Skip to content

The story

Diri AS is a cyber security risk management company founded in 2020. Our vision is to make the cyber world a better place, and our mission is to establish the best practice within the cyber risk area. Our goal is to be your security expert and make high-quality risk assessments available to all who need them.

A data breach can be catastrophic for a company. It can cause economic loss, downtime, legal consequences, and damage its reputation. In addition, new devices connected to critical infrastructure are going online every day. As a society, we depend on improving our perception of cyber risk, and Diri contributes to this.

Our vision

Make the cyberworld a better place.

Our mission

Establish the best practice within the cyber risk area.

Our values

Quality

We work for the highest quality in all levels and areas every step of the way.

Sustainability

Sustainability is a key motivation and a guideline in all we do and create. Read our Code of conduct.

Innovation

We always seek to find better solutions and continuously develop risk management for the future.

Background

Diri’s story starts with, and is a result of cooperation between NTNU (Norwegian University in Science and Technology) at Gjøvik, Kong Arthur in Brumunddal, and NTNU TTO. The company originates in the information security environment at NTNU in Gjøvik. Diri emerged as a solution for several practical problems our founders met when managing risk at NTNU. The risk management tool has been developed with several years of research and practical experience. First, research at The Department of Information Security and Communication Technology and then applying the knowledge in the IT department in the Section for digital security at NTNU.

The theoretical framework for the Diri solution is based on research from The Department of Information Security and Communication Technology and Gaute Wangens PhD thesis: “Cyber Security Risk Assessment Practices: Core Unified Risk Framework.” The thesis is a study of both the theoretical and practical parts of performing cyber security risk assessments. Findings in the thesis exposed a need for a holistic approach to security risk analysis for cyber that integrates into all levels in an organisation. As a result, a new framework with a comprehensive approach to online risk management was developed.

From the left: Hege Tokerud (Board member/NTNU TTO), Stian Husemoen (NTNU Digital Sikkerhet), Bjørn Oustad (Board member/Kong Arthur AS), Vebjørn Slyngstadli (Diri AS), Gaute Wangen (Diri AS) og Tom Øystein Martinsen (Chairman of the board)

Objective

Cyber security risk management is regarded as a discipline that demands a high level of technological insight, and historically the task has been for specialists only. To succeed in the digital world, assessing cyber risk is essential and decisive. The connection between the technical environment and the administrative decision level is often weak, and the management’s understanding of technical risk is often low. Diris’s objective is to:

  • Simplify risk management for cyber security
  • Streamline risk analysis
  • Compile the risk from information technology and provide a comprehensive risk picture
  • Make risk understandable for decisionmakers

The innovation has a holistic approach that allows companies to assess cyber security without internal experts. The Diri tool will suggest a strategy for risk management and a method that makes it possible for the company to build and manage a comprehensive risk portfolio. The tool is based on the following principles:

  • Based on work processes 
  • Flexible and module based 
  • Integration with existing systems 

The problem of compiling the risk from several assessments Diri aims to solve with a comprehensive dashboard for control, alongside building a bridge between company risk and cyber risk, making cyber security understandable and manageable for risk assessors and executives. The solution is user-friendly and intuitive and guides you through the risk assessment in a defined process that doesn’t require a high level of competence of the user but still produces a result of high quality.