ERE Information Security Auditors
Home | Site Map | Contact Us |  Resource Center
list of IT security and compliance audit steps
ERE Differentiators from other vendors

IT Security Operations Audit

ERE has identified that lack of adherence to policy is a pivotal and ubiquitous security problem.  The fundamental step to deal with policy violations is to investigate the processes and procedures followed by:

  • IT operations.
  • Security operations.
  • The validity of IT security related documentation.

ERE requests a copy of the following client documentation, where available, for our review:

  • The corporate security policy.
  • A copy of any specific policies, such as Incident Response Policy, Disaster Recovery Plan.
  • Documentation of the corporate security process.
  • Employee security training documentation and instructions.
  • A copy of the security log (a written digest of prior security problems.)
  • A copy of the network diagram.
  • A copy of the rule base for all firewalls and VPNs.
  • Any other relevant documentation.

An ERE security expert then conducts on-site interviews with the key members of the client’s IT and security staff.  The goals for the interview are to:

  • Review all the documentation, and ensure ERE has a clear understanding of their intent and to whom they apply.
  • Gain an understanding of problem areas with regard to operations and security.
  • Review the network architecture from a security perspective, and ensure ERE has a clear understanding of security operations with respect to the intent of the design.
  • Get a clear understanding of any current security problems or concerns.
  • Understand the design goals of the current network architecture.
  • Understand the planned network changes to occur over the ensuing 6 – 12 month period.
  • Conduct a tour of the Location technology room, accompanied by the IT team.
  • Compare, at a large scale, the network diagram with the actual deployment, and gain an understanding of the reasons for any differences.

The process audit also may involve components of other audits, including:


Contact Us

905 764 3246

  Budgetary Price Quote
  10 minute scope definition call
  ROI Calculation for your next Audit 
  Sanitized Statement of Work
  Sanitized Audit Report
  Product Literature  
  White Papers and Published Articles
  Please see Ron Lepofsky’s book,
The Manager’s Guide to Web Application Security,
published by Apress Media

The Manager's Guide to Web Application Security is a concise, information-packed guide to application security risks every organization faces, written in plain language, with guidance on how to deal with those issues quickly and effectively.

Home | Technology Audits | Compliance Audits | Process Audits | Doc Audit/Authorship| | 7x24 Monitoring | Knowledge Transfer
ERE Differentiators | About Us | Site map | Contact Us | |   | Resource Center
Copyrights © 2007-2008. All rights reserved.  

   AddThis Social Bookmark Button