ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

ERE Information Security Auditors

ERE provides extensive knowledge transfer

ERE IT security compliance auditors are information security compliance verification auditors. As an IT security auditor in Canada, we serve large and medium organizations across Canada, US, and Europe since 2000. The ERE IT security compliance auditing team has built client loyalty based upon the expertise of our certified security experts and upon our impartiality - ERE Security sells no hardware or software whatsoever.

Our IT security audit methodology encompasses cyber security auditing one time snapshots, 7 24 IT security auditing, and 7 24 security compliance audits. As an extension of 24 x 7 IT security monitoring we provide managed security services.

As a managed security service provider or MSSP our managed security services include operations for advanced firewalls, IDS, vulnerability scanning, and complete SIEM or Security and Event Management services.

NEW: Timesaving IT security vulnerability management software, provided as a secured cloud service

Timesaving IT security vulnerability management software, provided as a secured cloud service
It is called Uzado.
  • Uzado reduces remediation time by about 50% - 70%.
  • It reduces the time to fix all the security vulnerabilities across your enterprise, and then verifies they are really fixed.
  • Uzado delivers immediate return on cost with improved productivity.
  • Uzado makes it easy to manage remediation by assigning assets to owners, and associating vulnerabilities to assets. This gives you the ability to prioritize your vulnerabilities.
  • Uzado makes it easy to track all vulnerabilities that exist and ongoing remediation efforts.
  • Uzado provides an overview of status on vulnerability exposure before remediation, during and after (Residual risk) within the Finding Dashboard.

Uzado fits hand in glove with whatever vulnerability scanner you are using

Uzado fits hand in glove with whatever vulnerability scanner you are using
  • Qualys, Rapid7, Nessus, etc.
  • Time saved looking at 100s of pages of vulnerability scans by converting the data into vulnerability categories that are easily accessed and sorted.
  • Time saved researching and associating your corporate information with every single vulnerability.
  • Time saved sorting and prioritizing 100s or 1000s of vulnerabilities into remediation plans for each remediator.
  • Time saved coordinating all remediators’ activities with a single real time view instead of emails, spreadsheets, and phone calls.
  • Time saved creating executive reports.
  • Time saved creating actionable vulnerability management system related reports.
  • Report on level of effort and show executives how IT security is succeeding.
  • Nice visual overview of different vulnerability results within a dashboard.
  • Time saved both tracking and remembering deferred or accepted vulnerabilities.
  • None of your time spent on the care and feeding of our vulnerability management program provided as a cloud service (SaaS).
  • Keeps your information confidential and safe.

Hand in Glove Fit with Uzado – Vulnerability Scanning as a Service

Hand in Glove Fit with Uzado – Vulnerability Scanning as a Service
  • Vulnerability scanning as a Service -We provide complete outsourced vulnerability scanning, using Qualys
  • This saves your company on capital costs, annual subscription costs, training, and care and feed of a scanner tool.
  • No maintenance on scanner or security patching.
  • We schedule and provide the scan reports to you at the schedule of your choice.
  • This saves your security people valuable time which they can use for pro-active planning and implementations instead of on managing scanning software.
  • We can perform ad hoc and re-scans upon request, allowing you to get updated information on your current vulnerability and remediation activities and status.

We Identify Vulnerabilities that Others Miss

ERE Documentation and Authorship Services
Our single focus is being IT security auditors. Our scope is the security triad of: people, IT technology and systems. We provide:
  • Vulnerability management services, with automated web application vulnerability scanning, network vulnerability scanning, and penetration testing using Nexpose from Rapid7.
  • Information security auditing and application security assessment providers.
  • Application audit and database security specialists.
  • IT compliance audit experts.
  • GDSN compliance for GS1 data pools.
  • IT security policy consulting and disaster recovery planning.
  • SOX compliant, SOX compliance Canada audit, and C-sox compliance checklist.
  • GDSN compliance for GS1 data pools.
  • IT security policy consulting and disaster recovery planning.
  • 7/24 IT security monitoring service which identifies IT security vulnerabilities in real time, including NERC file integrity monitoring.

Information Security Compliance Auditors

ERE Documentation and Authorship Services
Security Compliance Auditors
  • NERC CIP regulations for SCADA, SCADA CIP security audits including CIP 02 to 09, SCADA audit in both Canada and USA, for all real time environments: electrical utilities, water treatment, sewage treatment, oil pipelines, and gas pipelines. NERC - CIP compliance audit and NERC audit checklist, NERC - CIP compliant validation auditors.
  • SOX compliant audits, SOX compliance Canada audit, and C-sox compliance checklist.
  • SOX - SOX compliance Canada, C-SOX compliance audit, SOX Compliance Management Service, Bill 198 security audit.
  • Privacy audit -RCMP / CSE TRA, privacy harmonized TRA, harmonized threat and risk assessment methodology, PIPEDA, PIPEDA PIA, GLBA, HIPAA. We provide PIPEDA compliance audits, training on how to implement privacy policy, and auditing privacy compliance.
  • Security standards and frameworks ISO 27002 compliance, COBIT, EI3PA compliance, ITIL compliance.
  • IT audit checklist - including specific CSOX compliance audit ensuring SOX compliant 3rd party audit scorecard.
  • Audit report template available for compliance.
  • Compliance dashboard for 24x7 security compliance monitoring.
  • Cyber security auditing for managing risk. Correlate business and technical risks for every critical asset.

Techie Talk

We provide technical evidence of all vulnerabilities. Our highly technical evaluation steps include:
  • External vulnerability assessments.
  • Employee Internet abuse assessments.
  • Web facing application audits.
  • Web application audits.
  • Web security auditors.
  • Network architecture audit and security architecture audits.
  • Network security audit templates.
  • Information systems continuous monitoring with an IT security dashboard.
  • ERE Server hardening audits.
  • Wireless audits.
  • Security and loss prevention audits checklist.
  • Firewall compliance audits.
  • IDS compliance audits. Authentication / access controls audit.
  • Compliance control points violations audit.
  • End – user practices audit.
  • IT Policy control points and procedures review.
  • Separation of duties review.
  • IT security policy and procedures review.
  • 3rd party outsourcing separation of duties and due diligence review.
  • Security audit computer systems.

Why Choose ERE Security

  • ERE Information Security are a widely trusted cyber security testing specialist in Canada.
  • We are a widely trusted cyber security testing specialist in USA.
  • Transparency - We provide an information security audit checklist and a database security audit checklist.
  • Transparency – Up front we provide a detailed statement of work with each fixed price quote.
  • Our IT compliance audit service identifies vulnerabilities and compliance violations that others miss.
  • You can rely on a security auditor of the highest Caliber, with CISSP, CISM, and many other industry certifications.
  • Expertise with 75+ IT security audit topics.
  • Objective, impartial web security auditors and network security auditors.
  • Boutique, highly tuned 24x7 IT security auditing services.
  • Transparency – we clearly articulate our computer security compliance audit procedures and provide a methodology on how to calculate ROI on information security risks.
  • We quickly create user-updatable documentation: IT security procedures, IT security policy and procedures, DRP, security training.
  • An excellent reputation and many satisfied clients.
  • One stop for training.

Front Burner Security Concerns

ERE Documentation and Authorship Services

Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  Business case for IT security and compliance 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.


Quantifying Risk and Cost of IT Security

Information Risk Management and creating an IT security business plan are difficult at best. We have IT security cost calculation perfected to a science and happy to provide knowledge transfer all about it. Up front proof of value ROI calculation including audit checklist template and audit report template. We are IT security audit experts. As part of our security audit services we educate our clients on:
  • How to calculate IT security risk.
  • Calculating ROI on information security risk.
  • How to calculate security vulnerability cost of risk.

Contact us right up front

Let us assist you to plan and budget for your next network security audit. May we send you an IT compliance audit template or our IT Security Audit Methodology Template? Contact us and we'll help you scope the right sized audit for you.
information security and compliance auditors
Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2010. All rights reserved.

   AddThis Social Bookmark Button