SECPRICO

SECPRICO was previously Betri ákvörður (Better Decision Making), a consulting service by Marinó G. Njálsson. Betri ákvörðun has been operating since 1991 and was founded with the purpose of providing decision-making advice. The business then shifted to providing advice on risk management, security and privacy. Since Marinó has earned an international reputation, it was decided to change the name, so that it both better described the main topics of the business and would be more accessible in international relations.

SECPRICO is operated by the private limited company Harpan ehf. (ID 430608-0450). The address is Fróðaþing 3, 203 Kópavogur.

Experience

Marinó G. Njálsson has been involved in information security, network security and privacy since 1992. He is a computer scientist (BSc from the University of Iceland in 1985) and in operations research (MSc from Stanford University in 1987 and Engineer Degree also from Stanford in 1988), in addition to having completed numerous courses in information security, network security and privacy.

He began his career as CFO at Tölvutækni Hans Petersen ehf. (1988-91), then took over teaching at the computer science program at Iðnskólinn in Reykjavík, in addition to holding the position of planning director (1992-97). He also taught for two semesters at the University of Iceland and wrote columns for Morgunblaðið on information technology issues and founded the magazine Tölvuheimur - PC World Ísland. Next, he was the Security Manager at Icelandic Genetics (1997-2000), with all security issues in his hands, not least privacy. Since September 2000, he has worked as a consultant, first at VSK, then independently, from 2012-2023 in Denmark at Hewlett Packard (2012-15), Hewlett Packard Enterprise (2015-17) and DXC Technology (from 2017-23) and is now self-employed again. The jobs at HP, HPE and DXC were in fact all the same job, as HPE was created when HP was split up and HP Inc and HPE were created and DXC was created when HPE was split up and part of the company was merged with CSC. In parallel with his work in Denmark, Marinó carried out occasional projects in Iceland, including preparing a privacy management system for almost all kindergartens and primary schools in the country.

Expertise

Consultants in Iceland generally cannot afford to specialize in one thing and only do that. Therefore, Marinó has dealt with a wide range of information security-related consulting, but the focus has been on information security management and privacy. Both have accompanied his work almost continuously since 1992, although in the beginning it was not called by those names, and he is among the most experienced consultants in this field in Europe.

ISO/IEC 27001, ISO/IEC 27002 - Information security, cyber security and privacy management systems

ISO/IEC 27701 - Information security, cyber security and privacy management systems - Privacy information management system

General Data Protection Regulation (GDPR)(EU) 2016/679

EU Directives and Regulations on Cybersecurity (NIS2, CRA, CER)

EU Directives and Regulations on the Digital Resilience of Financial Institutions (DORA)

Regulations of European Union Aviation Safety Agency (EASA) regulation 2023/203 Annex II - Part-IS

Marinó was DXC Technology's main expert in Northern and Central Europe for many of the above standards, laws and regulations (some of which were issued after he left DXC). He has built information security and privacy management systems for the work of HP, HPE and DXC at a number of clients, but also in Iceland. Management systems that have since undergone annual audits and even certifications.

Recent projects include:

  • Implementation of an integrated information security management system (ISMS) and privacy management system (PIMS) at an Icelandic company in accordance with SO/IEC 27001:2022 and ISO/IEC 27701:2019

  • Implementation of an integrated information security and cybersecurity management system

  • Assistance in analyzing DORA requirements and presenting DORA to the board of a financial institution

  • Definition of the requirements of an integrated management system that includes standards and regulations related to information security, cybersecurity and privacy

Other projects

Marinó is active in the work of professional groups at the Icelandic Standards Council. He has served on many working groups of the Information Technology Professional Group (FUT), such as:

  • ISO/IEC 27001 and ISO/IEC 27002 for the translation of the documents/standards for both the 2005 edition and the 2022 edition into Icelandic

  • ISO/IEC 27701 for the translation of both the 2019 edition and the 2025 edition into Icelandic

  • ISO/IEC 27005 for the translation of the 2022 edition into Icelandic.

  • Steering Group for Artificial Intelligence and CEN-CENELEC JTC 21

From 2006 to 2019, Marinó was an instructor at the Icelandic Standards Council's courses on ISO/IEC 27001 and ISO/IEC 27002 and has continued to do so at the Continuing Education Department of the University of Iceland. He also served as an instructor in courses on ISO/IEC 27701.

Decisioin Analysis - Data Analysis

Marinó has extensive experience with data analysis and how its results can be connected to decision analysis for important decisions.