Protect

Security Assessments

Comprehensive Security Assessment

ERM offers comprehensive security assessment services that address IT security risks on an enterprise-wide basis. Our services result in the identification of critical gaps in your information security architecture that prevent you from achieving your information security goals and objectives. Our assessment approach considers the people, processes, systems, and third party service providers that support and deliver information technology services to your organization.

Network Security – Penetration and Vulnerability Testing Services

ERM offers penetration testing and vulnerability assessments of the following systems and processes:

  • Internal network – internally facing routers, firewalls, servers, and other network devices
  • External network – externally facing routers, firewalls, servers, and other network devices
  • Web applications – applications that are accessible via the web
  • Wireless connectivity – connection facilitating wireless access
  • Mobile applications, devices, and infrastructure – the technologies supporting mobile access
  • Social engineering – the psychological manipulation of people so that they perform certain actions or divulge confidential information

Data Breach and Leak Prevention Services

ERM offers data breach and leak prevention assessment services. Our assessment approach examines both intentional and unintentional release of information to an untrusted environment.

Regulatory Compliance Services

ERM can help your organization meet the security, confidentiality, availability and privacy requirements of one or more regulations. We offer a modular approach based upon your needs, consisting of one or more of the following components:

  • The performance of a gap analysis that results in a roadmap to achieve compliance.
  • The performance of a risk assessment that identifies risks and analyzes threats, vulnerabilities and existing mitigation strategies. ERM has the expertise and experience with respect to a broad range of regulations, standards and frameworks:
    • GLBA
    • FACTA
    • BSA/AML
    • FISMA
    • HIPAA
    • HITECH
    • PCI DDS (ASV Scans, QSA Audits)
    • FERPA
    • SOX
    • ISO 27001
    • NIST
    • FEDRAMP
    • COBIT
    • ITIL
    • ERM Framework
    • FFIEC Cyber Security Assessment

Security Foundation Services

ERM offers security foundation assessment services to ensure that your existing plan and safeguards in place for managing security risk are relevant and sufficient. Your foundation is defined by how you manage, protect, and distribute information through appropriate policies, procedures, and safeguards. ERM can also design a tailored plan that is directly aligned with your current or proposed information security architecture. Our security foundation assessment services include:

  • Information Security Program and Plan
  • Incident Response Plan
  • Disaster Recovery and Business Continuity Plan
  • Security Awareness Program
  • Cybersecurity Program
  • Vendor Management Program
  • Monitoring and Logging Program

Security Baseline Assessments

ERM offers a number of security assessments that determine whether systems and data are protected from unauthorized access, use, disclosure, disruption, modification, or destruction. Our baseline approach evaluates the configuration of hardware and software from a technical perspective, as well as the processes and people supporting these systems. ERM provides security baseline assessments over the following:

  • Infrastructure Security
  • Application Security
  • Physical Security
  • SCADA Security
  • Mobile Device Security
  • Cybersecurity

Other Information Assurance Services

ERM offers other assurance services that are often a key component of your organization’s IT governance
and oversight responsibilities. These services will help you fulfill the requirements of both internal and
external stakeholders and include:

  • IT Audits
  • Service Provider SOC 1, 2, and 3 Attestations
  • IT Governance Assessments
  • IT Risk Management
  • Privacy Assessments
Sign Up for Our Newsletter