Orvin Lau, the principal consultant of Orvin Consulting Inc. holds the following certifications:

CISSP logo

Certified Information Systems Security Professional (CISSP®) – The CISSP is an internationally recognized credential in information security.  It is held by information security professionals who develop policies, standards, and procedures as well as manage implementations across the enterprise.  A major point that sets the CISSP apart from other security certifications is the breadth of information security knowledge and experience necessary to pass the exam.

More information on the CISSP is available through the following websites:

Certified Information Security Manager (CISM®) – The CISM certification program is developed specifically for experienced information security managers and those who have information security management responsibilities.  Unlike other security certifications, CISM is for the individual who manages, designs, oversees and assesses an enterprise′s information security.

More information on the CISM is available through the following websites:

SABSA logo

SABSA Chartered Architect at Foundation Level (SCF) – SABSA, the Sherwood Applied Business Security Architecture, is a proven framework and methodology for Enterprise Security Architecture and Service Management used successfully by numerous organizations around the world. The SABSA Certification Framework is a comprehensive, competencies-based testing program that tests professional proficiency in all aspects of enterprise security as delivered by the SABSA method.

More information on SABSA is available through the following websites:

Certified in Risk and Information Systems Control (CRISC™) – The CRISC designation certifies professionals who have knowledge and experience in identifying and evaluating risk and in designing, implementing, monitoring and maintaining risk-based, efficient and effective information system controls.

More information on the CRISC is available through the following websites:

CPISM security manager logo

Certified Payment Industry Security Manager (CPISM) – The Certified Payment Industry Security Manager (CPISM) is the de facto certification for payment security professionals.  It is directed towards those individuals involved in data security compliance projects in the Payments Industry.  The material assessed is crucial for project managers, compliance and risk managers, as well as for more technical staff in the Payment Card Security Industry.

More information on the CPISM is available through the following websites:

The difference between the CPISM and a PCI Qualified Security Assessor (QSA) can be found here: