefore, this is the approach we always use. This service offering is similar to the one above, just a little more comprehensive.
If you are working towards a certification or simply maintaining one, you need to have an independent party review your setup and confirm that you are ready for the final review. Without that, you have very little chance of passing your certification audit. This is one of the core services we provide
One thing you absolutely need to pay attention to is training your staff to be security conscious. This is one of the cornerstones of any decent security program, which is why many security frameworks and compliance requirements require this. There are two approaches to this:
There are pros and cons to each. The video training service makes getting everyone to complete and show compliance easier. It is often bite-sized and easier to fit into busy schedules. The problem is that there is a much greater chance that folks won’t get the material or, worse, will sleep through it.
On the other hand, in-person training, like the one we offer, is more engaging and more comprehensive and ensures everyone is learning the material. The problem is that scheduling can be challenging.
While we typically recommend in-person training for that personal touch, we realize it isn’t practical for everyone. Therefore, we can also put you in touch with some great video training solutions.
We can work with you to ensure you meet NIS2 or DORA government regulations. With the expansion in scope in NIS2, there is a long list of companies that are required to be compliant that weren’t before. Does your company fall under the expanded scope? You may not have the expertise in-house to understand, plan, and implement programs to become NIS2 or DORA compliant, so let us help you. We can provide as much or as little help here as you desire.
This service is a long-term engagement that we customize to your needs. This most often involves some mixture of the following:
Icelandic