Digital help provides good cyber hygiene
Tekst: Anne-Lise Aakervik
Foto: Geir Morgen/NTNU
Data loss, hacking, storing data in the wrong places; These are some examples of what bad cybersecurity can lead to. In the hunt for a good risk assessment system, Gaute Wangen and Vebjørn Slyngstadli developed their own.

A happy three-leaf clover. – For the first time, there is a commercialization project from the staff at NTNU. Hege Tokerud, project manager at NTNU Technology Transfer, thinks so. This is a product we see has great potential; she says. Developers Gaute Wangen (center) and Vebjørn Slyngstadli look forward to putting pilot customers in place.


Applies to all Challenges around cybersecurity apply to all types of organizations, from universities to the health, municipal and financial sectors. “Yes, basically all types of sectors that have computer systems and customer care,” says Wangen. “Even the Norwegian Parliament has challenges,” says Slyngstadli and aims for last year’s hacking of e-mail accounts for several representatives. “It may seem that poor cyber hygiene was the cause. It can e.g. be a two-factor login.” Today, mostly IT experts make such risk assessments, but Wangen does not think it is necessary. He says there are not enough experts in the world to make all the assessments. It’s about putting things in order, finding common denominators and things to report on. Standards and norms Everyone should be able to achieve this with a little help, according to the founders of DIRI AS. They have experienced that many issues recur in risk assessments. That can be how to handle their users, who should be allowed to log in, who should handle the data, where should you store them, etc. It can be compared to building or rehabilitating a house, where several norms and standards come into play, such as the wet room norm. TEK 10 and 17 are two other standards that state how the house must be built for it to be approved. “In the same way, we have norms and security standards for the construction of digital infrastructure,” says Gaute Wangen. – But unfortunately, they are not used much. The software from DIRI will help a company find the small things that can make errors. “The system comes from unique research and development at NTNU,” says Hege Tokerud project manager at NTNU Technology Transfer in Gjøvik. Based on the answers you give; a risk matrix and a report are prepared. An understandable summary of what the problem is, and what one should possibly do to prevent it from happening. There are many frustrated technologists with poor tools to convey risk to management. DIRI will help them visualize and communicate. First innovation from staff “The funds we received from NTNU Discovery in the start-up were crucial for us. Without them we would not have come anyway, then we would still have just walked around and talked about this,” says Gaute Wangen. Once again, the support from NTNU Discovery in the early phase spills out funds from other actors. DIRI received 300,000 NOK from Gjøvik municipality when starting up, and 500,000 NOK from the Research Council. “This shows that early funding from NTNU Discovery is important for more support. TTO prioritizes this because we see it can reach an internationally scalable market in all industries around the world,” says Tokerud. Here we are talking about knowledge for a better world in all industries. In the long run, DIRI will be a company that both sells licenses and provides security consulting. ” And we are very sure that cybersecurity must be given much higher priority if you want to be competitive in the future., concludes Wangen and Slyngtadli.

Prosjekter og nyheter
Kontakt:
Prosjektleder
Jan Hassel
Epost: jan.hassel@ntnu.no
Telefon: 906 53 180
Kontor: Hovedbygget, sokkel
Håvard Wibe
Epost: havard.wibe@ntnu.no
Telefon: 41 47 37 68
Kontor: Hovedbygget, sokkel
