About Spohn Consulting |
|---|
Nearly every company today, large or small, uses computer systems, applications, and networks to enable their business. Security controls are put in place to manage threats to systems, related information and facilities. They also ensure an acceptable level of confidentiality, integrity, and availability (CIA).
- How much security is enough?
- How do you know if your security solutions are working properly?
- Where are your weaknesses?
- What commercially reasonable improvements can be made to prevent loss to your organization?
- What will you do in the case of an event?
Spohn's Security Consulting Services use proven methodologies to help your organization manage risk and demonstrate due diligence. This is accomplished through in-depth assessments, industry- and company-specific security recommendations, and assistance with security solution Design, Implementation and Training.
We utilize certified and highly experienced security engineers, processes and tools to help you analyze your network, discover gaps, remedy problems and plan for business continuity.
Staff Certifications
Spohn Consulting deploys experienced and certified security engineers using proven tools and processes to assess physical, technical, organizational and administrative security controls, including policy, plans and procedures against industry security standards, best practices and your internal needs.
Our certifications along with information about each are listed here:
Certified Information Systems Security Professional ( CISSP) is an independent information security certification governed by the International Information Systems Security Certification Consortium (commonly known as (ISC)²). The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). The CISSP CBK is fundamentally based on the CIA triad, confidentiality, integrity and availability, and attempts to balance the three across ten areas of interest, which are also called domains. The ten domains are Access Controls, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance, and Investigations, Operations Security, Physical Security, Security Architecture, and Telecommunications and Network Security.
http://www.isc2.org/cissp/default.aspx
Systems Security Certified Practitioner ( SSCP) is a vendor-neutral Information Security certification governed by the non-profit International Information Systems Security Certification Consortium (commonly known as ISC)²). The SSCP common body of knowledge covers a wide range of subject matter in a variety of Information Security topics. The SSCP examination is based on seven domains taken from the (ISC)² Common Body of Knowledge (CBK), which are generally accepted as a compendium of industry best practices for information security. The domains covered by the SSCP CBK are: Access Controls, Security Operations and Administration, Analysis and Monitoring, Cryptography, Networks and Telecommunications, Malicious Code/Malware, and Risk, Response, and Recovery.
http://www.isc2.org/sscp/default.aspx
Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of an Approved PCI Security and Auditing Firm, and will be performing PCI compliance audits as it relates to the protection of credit card data. The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS). There are different levels of auditing and reporting requirements, but the twelve high-level control objectives, and corresponding sub-requirements, of the PCI Data Security Standard are required to be met either directly or through a compensating control.
https://www.pcisecuritystandards.org/
Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. This designation is conferred by the PCI Security Standards Council.
https://www.pcisecuritystandards.org/
Certified Information Systems Auditor ( CISA) is an audit professional certification sponsored by the Information Systems Audit and Control Association ( ISACA). The CISA requires each individual to have knowledge surrounding six IS audit, control or security areas. These areas included the IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protection of information assets, and business continuity and disaster recovery.
The Certified Business Continuity Professional (CBCP) is a business continuity certification sponsored by DRII International. The certification is reserved for individuals who have demonstrated enterprise wide knowledge and skill in the business continuity/disaster recovery industry.
The ISO 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard. This certification is provided mainly by two certification bodies, the International Register of Certificated Auditors (IRCA) and the Registrar Accreditation Board - Quality Society of Australasia (RABQSA International).
|
|
