If you’re considering buying information security consulting services for your company, then you definitely have to know what to consider in a protection consultant.
Sooner or later, many managers or directors will have to consider buying such a product because of their company. There are certainly a lot of firms and individuals to select from, and it could be confusing to assess their relative merits, especially when you’ve had little experience with information security. But there are some general pointers that may help.
Firstly, you’ll need to learn perhaps the services are backed by membership of relevant professional bodies, and appropriate certifications. As an example, in the UK, an information security consultant might be described as a person in CLAS (CESG Listed Advisor Scheme), that will be run by a government body, CESG (Communications-Electronics Security Group), that’s the UK Government’s technical authority on information security.
A CLAS membership implies that the security consulting services provided are approved for data that’s protectively marked around and including the degree of SECRET. CLAS membership also indicates a certain amount of expertise that non-Government organisations can draw upon, even when their data isn’t protectively marked security consulting in israel. In the latter case, however, CLAS membership should not be specified in virtually any tender documents, as it can certainly leave the tender ready to accept challenge by non-CLAS security consultants.
Other memberships and certifications to check for are these:
For penetration testers: either CREST (Council of Registered Ethical Security Testers), or the Tiger Scheme. Alternatively, a British company offering information security consulting services to government departments might be described as a person in CHECK (a UK Government scheme for IT “Health Checks”).
For security consulting services that focus on audit and compliance: CISA (Certified Information Systems Auditor) plus membership of ISACA (Information Security Audit and Compliance Association). Alternatively, chartered membership of an organisation like the BCS (formerly called the British Computer Society) can also indicate appropriate experience.
An information security consultant might have obtained the CISM (Certified Information Security Manager) qualification from ISACA, or possibly the new CGEIT certification (Certified in the Governance of Enterprise IT) from exactly the same body. Another ISACA qualification is CRISC (Certified in Risk and Information Systems Control). All these certificates relate with different emphases within information security consulting services.
THE CISSP (Certified Information Systems Security Professional) qualification is widely regarded as a “gold standard” for senior professionals in the field, and is awarded by (ISC)2, the International Information Systems Security Certification Consortium. It indicates not only competence but in addition a long period of experience in information security.
However, memberships and certification are in no way the whole story. If you should be considering buying information security consulting services, then you definitely may also need to check out background and testimonials from past clients. In addition, the security consultant’s website may be useful, though of course any failings won’t be manufactured obvious there.
To learn more about a consultancy’s financial trustworthiness, it might help to check with the company information service Dun and Bradstreet, or perhaps Companies House (in the UK). But after carrying out each one of these checks, you will see no substitute for a face-to-face meeting and your own educated business instincts. In the end, only you can decide whether you would be happy to utilize the individuals who are offering you their security advice and services.