ERE Information Security Auditors
Home | Site Map | Contact Us | |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

Executive Strategies for Managing Web Security Risk


Internet Security 2010

  • Internet security 2010 and 2011 requirements present huge IT risk assessment challenges for our clients. We're up to helping them to meet the challenges. ERE IT risk security auditors provides top down risk analysis to identify security, privacy, and compliance risks and translates them into business costs. We identify and correlate threats and compliance violations and calculate risk with textbook industry standard methodology:
    • STRIDE and DREAD risk assessment.
    • ROSI (Return on Security Investment).
    • Annual loss expectancy and residual risk.
  • We show clients how to estimate costs of potential legal liabilities and how to incorporate them into the IT Governance process.
  • We provide analysis tools to use Cyber Security Auditing for Managing Risk
  • Each IT security compliance audit comes with a pro-forma business case for implementing our recommendations.
  • Ron Lepofsky, our president, has published several articles on IT risk management:


IT Security Compliance Audit

Our IT security compliance audit service correlates network security risks with the audit points of any applicable compliance standard. We act as risk security auditors by associated both a business risk and a technical risk with each security vulnerability.

  • We correlate security and privacy risks we identify with industry standards and regulations.
  • We triage and rate each risk to prioritize remediation steps.
  • Create a pro-forma business case to cost justify all the recommendations within our IT Security Compliance Audit.
  • We provide many types of web security related audits, including privacy compliance audits, IT SOX audits and other financial regulatory compliance audits, NERC CIP audits, and compliance with industry standards such as COBIT.

IT Security Governance Consulting

Corporate Overview

  • Our sole business is providing IT security / privacy services: IT security compliance audit, privacy audit, risk analysis, and consulting.
  • Clients: asset managers, electrical utilities, financial / mortgage managers, software developers, real estate managers
  • More details in the Corporate Information page.

Contact Us Right Up Front

Let us assist you to budget for your next audit. ERE risk security auditors can help you find and eliminate your security risks. Contact us and we'll help you scope the right sized audit for your organization.


Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button