Csa summit who can protect us education for cloud security professionals
•Download as PPTX, PDF•
0 likes•1,233 views
This document discusses the need for cloud security professionals and two new certifications: the Certificate of Cloud Security Knowledge (CCSK) and the Certified Cloud Security Professional (CCSP). It outlines the development and requirements for each certification, how they complement each other, and their value for candidates and organizations. The CCSK validates foundational cloud security knowledge, while the CCSP demonstrates advanced experience-based knowledge through work experience and passing an exam. Both certifications are intended to help information security professionals gain specialized cloud skills and validate their competency in securing cloud environments.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Csa summit who can protect us education for cloud security professionals
Similar to Csa summit who can protect us education for cloud security professionals (20)
More from CSA Argentina
More from CSA Argentina (20)
Recently uploaded
Recently uploaded (20)
Csa summit who can protect us education for cloud security professionals
- 2. Who can protect us? Education for cloud security professionals Leonardo Goldim CEO, IT2S Group
- 3. Overview
- 4. New Technologies, New Models • Virtualization • Cloud Computing • BYO* • Big Data • IoT
- 7. Cloud Computing Concerns • Security • Privacy • Compliance
- 8. 2015 (ISC)² Global Information Security Workforce Study • ~ 14,000 information security professionals: cloud security is a priority for organizations • 73% - information security professional must develop new skills • 70% - cloud security certification program are relevant
- 9. Who are able to protect us?
- 10. Industry Needs • Professionals who understand and can apply effective security measures to cloud environments • A reliable indicator of overall competency in cloud security • Roadmap and career path into cloud security • Common global understanding of professional knowledge and best practices in the design, implementation and management of cloud computing systems.
- 11. Security Professionals Needs • Specialized skill required • Qualified professional help organizations take advantage of cloud services • Growing adoption of cloud increase the demand for security professional • Cloud expertise move from “nice to have” to “must have”
- 12. Required Skills For Cloud • Applying security (general foundational understanding still needed) • Understanding cloud security guidelines and reference architectures • Knowing compliance issues • Enhancing technical knowledge • Specifying contractual obligations and requirements related to security
- 13. (ISC)² and CSA
- 14. (ISC)² and CSA • CSA • Individual (CCSK) and organizational (STAR) certifications • Actively writing ISO standards for cloud security • 400+ member organizations around the world • Significant SME pool • Common Book of Knowledge • Ability to reach endorsement on a company-wide-level with member organizations • (ISC)2 • Individual (CISSP, SSCP, CSSLP etc.) certifications • Actively involved with ISO on 27xxx • 100,000+ members globally • ISO/IEC 17024 accreditation • DOD mandate • Significant SME pool • Common Bodies of Knowledge
- 15. Working Together • Power of two global, industry-leading non-profit associations • Stewards for the cloud security and information security profession • Corporate cloud thought leaders • Organizations that reinforce professionals’ ability and experience to audit, assess, and secure cloud infrastructures • Building on existing certifications from both organizations • Ensures CCSP reflects the most current and comprehensive best practices for securing & optimizing cloud computing environments • Establishes a globally accepted benchmark for confirming professional competency in cloud security • Industry expert research and opportunities for continuing education
- 16. CCSK (Certificate of Cloud Security knowledge)
- 17. Development • Certification Board – Ariel Litvin – Ben Katsumi – Carlos Saiz – Christofer Hoff – Craig Balding – Gerhard Eschelbeck – Gianluca D’Antonio – Hadass Harel – Jim Reavis – Joshua Davis – Keith Prabhu – Leonardo Goldim – Peter Gregory – Peter Kunz – Randy Barr – Rich Mogull
- 18. Candidates • Suitable for a wide variety of professions that must be concerned with cloud computing: • IT Professionals • Security Professionals • Auditors • Compliance • Managers • Non-IT Professionals
- 19. Value for Candidates • Validate your competence gained through experience in cloud security • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards • Differentiate yourself from other candidates for desirable employment in the fast-growing cloud security market • Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
- 20. Value for Organizations • Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environment • Increase your confidence that candidates are qualified and committed to cloud security • Ensure practitioners use a universal language, circumventing ambiguity with industry-accepted cloud security terms and practices • Increase organizations’ credibility when working with constituents
- 21. Requirements and Domains • CSA Guidance • Enisa report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”
- 22. CSA Guidance Domains – Cloud Computing Architectural Framework – Governance and Enterprise Risk Management – Legal Issues – Compliance and Audit Management – Information Management and Data Security – Interoperability and Portability – Business Continuity and Disaster Recovery – Data Center Operations – Incident Response – Application Security – Encryption and Key Management – IAM – Virtualization – Security as a Service
- 23. Exam • 90 minutes • 60 questions • US$ 345 • Web based • No expires
- 24. CCSP (Certified cloud security professional)
- 25. Development • Job Task Analysis (JTA) • Subject Matter Experts (SMEs) • (ISC)², CSA, Industry • Asia-Pacific, Europe, Middle East, Brazil, US
- 26. Candidates • IT, IT Security, Compliance: – Enterprise Architect – Security Administrator – Systems Engineer – Security Architect – Security Consultant – Security Engineer – Security Manager – Systems Architect
- 27. Target Organizations • Employers will be crucial to driving adoption of the credential among appropriate employees and job seekers. • Cloud “thought leaders” (including those attempting to be leaders) who are trying to promote their position in the cloud market could be influential in driving demand for CCSP. • Target employers include: • Cloud Service Providers: they know the challenges; value competency; • Information Security Consultants; • IT Integrators and Consultants; • Software Companies. • Government agencies, grappling with migrations to cloud services, should value the competence reflected by CCSP
- 28. Value for Candidates • Demonstrates not just cloud knowledge but competence gained through hands-on experience in addressing the unique information security demands intrinsic to cloud environments • Affirms commitment to understanding and applying security best practices to cloud environments – today and in the future • Enhances credibility and marketability for the most desirable cloud security opportunities; bolsters standing and provides a career differentiator • As a member of (ISC)2, CCSPs gain access to valuable career resources, such as networking and ideas exchange with peers
- 29. Value for Organizations • Secures and optimize organization’s use of cloud computing with qualified professionals who’ve demonstrated cloud security competence • Ensures the organization is applying the proper cloud security controls internally and with 3rd parties by reinforcing risk and legal requirements through cloud contract and SLA’s with cloud service providers • Backed by the two leading stewards of information and cloud security knowledge – (ISC)2 & CSA – organizations can be confident it reflects the most current required best practices and competency • Increases organizational integrity in the eyes of clients and other stakeholders • Ensures work teams stay current on evolving cloud technologies, threats and mitigation strategies by meeting the continuing professional education requirements
- 30. Requirements and Domains • 5 years working experience • 3 years must be in information security • 1 year in one CBK domain • CCSK can be substituted for 1 year experience in CBK domain • CISSP can be substituted for entire experience requirement
- 31. Requirements and Domains • Architectural Concepts & Design Requirements • Cloud Data Security • Cloud Platform and Infrastructure Security • Cloud Application Security • Operations • Legal and Compliance
- 32. Exam • 4 hours • 125 questions • US$ 549 • PearsonVUE testing centers
- 33. Maintain • 3-year cycle • Annual Maintenance Fee (AMF) US$ 100 • 90 CPEs • 30/year • Can utilize CSA to satisfy CPE requirements
- 34. Compare
- 35. Complementary CCSP Deeper, advanced experience-based cloud security knowledge CCSK Broad, Foundational, Baseline Knowledge
- 36. CCSP x Others (ISC)² and CSA Programs • CCSP complements existing credentials • (ISC)² x CSA: complimentary portifolio • CSA: “Incubator of cloud best practices” • Provide relevant opportunities for CPEs
- 37. CCSP x CCSK • Professionals with heavy involvement: CCSK and CCSP • CCSK indicator of broad-based knowledge • CCSP intended for professionals more heavily involved
Editor's Notes
- Agradecer convite e oportunidade da (ISC)² e CSA, uma honra poder falar e participar do lançamento dessa nova certificação e o objetivo da apresentação é tentar passar alguns pontos: Entender porque uma nova certificação foi criada Entender a parceria (ISC)² x CSA Entender melhor a certificação CCSK Entender melhor a certificação CCSP Comparativo entre as duas
- Um breve resumo do cenário atual para entender o porque de uma nova certificação, motivadores, necessidades de mercado, etc.
- Não é novidade que a tecnologia evolui muito rapidamente, porém, nós últimos anos, estamos vendo ela evoluir cada vez mais rápido. Há alguns anos atrás falavamos de virtualização, uma nova tecnologia que iria revolucionar nossos datacenters, ecnomizar espaço, reduzir consumo de energia, TI verde, etc. Num piscar de olhos essa nova tecnologia evoluiu para um novo modelo, que de fato revolucionou nossa relação com TI, surgiu a Cloud Computing. Muitos fatores estão contribuindo para o rápido crescimento e mudanças no mercado de Cloud Computing. Este modelo oferece muitos benefícios para os negócios e para os consumidores, maioria relacionados a agilidade e custos. Da mesma forma que a Virtualização nos permitiu a Cloud Computing, Cloud Computing por sua vez, nos possibilitou uma série de revoluções que estamos vendo hoje: BYO{D,K,*}: Cloud computing nos permitiu trabalhar anywhere, anytime, any device. Muitos usuários começaram a utilizar seus dispositivos pessoais (smartphones, tablets, etc) para acessar emails corporativos, sistemas da organização, etc. Uma dor de cabeça para qualquer profissional de TI/SI Big Data: nos possibilita o processamento de uma quantidade enorme de informações, inclusive auxiliando nas atividades de inteligência e segurança. Infraestruturas públicas de nuvem estão liderando o uso de Big Data, o que alimenta a demanda de Cloud Computing. Atualmente Big Data está disponível por preços mais baratos devido a redução dos custos com armazenamento. IoT: talvez o que tenha o maior impacto no cotidiano das pessoas “comuns”, hoje temos praticamente tudo conectado: carros, celulares, geladeiras, armas, videogame, ip{ad,hone,od}, tenis (wearable technologies), etc. Costumo dizer que, graças a Cloud Computing, hoje estamos cada vez mais conectados (muitas vezes, mesmo sem saber).
- Consequentemente, quanto mais dispositivos conectados, mais informações nossas expostas na internet. Ataques, comprometimentos de sistemas, vazamento de dados, etc, são cada vez mais frequentes. Antigamente apenas nossas informações comerciais estavam disponível nos nossos dispositivos, hoje colocamos nossa vida nestes aparelhos (aplicativos e dispositivos fitness: relógio que mede frequência cardíaca, horas de sono, exercícios, etc; aplicativos para cuidar da dieta – redes sociais: instagram, facebook, twitter, etc; aplicativo para traição”?”; aplicativos de finanças pessoais; começar e terminar relacionamentos;). O site “Information is Beautiful” apresenta um gráfico apresentando os maiores incidentes com vazamento de dados, maiores de 30.000 registros. Nomes conhecidos como Sony, US OPM, JP Morgan Chase, Ebay, Uber, UPS, Ashley Madison, entre outros são alguns que figuram na lista (alguns mais de uma vez em um curto período de tempo).
- Dois incidentes, no minimo curiosos, de 2015 são os da Jeep, onde pesquisadores de segurança conseguiram comprometer remotamente o sistema de um carro, assumindo o controle de freios, direção, motor, etc. Os pesquisadores conseguiram enfiar o carro na parede de um estacionamento, por sorte o carro estava estacionado e ninguém se feriu. Outro incidente é o de um rifle de precisão, que se conecta em um computador para fazer os cáculos para o disparo, considerando velocidade do vento, distância do alvo, movimentação do alvo, etc. Também foi comprometido, possibilitando alterar as variáveis utilizadas para o cáculo, possibilitando acertar o “alvo errado”. Minha maior dúvida nesse caso é: porque um atirador de elite precisa de um computador para fazer esses cáculos? Em 2015 também tivemos o caso de uma clínica que contratou pesquisadores de segurança para avaliar os dispositivos médicos utilizados, todos também reprovados. Enfim, incidentes como estes mostram que não só nossas informações dentro das organizações estão vulneraveis, mas nós também estamos.
- Como podemos ver na nossa volta, a adoção de Cloud Computing não é mais uma questão de se ou quando, mas quanto. Cloud Computing já uma realidade no nosso dia-a-dia e não temos mais como voltar atrás. Microsoft costuma chamar Cloud Computing de “um modelo transformador que vai reduzir custos, estimular a inovação e abrir novos postos de trabalho e qualificações ao redor do mundo.” Alguém discorda? Apesar da crescente adoção de Cloud Computing, profissionais de segurança (nós) estamos preocupados com as vioações e perda de dados, além de outros riscos de segurança. Segurança ainda é a maior barreira na hora de adotar Cloud Computing, 9 de 10 organizações possuem preocupações sobre segurança de Cloud pública. Mas, como garantir a segurança de um ambiente tão peculiar e com tantas particularidades? Como garantir a segurança de um ambiente com uma grande variedade de dispositivos? Alguém sabe implantar um firewall em um carro? Ou em um rifle? Outra preocupação é com a privacidade dos dados, um dos projeto da CSA (Top Threats) apresenta um relatório onde mostra que violação e perda de dados estão no topo da lista. Como Cloud Computing nos permite conectar globalmente, questões de compliance, como localização fisica de determinados dados, leis sobre privacidade, etc estão cada vez mais relevantes.
- De acordo com o estudo realizado pela (ISC)², com aproximadamente 14K profissionais ao redor do mundo, cloud computing é uma prioridade para as organizações, e continuará sendo nos próximos anos. Cloud computing também foi identificada como a principal área de SI com demanda crescente de educação e treinamento dentro dos próximos 3 anos. 70% dos profissionais acreditam que um programa de certificação seria algo relevante. 73% dos profissionais que responderam ao estudo, informaram que os profissionais de segurança precisarão desenvolver novas habilidades.
- Como vimos, nosso cenário está passando por mudanças e, como profissionais, precisamos nos adaptar a essas mudanças. Vimos que novas habilidades serão necessárias, mas quais? Como será esse novo profissional?
- O mercado precisa de um profissional de segurança que entenda e possa aplicar medidas efetivas de segurança na nuvem. E uma forma de avaliar este profissional. Muitas organizações podem não saber o suficiente sobre segurança em cloud computing para entender o que precisam para melhorar. Há muitas diferenças, em termos de medidas de segurança, que precisam ser aplicadas a nuvem, já que abordagens atuais não são suficientes. A CCSP foi desenvolvida buscando ser um indicador confiável de competências e conhecimento sobre segurança em cloud computing.
- Habilidades especializadas em segurança na nuvem serão necessárias para suprir a lacuna entre o aumento da adoção da nuvem e altos níveis de preocupações de segurança. Ter pessoas qualificadas a liderar um processo de avaliação minucioso pode ajudar as organizações de forma responsável a tirar o melhor proveito de serviços em nuvem. A crescente adoção de serviços em nuvem vai aumentar a demanda por profissionais de segurança que podem aplicar os controles apropriados de segurança em modelos de nuvem pública, privada, comunitária ou hibrída. Provedores de nuvem, organizações adotando serviços em nuvem e empresas de serviços profissionais que auxiliam no gerenciamento e implementação vão precisar de profissionais qualificados. Conforme as organizações substituem a arquitetura tradicional de TI por nuvem, expertise em nuvem passará de “bom ter” para “deve ter”.
- Algumas das habilidades esperadas do profissional de segurança em nuvem são: Ainda é preciso uma compreensão geral de segurança, já que alguns controles e conceitos permanecem os mesmos, apenas precisam ser adaptados para um novo modelo; Para implantar os controles de forma efetiva é preciso entender as referências e arquiteturas deste novo modelo, além das orientações gerais de segurança em nuvem; Questões de compliance são ainda mais importantes neste modelo (como já vimos antes) O contrato (com fornecedor do serviço) é um dos maiores aliados da segurança neste modelo, saber especificar obrigações contratuais e requisitos relacionados a segurança é fundamental
- Para atender essa necessidade de mercado, a (ISC)² e CSA juntaram-se para desenvolver uma nova certificação para Segurança em Cloud Computing. (ISC)² e Cloud Security Alliance são organizações de renome mundial, respeitadas no mundo da segurança da informação e cloud computing. Convergiram suas expertises para lançar no mercado uma certificação profissional avançada de segurança em nuvem, vendor-neutral. Ambas possuem extensos conhecimentos, desenvolvidos por profissionais globais que atuam com segurança em nuvem (ISC)²: Há demanda entre os membros da (ISC)², e no mercado de SI, para uma certificação global, vendor-neutral, avançada de segurança em nuvem. Cloud computing emergiu como um tópico crítico que necessita de considerações adicionais de segurança. (ISC)² reconhece que segurança deve ser endereçada dentro de cloud computing para que o modelo possa continuar prosperando. CSA: Cloud Security Alliance (CSA) é uma organização pioneira dedicada a definir e elevar a conscientização das boas práticas para garantir um ambiente de nuvem seguro. CSA aproveita o conhecimento da indústria, associações, governos, empresas e membros individuais para oferecer pesquisas específicas de segurança em nuvem, educação, certificação e eventos. As atividades da CSA, conhecimento e ampla rede de relacionamento beneficia a comunidade como um todo – de provedores a clientes, governos, empreendedores – e fornece um forum onde diversas partes podem trabalhar em conjunto para criar e manter um eco sistema de nuvem confiável. CSA desenvolveu as melhores práticas para a indústria, como "Security Guidance for Critical Areas of Focus in Cloud Computing", "Cloud Controls Matrix", "Top Threats to Cloud Computing" e 50 outras pesquisas.
- A colaboração entre as duas entidades proporciona uma voz mais forte para a profissão e, juntos, permite liderar como os principais conselheiros de confiança para o futuro da profissão de segurança da nuvem.
- Benefícios de trabalhar juntos: A força de duas lideranças globais da indústria; CCSP desenvolvida com base nas certificações já existentes de ambas entidades; Garante que a CCSP reflete as atuais melhores práticas para segurança de ambiente de nuvem; Estabelece um parâmetro global aceitável para avaliar a competência em segurança em nuvem; Oferece oportunidades para educação continuada
- Suitable for a wide variety of professions that must be concerned with cloud computing Excellent baseline indicator of foundational cloud security knowledge
- Publico alvo
- Publico alvo
- Publico alvo
- Publico alvo
- As with all its credentials, (ISC)² conducted a job task analysis (JTA) study to determine the scope and content of the CCSP credential program Subject matter experts from the (ISC)² and CSA memberships, as well as other industry luminaires from organizations in Asia-Pacific, Europe, the Middle East, Brazil and the United States attended several exam development workshops and contributed to develop the Common Body of Knowledge (CBK®) that serves as the foundation for the credential
- Most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services. The CCSP is most appropriate for those well versed in IT and information security, with some experience in cloud computing. The ideal candidate will have experience in applying security concepts and controls to cloud environments We expect CCSP professionals will come from a suite of IT, IT security and compliance positions, including IT Architects – Systems Architects, Enterprise Architects, Security Architects, Web Solutions Architects should all find CCSP applicable and helpful to their careers Web Security & Cloud Security Engineers should view the CCSP as a career-enhancing credential IT Security Professionals, including CISSPs, with cloud experience. They should want to further their careers by positioning themselves as cloud security professionals Governance, Risk & Compliance (GRC) professionals – those who meet the CCSP criteria will see value in the credential, given the importance of the risk and compliance aspects of cloud services IT Auditors may see CCSP as a good way to further their careers as the world moves to the cloud CCSP is designed for infosec professionals with at least 5 years…… The training was developed for cloud providers and cloud consumers.
- Cloud goes across all industries, all organizations – the move to the cloud is happening -- and employers will be crucial in driving adoption. Cloud service providers will be a good target, information security consultants, integrator consultants, software companies, government agencies.
- The CCSP will provide candidates with a widely recognized measure of their competency in cloud security; thereby providing valuable differentiation that promotes their cloud security knowledge, skills and experience and instills confidence among existing and prospective employers as well as the industry in general CCSP is valuable to candidates because… Much like our other credentials -- it takes work to acquire, it reflects knowledge and experience… For candidates, it is a credential they can be proud of -- it should help them gain the job or career path they are looking for. Professionals will seek the CCSP to differentiate themselves among other security professionals.
- The CCSP provides employers with a reliable indicator of candidates’ overall competency in cloud security; thereby ensuring they put the right people in place who can leverage the benefits of cloud computing and possess the knowledge, skills and abilities needed to address the security and business issues associated with the complexities of cloud computing. The CCSP should simplify and improve the hiring process for both public and private sector organizations CSSP is valuable to organizations because…. It provides a measure for competence, it increases organizational integrity in the eyes of customers and clients, and the certification requires the professional to stay current. Professionals who acquire the CCSP show commitment to the field -- employers know that CCSPs have invested their careers -- as well as time and money to acquire the credential.
- To attain CCSP, applicants must have a minimum of five years of cumulative, paid, full-time working experience in information technology, of which three years must be in information security and one year in one of the six CBK domains Earning the Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) can be substituted for one year of experience in one of the six domains of the CCSP CBK. Earning the CISSP credential can be substituted for the entire CCSP experience requirement As with all (ISC)² credentials, CCSP candidates must also subscribe to the (ISC)² Code of Ethics and be endorsed by an (ISC)² member in good standing
- Its body of knowledge reflects the most current and comprehensive best practices for securing and optimizing cloud computing environments. Architectural Concepts & Design Requirements Cloud Data Security Cloud Platform and Infrastructure Security Cloud Application Security Operations Legal and Compliance
- Exam candidates are given 4 hours to take the exam, which consists of 125 questions. Cost is US$549 Exam registration is available as of April 21, 2015. Candidates will be able to sit for the CCSP exam beginning July 21, 2015. Candidates can register to take the CCSP exam at PearsonVUE testing centers worldwide at http://www.pearsonvue.com/isc2/
- During their three-year certification cycle, CCSPs must pay Annual Maintenance Fees (AMFs) of US$100 per year, earn 90 CPEs, with a minimum of 30 each year. Associates of (ISC)² working toward the CCSP must pay US$35 AMFs and earn 15 CPEs each year. As part of (ISC)²’s and CSA’s collaboration, CCSP and other (ISC)² credential holders can utilize CSA’s education and training, research projects, events, working groups and other programs to stay abreast of cloud security best practices while helping to satisfy their CPE requirements
- The two credentials do address some of the same educational topics, but from a different perspective. One performing a detailed review of the bodies of knowledge will discover that some learning objectives are reinforced and a broader understanding is gained. For example the CCSK’s architecture domain teaches the widely adopted NIST cloud computing definition and the CSA layered cloud reference model. The CCSP teaches the new ISO/IEC 17788 cloud taxonomy standard. All of these definitions will be fundamental to the cloud for many years to come, and mastering these definitions enables a professional to be more fluent and competent in their job. There are also several areas where each credential provides unique knowledge, due to their own provenance and learning objectives. CCSP complements and builds upon existing credentials and educational programs, including (ISC)²’s Certified Information Systems Security Professional (CISSP®) and CSA’s Certificate of Cloud Security Knowledge (CCSKTM). The program we have developed strong incentives for information security professionals to obtain both the CCSK and CCSP, which will help to create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.” CSA’s Certificate of Cloud Security Knowledge (CCSK) examination tests across a broad foundation of cloud security knowledge. The CCSK body of knowledge includes 14 domains and covers some unique and critical areas of knowledge, such as Security as a Service, which are not covered in other credentials. The CCSP credential builds upon many of the areas covered by CCSK in order to provide a deeper set of knowledge and competency derived from hands-on experience with information security and cloud computing. It validates practical know-how applicable to those professionals whose day-to-day responsibilities involve cloud security architecture, design, operations, and service orchestration. As an advanced professional credential, CCSP also reflects more than the knowledge needed to pass an exam. It includes: a) exam and testing meeting ANSI requirements; b) legal commitment to code of ethics; c) endorsement from appropriate certified professionals; and d) commitment to continuing professional education – all of which demonstrate that CCSPs are qualified and committed to tackling the cloud security challenges of today and tomorrow. While there are other cloud-related certifications available, most are vendor-specific and relate to vendor technology and solutions. Those that include information security, do so nominally at a theoretical level. Both CCSP and CCSK are vendor-neutral and reflect overall industry best practices for securing cloud environments.
- The Certified Cloud Security Professional (CCSP) credential complements and builds upon the existing credentials and educational programs of both CSA and (ISC)². Both organizations provide a complimentary portfolio of industry-leading certifications that validate a professional’s knowledge in the security of cloud computing systems. Because CSA is the agile group that quickly addresses changes in the cloud security landscape and is an “incubator of cloud best practices,” their research and working groups as well as their education and training programs can provide relevant opportunities for continuing education and CPEs for maintaining the CCSP. CCSP builds upon CSA’s efforts with CCSK CCSK is an examination, CCSP provides a much needed credential for the cloud security profession CCSP depth within key domains is complementary to CCSK’s breadth of coverage CCSP adds to the credibility of the argument for more education for cloud security as a mainstream IT challenge CSA will encourage CCSK + CCSP as a 2 step program CSA encourages virtually all existing CCSKs to pursue CCSP CCSK early adopters tend to have a high interest in cloud security, the target of CCSP CSA creating CPE opportunities within our research targeted at CCSP CSA training partners encouraged to partner with (ISC)2 No brainer for CCSK holders to add CCSP CCSK can be obtained quickly via self-study and online exam, saving training budget CCSKs get largest discount for CCSP of any certification CCSKs already have demonstrated knowledge increasing likelihood of successful CCSP outcome CCSK counts for one year of cloud security experience for CCSP CCSK Plus and CCSP bundled training CCSK Plus training One day classroom instruction for exam preparation Second day hands-on lab exercises to apply concepts (Amazon AWS or HP Helion) – Lab consistently gets extremely positive feedback
- Professionals whose job requirements include a heavy involvement with cloud security should pursue both the CCSK and CCSP. The CCSK is an excellent indicator of broad-based cloud security knowledge. It is appropriate for a wide range of IT professionals, including those in governance and compliance and even some non-IT professionals. The CCSP credential is intended for professionals more heavily involved in cloud security via roles that are accountable for protecting enterprise architectures. The breadth of CCSK, combined with the depth of CCSP will now be the benchmark for comprehensive and demonstrable cloud security expertise. CSA’s Certificate of Cloud Security Knowledge (CCSK) examination tests across a broad foundation of cloud security knowledge. The knowledge reflected by the CCSK certification program helps employers ensure their teams are better equipped to cope with the increasingly pervasive cloud computing issues they now face. The CCSK body of knowledge covers the popular "Security Guidance for Critical Areas of Focus in Cloud Computing" and the "Cloud Controls Matrix". The CCSK is a requirement for auditors performing assessments in conjunction with the CSA Security Trust & Assurance Registry (STAR) Attestation program. The CCSP credential builds upon many of the areas covered by CCSK in order to provide deeper knowledge derived from hands-on information security and cloud computing experience. As an advanced professional credential, CCSP focuses on assessment and reflects more than the knowledge needed to pass an exam. It includes: a) exam and testing meeting ANSI requirements; b) legal commitment to code of ethics; c) endorsement from appropriate certified professionals; and d) commitment to continuing professional education – all of which demonstrate that CCSPs are qualified and committed to tackling the cloud security challenges of today and tomorrow. While there are other cloud-related certifications available, most are vendor-specific and relate to vendor technology and solutions. Those that include information security, do so nominally at a theoretical level. Both CCSP and CCSK are vendor-neutral and reflect overall industry best practices for securing cloud environments