Staff Certifications
Spohn Consulting deploys experienced and certified security engineers using proven tools and processes to assess physical, technical, organizational and administrative security controls, including policy, plans and procedures against industry security standards, best practices and your internal needs.
Our certifications along with information about each are listed here:
Certified Information Systems Security Professional ( CISSP) is an independent information security certification governed by the International Information Systems Security Certification Consortium (commonly known as (ISC)²). The CISSP curriculum covers subject matter in a variety of Information Security topics. The CISSP examination is based on what (ISC)² terms the Common Body of Knowledge (or CBK). The CISSP CBK is fundamentally based on the CIA triad, confidentiality, integrity and availability, and attempts to balance the three across ten areas of interest, which are also called domains. The ten domains are Access Controls, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance, and Investigations, Operations Security, Physical Security, Security Architecture, and Telecommunications and Network Security.
http://www.isc2.org/cissp/default.aspx
Systems Security Certified Practitioner ( SSCP) is a vendor-neutral Information Security certification governed by the non-profit International Information Systems Security Certification Consortium (commonly known as ISC)²). The SSCP common body of knowledge covers a wide range of subject matter in a variety of Information Security topics. The SSCP examination is based on seven domains taken from the (ISC)² Common Body of Knowledge (CBK), which are generally accepted as a compendium of industry best practices for information security. The domains covered by the SSCP CBK are: Access Controls, Security Operations and Administration, Analysis and Monitoring, Cryptography, Networks and Telecommunications, Malicious Code/Malware, and Risk, Response, and Recovery.
http://www.isc2.org/sscp/default.aspx
Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of an Approved PCI Security and Auditing Firm, and will be performing PCI compliance audits as it relates to the protection of credit card data. The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS). There are different levels of auditing and reporting requirements, but the twelve high-level control objectives, and corresponding sub-requirements, of the PCI Data Security Standard are required to be met either directly or through a compensating control.
https://www.pcisecuritystandards.org/
Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. This designation is conferred by the PCI Security Standards Council.
https://www.pcisecuritystandards.org/
Certified Information Systems Auditor ( CISA) is an audit professional certification sponsored by the Information Systems Audit and Control Association ( ISACA). The CISA requires each individual to have knowledge surrounding six IS audit, control or security areas. These areas included the IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protection of information assets, and business continuity and disaster recovery.
The Certified Business Continuity Professional (CBCP) is a business continuity certification sponsored by DRII International. The certification is reserved for individuals who have demonstrated enterprise wide knowledge and skill in the business continuity/disaster recovery industry.
The ISO 27001 Lead Auditor certification consists of a professional certification for auditors specializing in information security management systems (ISMS) based on the ISO/IEC 27001 standard. This certification is provided mainly by two certification bodies, the International Register of Certificated Auditors (IRCA) and the Registrar Accreditation Board – Quality Society of Australasia (RABQSA International).
