ERE assists clients to create an IT security governance framework. Often neglected but critically useful to members of IT security operations, IT operations, compliance, and IT security governance is difficult, costly, and time consuming to implement. We make the process simpler and less painful.
The practical result or conclusion of governance should be:
- Effective internal controls.
- An efficient mechanism for granting sufficient budget for IT security, privacy, and regulatory compliance as it relates to security and privacy.
- Ongoing process risk assessments and BIA, in order to feed the mechanism for granting sufficient budget.
- At the very least an IT security governance framework.
- Information assurance to executives for due care.
- ERE risk assessments are straightforward, text book methodologies, based upon industry standards, including NIST, DREAD and ROSI.
- ERE security, privacy, standards/ regulatory compliance audits recommend specific internal controls.
- A pro-forma ROSI business case is built into every ERE compliance audit, specifically for the benefit of IT security operations, IT operations, and compliance groups.
- ERE drills to the essence requirements of IT security governance requirements for each client individually, assists to prioritize needs by impact / risk, and authors a "living" IT security governance framework – a framework designed for client updates / modification.
- A simple process of providing information assurance for the board is designed into our IT security governance framework.
IT Security Micro – Governance
- ERE has created a streamlined methodology for assisting:
- IT security Implementers to get the budgets they require with risk assessments and compliance audits.
- Compliance managers to measure results and justify their budgets by measuring effectiveness of internal controls.
- Executives to gain assurance they are providing due care.
- Identify the important goal of alignment of GRC – governance, risk management, and compliance.
- Please see the article published by Ron Lepofsky entitled "IT Security Micro Governance"