Legal, consulting, project leadership and know-how hub. Based in Sandvika, Norway.
Institutions with valuable assets around the world are digitizing them quickly, but governance of IT/Security is frequently not considered – even at a basic level. Digitization projects create vast opportunities to share data and innovate. However, inherently, systems that collect personally identifiable, sensible information and transactional data from multiple sources in one place become targets for cyberattacks.
The inability of governments to effectively address emerging cyber threats can ruin the confidence people have in the state, its institutions, and the economy, and in turn hamper economic growth.
When implementing projects, we see that, more often than not, functionality is considered as the primary objective of any project; security comes with no priority attached to it. If cybersecurity is considered at all, it is thought of as very technical, something that is put on IT systems as an afterthought, preferably in the shape of another box.
Moreover, a false expectation persists that there is some institution in the country (be it CIRT or IT Ministry) which is responsible for cybersecurity, and which will protect the organization if such a need arises. Organisations tend to forget that cybersecurity is the responsibility of the head of an organization, and when a security incident happens, she or he is held accountable. Donors also tend to forget that in case of a cyber incident, the reputation of both the donor and the implementing organization is hurt, and trust in the newly developed system is lost.
Sometimes processes are deployed and even ITIL or ISO certifications are acquired, with processes described over hundreds of pages, but with no real impact on the organizational culture. At the same time, little time is allocated for capacity building programmes. Two weeks of training may provide a knowledge boost, but it does not produce new habits. So, new knowledge gives way to old habits.
At NRD Companies, we believe it is absolutely necessary to design security architecture from the very inception of the system, including its legal framework, regulations, and workforce capacity building.
NRD Cyber Security (NRD CS) is the facilitator of NRD Companies’ mission of creating a secure digital environment for states, governments, corporations, and citizens in Central and Eastern Europe, East Africa, Asia and other regions via technology platforms, workflows, and processes, by:
- Resolving forensic investigations faster and more efficiently – with centralized processing, early case assessment, verification processes for cyber-police, courts, forensic science centres;
- Law enforcement analytics and defence intelligence automation;
- Assisting in cyber-defence capabilities – in-house CERT capability establishment for organisations and nations;
- Handling Internet abuse data and information sharing for national CERT, ISPs, government, cyber police, corporations;
- Responding to national malware outbreaks, child abuse content for national CERTs, banks, and cyber-police force;
- Monitoring national critical infrastructure with federated cyber-defence model;
- Monitoring social and open Internet for crime, fraud, attacks, information warfare, brand/opinion analysis (OSINT) – a platform for CERTs, cyber-police, national security services, enterprises.
In addition to specialized services, NRD CS via in-house CIRT (cybersecurity incident response team) provides cyber security consulting, performs security audits, compliance and risk assessments, validates and promotes Critical Controls implementations, designs and implements technologies for cybersecurity defence and information system security, and provides training for corporate information security departments.
The NRD CS approach is based on hands-on experience as well as actionable and practical knowledge derived from partnerships with global non-profit organisations, such as OWASP, ISACA, Centre for Internet Security, and others.