|
ERE Information Security Auditors
|
|
Managed Cyber Security Services and Consulting
ERE provides and supports a wide range of managed cyber security services (MSP or MSSP).
We also do cyber security consulting. Consulting services include security vulnerability tests, pen tests, creating documents such as security gap analysis, security maturity models, security policies and security procedures.
ERE consults on how to calculate ROI on security expenditures. We present how to minimize cyber security risk to executive committees.
|
|
|
About Our Clients |
|
- Companies with the need compliance with cyber security standards imposed by;
- Government regulations
- Their clients and partners
- Industry standards
- Their external auditors
- Their internal auditors
- Companies responding to Governance and Board of Directors concerns about specific cyber security issues
- Companies directed to manage / mitigate cyber security risk by their executive committees
- Our clients are both in Canada and the USA
|
|
|
|
Deep Visibility into Security Posture |
|
|
- Security Intelligence delivered by Event Log Monitoring and SIEM service.
- Behavioral Analysis delivered by Event Log Monitoring / SIEM Service
- Threat Intelligence delivered by Open Threat Exchange (OTX)
- Asset Discovery by Device Discovery Scanning Service.
- Data loss prevention service provided by services above
- Turn vulnerability scan results from overwhelming into understandable and actionable.
- Turn event log alerts overwhelming into clear and actionable tickets
|
Differentiators |
|
|
- Laser focused on security services. We sell no other services or any products
- Our security team all have industry recognized security credentials including CISSP, CISM
- Competitively priced
- Provide scalable services, from proof of concept through full deployment
- Work with clients through all stages of a project; pre-budget cost justification, proposal, plan, implement, manage, and validate
|
|
|
|
Contact Us
905 764 3246
|
|
|
|
ERE Cyber Security Services in a Nutshell |
|
Automated Vulnerability Scanning Service Identifies web application and network vulnerabilities and how to remediate, every month – this service replaces the one point in time annual pen test, for about the same annual price
- NESSUS, Qualys, Rapid7, Netsparker, QRadar
|
|
Vulnerability Remediation Management Service (proprietary)
- Reduces risk exposure time to remediate
- Time efficiencies for remediating 100’s or 1000’s of new vulnerabilities
- Triage overwhelming number of alerts into a few actionable tickets
- Works with any vulnerability scanner such as NESSUS, Qualys, Rapid7, Netsparker
|
|
|
Security Intelligence, Threat Intelligence Behavior Analysis, and Asset Discovery Services
|
- Security Intelligence delivered by outsourced Event Log Monitoring and outsourced SIEM services
- Behavioral Analysis and threat detection delivered by
- Outsourced event log monitoring / SIEM services
- Outsourced real-time network threat monitoring / intrusion detection service
- Outsourced real-time traffic flow monitoring service
- Data loss prevention service delivered by services above
- Threat Intelligence delivered by access to Open Threat Exchange (OTX) Intelligence
- Asset Discovery delivered by outsourced device discovery scanning service
- Dark web discovery of credentials for sale that belong to a company’s domain
|
|
|
Managed Cyber Security Services |
- Cloud security service
- SIEM service
- Event log monitoring and correlation service
- Real time network threat detection service with network based IDS and host based IDS
- Asset discovery service
- Network traffic monitoring service
|
|
Compliance Management Services |
Enables complex compliance data collection supporting multiple contributors, reporting, and alerts on compliance violations every month. Empowers management to know their compliance posture throughout the year, and not have to rush at compliance audit season.
|
|
Automated Compliance Readiness Score for Any Standard |
Identifies the effectiveness and efficiency of a compliance workflow for any standard
- Financial OSFI, FFIEC, IIAC, IROC, OSC Bill 198, Sarbanes –Oxley (SOX)
- Security CSA Cloud Control Matrix, COBIT, ISO 2700x, NERC CIP, NIST CSF, PCI DSS,
- Privacy Canadian Privacy Act, PHIPA, FIPPA, PIPEDA, RCMP/CSE TRA, SB 1386, TRA and PIA
|
|
Cyber Security State Testing |
- Pen Testing
- Vulnerability Assessment
- Gap Analysis
- Security Auditing
- CMMI baseline security assessment
- Web App Vulnerability Testing
- Security Maturity Capability Assessment
- Mobile App Vulnerability Assessment
- Social Engineering Testing
|
|
Cyber Security Consulting and Documentation Authorship Services |
- Corporate security policies and procedures
- Compliance policies and procedures for any standard
- Security ROI and cost justification planning
- Privacy policies and procedures
- Business continuity plan (BCP) and Disaster recovery plan (DRP)
- Cyber security attack response plan
- Ransomware attack response plan
- Security project management
|
|
Availability Services |
- Tier 1 support for servers and network devices
- Patch management process planning
- Patch management monthly analysis / recommendations
- Patch management hands on assistance
- Post patching vulnerability scanning service to verify patching
|
|
|
Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media
https://www.apress.com/9781484201497
The Manager's Guide to Web Application Security
is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.
|
Quantifying Risk and Cost of IT Security |
|
|
Information Risk Management and creating an IT security business plan are difficult at best. We have IT security cost calculation perfected to a science and happy to provide knowledge transfer all about it. Up front proof of value ROI calculation including audit checklist template and audit report template. We are IT security audit experts. As part of our security audit services we educate our clients on:
|
- How to calculate IT security risk.
- Calculating ROI on information security risk.
- How to calculate security vulnerability cost of risk.
|
|
Contact us |
|
Let us assist you to find hidden risks and compliance violations, and plan how to mitigate them. We will help you to scope your needs and to cost justify your budget requests. Contact us. |
|
|
|
|