Internet Security 2010

• Internet security 2010 and 2011 requirements present huge IT risk assessment challenges for our clients. We're up to helping them to meet the challenges. ERE IT risk security auditors provides top down risk analysis to identify security, privacy, and compliance risks and translates them into business costs. We identify and correlate threats and compliance violations and calculate risk with textbook industry standard methodology:
• STRIDE and DREAD risk assessment.
• ROSI (Return on Security Investment).
• Annual loss expectancy and residual risk.
• We show clients how to estimate costs of potential legal liabilities and how to incorporate them into the IT Governance process.
• We provide analysis tools to use Cyber Security Auditing for Managing Risk
• Each IT security compliance audit comes with a pro-forma business case for implementing our recommendations.
• Ron Lepofsky, our president, has published several articles on IT risk management:
  • Quantifying Risk and Cost of IT Security Compliance
  • Calculating IT Security Risk

IT Security Compliance Audit

Our IT security compliance audit service correlates network security risks with the audit points of any applicable compliance standard. We act as risk security auditors by associated both a business risk and a technical risk with each security vulnerability.

• We correlate security and privacy risks we identify with industry standards and regulations.
• We triage and rate each risk to prioritize remediation steps.
• Create a pro-forma business case to cost justify all the recommendations within our IT Security Compliance Audit.
• We provide many types of web security related audits, including privacy compliance audits, IT SOX audits and other financial regulatory compliance audits, NERC CIP audits, and compliance with industry standards such as COBIT.

IT Security Governance Consulting

• Assist our clients to build IT Security Governance programs.
• Focus on aligning risk management with critical business goals.
• ERE has created a simplified IT Security Micro Governance process.
• Show clients how to incorporate results of an IT risk assessment into an IT risk management program.

Corporate Overview

• Our sole business is providing IT security / privacy services: IT security compliance audit, privacy audit, risk analysis, and consulting.
• Clients: asset managers, electrical utilities, financial / mortgage managers, software developers, real estate managers
• More details in the Corporate Information page.

Contact Us Right Up Front

Let us assist you to budget for your next audit. ERE risk security auditors can help you find and eliminate your security risks. Contact us and we'll help you scope the right sized audit for your organization.