ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

IT Security Governance

ERE assists clients to create an IT security governance framework. Often neglected but critically useful to members of IT security operations, IT operations, compliance, and IT security governance is difficult, costly, and time consuming to implement. We make the process simpler and less painful.

The practical result or conclusion of governance should be:

  • Effective internal controls.
  • An efficient mechanism for granting sufficient budget for IT security, privacy, and regulatory compliance as it relates to security and privacy.
  • Ongoing process risk assessments and BIA, in order to feed the mechanism for granting sufficient budget.
  • At the very least an IT security governance framework.
  • Information assurance to executives for due care.


  • ERE risk assessments are straightforward, text book methodologies, based upon industry standards, including NIST, DREAD and ROSI.
  • ERE security, privacy, standards/ regulatory compliance audits recommend specific internal controls.
  • A pro-forma ROSI business case is built into every ERE compliance audit, specifically for the benefit of IT security operations, IT operations, and compliance groups.
  • ERE drills to the essence requirements of IT security governance requirements for each client individually, assists to prioritize needs by impact / risk, and authors a "living" IT security governance framework – a framework designed for client updates / modification.
  • A simple process of providing information assurance for the board is designed into our IT security governance framework.

IT Security Micro – Governance

  • ERE has created a streamlined methodology for assisting:
  • IT security Implementers to get the budgets they require with risk assessments and compliance audits.
  • Compliance managers to measure results and justify their budgets by measuring effectiveness of internal controls.
  • Executives to gain assurance they are providing due care.
  • Identify the important goal of alignment of GRC – governance, risk management, and compliance.
  • Please see the article published by Ron Lepofsky entitled "IT Security Micro Governance"



Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button