CISSP - Certified Information Systems Security Professional

 

CISSP is an independent information security certification governed by the International Information Systems Security Certification Consortium, commonly known as (ISC)². CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Standards Organization) Standard 17024:2003. CISSP certification is not only an objective measure of excellence, but a globally recognized standard of achievement.

In June 2008, (ISC)² reported certifying 58,080 information security professionals in more than 130 countries. Crucially, both IBM and Microsoft recognise and value this accreditation.

As the premier achievement in the field of information security, earning CISSP certification provides information security strategists with not only an objective measure of competence, but global recognition of achievement. (ISC)2 has developed its Common Book of Knowledge (CBK), the fundamental information security and assurance requirements being confidentiality, integrity and availability. Expertise is offered in the following areas:

 

Access Control	Categories and Controls Control Threats and Measures
Application Security	Software Based Controls Software Development Lifecyle and Principles
Business Continuity / Disaster Recovery Planning	Response and Recovery Plans Restoration Activities
Cryptography	Basic Concepts and Algorithms Signatures and Certification Cryptanalysis
Information Security	Policies, Standards, Guidelines and Procedures Risk Management Tools and Practices Planning and Organisation
Legal, Compliance and Investigations	Major Legal Systems Common and Civil Law Regulations, Laws and Information Security
Operations Security	Media, Backups and Change Control Management Controls Categories
Physical (Environmental) Security	Layered Physical Defense and Entry Points Site Location Principles
Security Architecture and Design	Principles and Benefits Trusted Systems and Computing Base System and Enterprise Architecture
Telecommunications and Network Security	Network Security Concepts and Risks Business Goals and Network Security

CISSP accreditation brings a wealth of experience to help customers address security concerns in terms of creating security policies, whether from scratch or, alternatively, reviewing and amending existing ones.

By its nature, the role of the CISSP is consultative, and CVSI is unique in being able to take recommendations to the next level by using our own Licensed Penetration Tester to exploit potential vulnerabilities.

Many companies should offer CISSP consultative services that result in recommendations of non-specific equipment remedies, in keeping with the (ISC)² "Code of Conduct". Where CVSI is unique in this respect is in our ability to combine consultations with Licensed Penetration Testing of Company security policies, providing a clear, concise picture of the Security posture of a Company.

CVSI is vendor neutral and any hardware product recommended following a "Penetration Test", where deemed appropriate, will be based upon Risk Assessment and not commercial interest. Our belief is that security is a bespoke solution, not an off-the-shelf product.

Please visit our other security web pages, which outline additional services covering ethical hacking, security analysis and penetration testing.