If you are considering purchasing information security advisory services for your business, you need to know what to look for in a security advisor. First, you need to find out an appropriate professional security consultancy firm and check if they are certified.
Image Source: Google
The verification certificate is as follows:
For intrusion testers: CREST (Registered Ethical Security Examination Board) or Tiger Scheme. Alternatively, a UK company providing information security consulting services to government agencies could become a member of the UK Government Healthcare IT Scheme (CHECK).
For security advisory services focused on auditing and compliance: CISA (Certified Information Systems Auditor) plus membership in ISACA (Association for Information Security Auditing and Compliance). Alternatively, hiring members of an organization such as the BCS (formerly known as the British Computer Society) can provide evidence of relevant experience.
An information security consultant may have received a CISM (Certified Information Security Manager) qualification from ISACA or perhaps a new CGEIT (Enterprise IT Management Certification) certification from the same institution. Another ISACA qualification is CRISC (certified in risk control and information systems). All of these certificates are associated with distinct accents in consulting services for information security.
The CISSP (Certified Information Systems Security Professional) qualification is generally considered the "gold standard" for high-level specialists in this field and is awarded by (ISC) 2, the International Consortium for Information Systems Security Certification. This demonstrates not only competence but also years of experience in information security.
However, membership and certification is not the whole story. If you are considering purchasing an information security consulting service, you should review the records and testimonials from previous customers. In addition, the security advisor website can be useful, although errors are certainly not obvious there.