Identifying Network Security Risks
- ERE information security auditing service provides top down risk analysis to identify security, privacy, and compliance risks and translates them into business costs. We identify and correlate threats and compliance violations and calculate risk with textbook industry standard methodology:
- STRIDE and DREAD risk assessment.
- ROSI (Return on Security Investment).
- Annual loss expectancy and residual risk.
- We show clients how to estimate costs of potential legal liabilities and how to incorporate them into the IT Governance process.
- Each security auditor IT security compliance audit comes with a pro-forma business case for implementing our recommendations.
- Ron Lepofsky, our president has published several articles on how to manage IT Security risk:
IT Security Compliance Audit
Our IT security compliance audit service correlates network security risks with the audit points of any applicable compliance standard. We act as risk security auditors by associated both a business risk and a technical risk with each security vulnerability.
- We correlate security and privacy risks we identify with industry standards and regulations.
- We triage and rate each risk to prioritize remediation steps.
- Create a pro-forma business case to cost justify all the recommendations within our IT Security Compliance Audit.
- We provide many types of compliance audits, including privacy compliance audits, IT SOX audits and other financial regulatory compliance audits, NERC CIP audits, and compliance with industry standards such as COBIT.
IT Security Governance Consulting
- Our sole business is providing IT security / privacy services: IT security compliance audit, privacy audit, risk analysis, and consulting.
- Clients: asset managers, electrical utilities, financial / mortgage managers, software developers, real estate managers
- More details in the Corporate Information page.