ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Employee Internet Abuse Audit

The business goals of this rather unique audit is to find unauthorized, unsanctioned, surprise services running on the enterprise network, which may attract liability.  By virtue of the fact that these services are surprises, they are not usually found by security staff. These surprises include:
  • Unidentifiable services, which the auditor can only find for the client to then identify.
  • Infractions of web surfing, including accessing sites displaying pornography, which may attract legal recourse.
  • Misuse of existing services, such as sending email containing restricted data to previous employees.
  • Unsanctioned by identifiable protocols being run by employees.
  • Inappropriate but identifiable services being run by employees, such as instant mail.
  • Trending of unauthorized services run by employees, by time, by location, by subject, etc.
  • Potential intrusions or attacks on the enterprise network.
  • Potential instances of information theft. user traffic patterns, to highlight anomalous traffic patterns, unusually high volumes potentially initiated by worm / Trojan / virus infection.

Key Report Features
The report consists of our written comments and interpretations of our observations, backed up by 21 standard and 7 graphs and charts depicting summaries of the raw data.  An executive summary describes all the key observations, and the detailed analysis for IT technical staff.

Only IP addresses of servers, workstations, and Internet addresses are identified.  User names are not identified, but customers may derive user names from the IP addresses we provide.  We also do not show content of browsing sessions.  When email content is requested as part of an optional report on finding specific phrases, only the emails containing those phrases are retained.

See more


Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button