This document discusses the need for cloud security professionals and two new certifications: the Certificate of Cloud Security Knowledge (CCSK) and the Certified Cloud Security Professional (CCSP). It outlines the development and requirements for each certification, how they complement each other, and their value for candidates and organizations. The CCSK validates foundational cloud security knowledge, while the CCSP demonstrates advanced experience-based knowledge through work experience and passing an exam. Both certifications are intended to help information security professionals gain specialized cloud skills and validate their competency in securing cloud environments.
Will your organization or enterprise expand cost-effectively with the power of a managed cloud? We outline 10 key reasons why this strategy will help you improve security, simplify compliance, reduce costs and streamline scalability.
Will your organization or enterprise expand cost-effectively with the power of a managed cloud? We outline 10 key reasons why this strategy will help you improve security, simplify compliance, reduce costs and streamline scalability.
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
My second paper on Cybersecurity frameworks and how Saudi Arabia is forming. This paper has been published by the International Journal of Computer Science and Information Security (IJCSIS) in April 2021, Vol. 19 No. 4 Publication.
Delivering operational efficiency and lower costs through an integrated approach to network security management
Q1 Labs is a global provider of high-value, cost-effective network security management products. The company's next-generation security information and event management (SIEM) offering, QRadar, integrates functions typically segmented by first generation solutions - including log management, SIEM and network activity monitoring - into a total security intelligence solution. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. By deploying QRadar, organizations greatly enhance their IT security programs and meet the following specific security requirements.
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
El control de cuentas y accesos privilegiados enfrenta la realidad actual que involucra complejidad de ambientes de nube, sistemas y plataformas SAAS, así como sistemas legados y bajo premisa. ¿Cómo se adecúan los productos de administración de accesos actuales a esta realidad tecnológica? ¿En torno a qué deben estar listas estas soluciones?
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
Steve Roderick, CEO of gotoBilling, differentiates his end-to-end software payment service in a highly competitive marketplace. How? He trusts a formula that’s a critical component of every business. Sound security — particularly when properly layered — helps organizations defend against breach, protect their brands, ensure compliance and avoid fines. And it’s a message that’s resonating with customers and winning business.
A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks. To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.
Aujas Cyber Security is a global cyber security services company consistently recognized by NASSCOM, Deloitte and Gartner for its unique cyber security capabilities. With a growing workforce of 400+ security experts, Aujas Networks has served more than 1500 clients across the globe.
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
La transformación digital es toda una nueva estrategia para orientar a las organizaciones a ser cada más efectivas en el retorno de inversión de cada $1. El departamento de tecnología de información es el pilar fundamental para liderar dicho esfuerzo sin embargo los retos, riesgos e impactos son mayores cada vez que los cibercriminales aumentan en cantidad, incentivos y capacidad. En esta charla veremos las últimas tendencias de ataques, historias de ciberguerras reales que hemos enfrentado directamente en Estados Unidos y Europa así como la forma en que hemos administrado el riesgo mitigando el impacto.
Conozca como entender la propuesta de valor que tenemos junto a Check Point en la nube pública con una perspectiva de ciberseguridad para los procesos de adopción de los servicios de nube
The cloud offers simplified application development and delivery by providing infrastructure, platform and software services that are ready to use immediately. However, the major inhibitor for businesses has been concerns around security. IBM has simplified the typical method for approaching this problem. Whether you’re looking to employ infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) or software-as-a-service (SaaS), use the framework below when designing your solution. Each platform comes with certain built-in security qualities and lets you use add-ons on top of the platform to secure each workload.
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Your organisation’s data are now everywhere: on your servers and your desktop PCs; on your employees’ smart phones, tablet computers and laptops; on social networks; and in public clouds. Some of these data require special protection but they also need to be accessed remotely, which makes security a considerable challenge. Can you trust public clouds to keep your data safe and secure? Can you trust your own internal systems? And on what criteria and risk management strategies should you base your trust? -- Dr Mark Ian Williams's presentation at the April 2012 'Why Cloud? Why now?' conference at the headquarters of the Institute of Chartered of Accountants of England Wales.
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
My second paper on Cybersecurity frameworks and how Saudi Arabia is forming. This paper has been published by the International Journal of Computer Science and Information Security (IJCSIS) in April 2021, Vol. 19 No. 4 Publication.
Delivering operational efficiency and lower costs through an integrated approach to network security management
Q1 Labs is a global provider of high-value, cost-effective network security management products. The company's next-generation security information and event management (SIEM) offering, QRadar, integrates functions typically segmented by first generation solutions - including log management, SIEM and network activity monitoring - into a total security intelligence solution. QRadar provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect IT assets and meet regulatory requirements. By deploying QRadar, organizations greatly enhance their IT security programs and meet the following specific security requirements.
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
View ondemand webinar: https://securityintelligence.com/events/qradar-investment-2016/
Helping you stay ahead of cybercriminals means our work at IBM Security is never done. With data coming from every direction to collect, you need real time and historical analytics to discover anomalistic conditions that often provide the early warning signs of an attacker’s presence. Join us to hear about new features in IBM Security QRadar that can provide you with better visibility into what’s happening on your network and new integrations that will help you multiply your investment and help speed your remediation efforts.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
El control de cuentas y accesos privilegiados enfrenta la realidad actual que involucra complejidad de ambientes de nube, sistemas y plataformas SAAS, así como sistemas legados y bajo premisa. ¿Cómo se adecúan los productos de administración de accesos actuales a esta realidad tecnológica? ¿En torno a qué deben estar listas estas soluciones?
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
Steve Roderick, CEO of gotoBilling, differentiates his end-to-end software payment service in a highly competitive marketplace. How? He trusts a formula that’s a critical component of every business. Sound security — particularly when properly layered — helps organizations defend against breach, protect their brands, ensure compliance and avoid fines. And it’s a message that’s resonating with customers and winning business.
A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks. To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.
Aujas Cyber Security is a global cyber security services company consistently recognized by NASSCOM, Deloitte and Gartner for its unique cyber security capabilities. With a growing workforce of 400+ security experts, Aujas Networks has served more than 1500 clients across the globe.
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
La transformación digital es toda una nueva estrategia para orientar a las organizaciones a ser cada más efectivas en el retorno de inversión de cada $1. El departamento de tecnología de información es el pilar fundamental para liderar dicho esfuerzo sin embargo los retos, riesgos e impactos son mayores cada vez que los cibercriminales aumentan en cantidad, incentivos y capacidad. En esta charla veremos las últimas tendencias de ataques, historias de ciberguerras reales que hemos enfrentado directamente en Estados Unidos y Europa así como la forma en que hemos administrado el riesgo mitigando el impacto.
Conozca como entender la propuesta de valor que tenemos junto a Check Point en la nube pública con una perspectiva de ciberseguridad para los procesos de adopción de los servicios de nube
The cloud offers simplified application development and delivery by providing infrastructure, platform and software services that are ready to use immediately. However, the major inhibitor for businesses has been concerns around security. IBM has simplified the typical method for approaching this problem. Whether you’re looking to employ infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) or software-as-a-service (SaaS), use the framework below when designing your solution. Each platform comes with certain built-in security qualities and lets you use add-ons on top of the platform to secure each workload.
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.
Your organisation’s data are now everywhere: on your servers and your desktop PCs; on your employees’ smart phones, tablet computers and laptops; on social networks; and in public clouds. Some of these data require special protection but they also need to be accessed remotely, which makes security a considerable challenge. Can you trust public clouds to keep your data safe and secure? Can you trust your own internal systems? And on what criteria and risk management strategies should you base your trust? -- Dr Mark Ian Williams's presentation at the April 2012 'Why Cloud? Why now?' conference at the headquarters of the Institute of Chartered of Accountants of England Wales.
The CCSP is a globally renowned certification that validates the certification holder’s advanced skills and abilities to design, manage, and protect data, and applications in a cloud environment while adhering to the established practices, policies, and procedures.
The CCSP is a globally renowned certification that validates the certification holder’s advanced skills and abilities to design, manage, and protect data, and applications in a cloud environment while adhering to the established practices, policies, and procedures.
Marlabs helps organizations master the disruptive change brought in by the new digital technologies and evolve new business models. We provide a comprehensive range of cloud services from consulting, architecture, design and adoption to management throughout the Cloud life cycle. Marlabs helps our customers integrate their legacy systems with Cloud solutions, maximizing scalability, performance and availability. We accelerate their speed-to-value by leveraging our expertise, frameworks, and partnerships, while reducing risk. To maximize the potential of cloud computing, we address all the accompanying challenges such as security, availability, performance, compliance, integration, and visibility.
Security & Compliance in the Cloud [2019]Tudor Damian
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked. While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
More and more manufacturers have been investing in cloud technology these days, but there is still a contingent of businesses who don’t see the appeal, or are concerned about the risks. In a recent MBT survey about cloud adoption, 50 percent of those manufacturers not using cloud computing said they didn’t because of security concerns. But are these concerns actually justified, or are businesses leaving opportunity on the table due to glaring misconceptions?
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...ATMOSPHERE .
In this webinar, Francisco Brasileiro and Ignacio Blanquer will discuss the trustworthiness requirements of big-data applications deployed atop cloud infrastructures, and how the ATMOSPHERE platform can be used to handle them. This will be explained using as example a medical application developed in the context of the ATMOSPHERE project, and deployed over a transatlantic federated cloud infrastructure.
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Identity and Access Management for User login and departmental level and federation level. User can be easily manageable through identity and access Management
Webinar presentation September 20, 2016.
This deck introduces the CSCC’s deliverable, Cloud Security Standards: What to Expect and What to Negotiate V2.0, which was updated in August 2016 to reflect the latest developments in cloud security standards. The presentation is an overview of the various security standards, frameworks, and certifications that exist for cloud computing. This information will help cloud customers understand and distinguish between the different types of security standards that exist and assess the security standards support of their cloud service providers.
Read the CSCC's deliverable here: http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm
7o estudio-cloud security-esarsenu-2019-csaespearclbobrcomx-isacamad-v2CSA Argentina
Presentación del VII ESTUDIO SOBRE EL ESTADO DEL ARTE DE SEGURIDAD EN LA NUBE:
Mariano J. Benito (GMV), CSA-España. Coordinador.
Gerardo Guzman (Banco de Crédito BCP), CSA-Perú
Luciano Moreira (Vice Presidente), CSA-Argentina
Erik De Pablo (Director Investigación), ISACA-Madrid
Abdel Aliaga (Presidente), CSA-Bolivia
Ricardo Urbina (Presidente), CSA-Chile
Leonardo Goldim (Presidente); CSA-Brasil
Isabel Yepes (Evangelista), CSA-Colombia
Rafael Contreras (SIGE), SCSA-Mexico
Josep Bardallo (SVT Cloud), CSA-España
Daniel Garcia (Director), ISMS Forum
XIII Encuentro de Ciberseguridad 5/12/2019 Hotel NH City
Beneficios, riesgos y recomendaciones en Cloud
Luciano Moreira / Cristian Ibiri
CLOUD SECURITY ALLIANCE
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
8. 2015 (ISC)² Global Information Security
Workforce Study
• ~ 14,000 information security professionals: cloud security is a
priority for organizations
• 73% - information security professional must develop new skills
• 70% - cloud security certification program are relevant
10. Industry Needs
• Professionals who understand and can apply effective security
measures to cloud environments
• A reliable indicator of overall competency in cloud security
• Roadmap and career path into cloud security
• Common global understanding of professional knowledge and best
practices in the design, implementation and management of cloud
computing systems.
11. Security Professionals Needs
• Specialized skill required
• Qualified professional help organizations take advantage of cloud services
• Growing adoption of cloud increase the demand for security
professional
• Cloud expertise move from “nice to have” to “must have”
12. Required Skills For Cloud
• Applying security (general foundational understanding still
needed)
• Understanding cloud security guidelines and reference
architectures
• Knowing compliance issues
• Enhancing technical knowledge
• Specifying contractual obligations and requirements related to
security
14. (ISC)² and CSA
• CSA
• Individual (CCSK) and
organizational (STAR) certifications
• Actively writing ISO standards for
cloud security
• 400+ member organizations
around the world
• Significant SME pool
• Common Book of Knowledge
• Ability to reach endorsement on a
company-wide-level with member
organizations
• (ISC)2
• Individual (CISSP, SSCP, CSSLP etc.)
certifications
• Actively involved with ISO on
27xxx
• 100,000+ members globally
• ISO/IEC 17024 accreditation
• DOD mandate
• Significant SME pool
• Common Bodies of Knowledge
15. Working Together
• Power of two global, industry-leading non-profit associations
• Stewards for the cloud security and information security profession
• Corporate cloud thought leaders
• Organizations that reinforce professionals’ ability and experience to audit, assess,
and secure cloud infrastructures
• Building on existing certifications from both organizations
• Ensures CCSP reflects the most current and comprehensive best practices for
securing & optimizing cloud computing environments
• Establishes a globally accepted benchmark for confirming professional
competency in cloud security
• Industry expert research and opportunities for continuing education
17. Development
• Certification Board
– Ariel Litvin
– Ben Katsumi
– Carlos Saiz
– Christofer Hoff
– Craig Balding
– Gerhard Eschelbeck
– Gianluca D’Antonio
– Hadass Harel
– Jim Reavis
– Joshua Davis
– Keith Prabhu
– Leonardo Goldim
– Peter Gregory
– Peter Kunz
– Randy Barr
– Rich Mogull
18. Candidates
• Suitable for a wide variety of professions that must be concerned with
cloud computing:
• IT Professionals
• Security Professionals
• Auditors
• Compliance
• Managers
• Non-IT Professionals
19. Value for Candidates
• Validate your competence gained through experience in cloud
security
• Demonstrate your technical knowledge, skills, and abilities to
effectively develop a holistic cloud security program relative to
globally accepted standards
• Differentiate yourself from other candidates for desirable
employment in the fast-growing cloud security market
• Gain access to valuable career resources, such as tools, networking
and ideas exchange with peers
20. Value for Organizations
• Protect against threats with qualified professionals who have the
expertise to competently design, build, and maintain a secure cloud
business environment
• Increase your confidence that candidates are qualified and committed
to cloud security
• Ensure practitioners use a universal language, circumventing
ambiguity with industry-accepted cloud security terms and practices
• Increase organizations’ credibility when working with constituents
21. Requirements and Domains
• CSA Guidance
• Enisa report “Cloud Computing: Benefits, Risks and
Recommendations for Information Security”
22. CSA Guidance Domains
– Cloud Computing Architectural
Framework
– Governance and Enterprise Risk
Management
– Legal Issues
– Compliance and Audit
Management
– Information Management and
Data Security
– Interoperability and Portability
– Business Continuity and
Disaster Recovery
– Data Center Operations
– Incident Response
– Application Security
– Encryption and Key
Management
– IAM
– Virtualization
– Security as a Service
27. Target Organizations
• Employers will be crucial to driving adoption of the credential among
appropriate employees and job seekers.
• Cloud “thought leaders” (including those attempting to be leaders) who are
trying to promote their position in the cloud market could be influential in
driving demand for CCSP.
• Target employers include:
• Cloud Service Providers: they know the challenges; value competency;
• Information Security Consultants;
• IT Integrators and Consultants;
• Software Companies.
• Government agencies, grappling with migrations to cloud services, should value
the competence reflected by CCSP
28. Value for Candidates
• Demonstrates not just cloud knowledge but competence gained
through hands-on experience in addressing the unique information
security demands intrinsic to cloud environments
• Affirms commitment to understanding and applying security best
practices to cloud environments – today and in the future
• Enhances credibility and marketability for the most desirable cloud
security opportunities; bolsters standing and provides a career
differentiator
• As a member of (ISC)2, CCSPs gain access to valuable career
resources, such as networking and ideas exchange with peers
29. Value for Organizations
• Secures and optimize organization’s use of cloud computing with qualified
professionals who’ve demonstrated cloud security competence
• Ensures the organization is applying the proper cloud security controls
internally and with 3rd parties by reinforcing risk and legal requirements
through cloud contract and SLA’s with cloud service providers
• Backed by the two leading stewards of information and cloud security
knowledge – (ISC)2 & CSA – organizations can be confident it reflects the
most current required best practices and competency
• Increases organizational integrity in the eyes of clients and other
stakeholders
• Ensures work teams stay current on evolving cloud technologies, threats and
mitigation strategies by meeting the continuing professional education
requirements
30. Requirements and Domains
• 5 years working experience
• 3 years must be in information security
• 1 year in one CBK domain
• CCSK can be substituted for 1 year experience in CBK domain
• CISSP can be substituted for entire experience requirement
31. Requirements and Domains
• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform and Infrastructure Security
• Cloud Application Security
• Operations
• Legal and Compliance
36. CCSP x Others (ISC)² and CSA Programs
• CCSP complements existing credentials
• (ISC)² x CSA: complimentary portifolio
• CSA: “Incubator of cloud best practices”
• Provide relevant opportunities for CPEs
37. CCSP x CCSK
• Professionals with heavy involvement: CCSK and CCSP
• CCSK indicator of broad-based knowledge
• CCSP intended for professionals more heavily involved
Agradecer convite e oportunidade da (ISC)² e CSA, uma honra poder falar e participar do lançamento dessa nova certificação e o objetivo da apresentação é tentar passar alguns pontos:
Entender porque uma nova certificação foi criada
Entender a parceria (ISC)² x CSA
Entender melhor a certificação CCSK
Entender melhor a certificação CCSP
Comparativo entre as duas
Um breve resumo do cenário atual para entender o porque de uma nova certificação, motivadores, necessidades de mercado, etc.
Não é novidade que a tecnologia evolui muito rapidamente, porém, nós últimos anos, estamos vendo ela evoluir cada vez mais rápido.
Há alguns anos atrás falavamos de virtualização, uma nova tecnologia que iria revolucionar nossos datacenters, ecnomizar espaço, reduzir consumo de energia, TI verde, etc. Num piscar de olhos essa nova tecnologia evoluiu para um novo modelo, que de fato revolucionou nossa relação com TI, surgiu a Cloud Computing.
Muitos fatores estão contribuindo para o rápido crescimento e mudanças no mercado de Cloud Computing. Este modelo oferece muitos benefícios para os negócios e para os consumidores, maioria relacionados a agilidade e custos.
Da mesma forma que a Virtualização nos permitiu a Cloud Computing, Cloud Computing por sua vez, nos possibilitou uma série de revoluções que estamos vendo hoje:
BYO{D,K,*}: Cloud computing nos permitiu trabalhar anywhere, anytime, any device. Muitos usuários começaram a utilizar seus dispositivos pessoais (smartphones, tablets, etc) para acessar emails corporativos, sistemas da organização, etc. Uma dor de cabeça para qualquer profissional de TI/SI
Big Data: nos possibilita o processamento de uma quantidade enorme de informações, inclusive auxiliando nas atividades de inteligência e segurança. Infraestruturas públicas de nuvem estão liderando o uso de Big Data, o que alimenta a demanda de Cloud Computing. Atualmente Big Data está disponível por preços mais baratos devido a redução dos custos com armazenamento.
IoT: talvez o que tenha o maior impacto no cotidiano das pessoas “comuns”, hoje temos praticamente tudo conectado: carros, celulares, geladeiras, armas, videogame, ip{ad,hone,od}, tenis (wearable technologies), etc.
Costumo dizer que, graças a Cloud Computing, hoje estamos cada vez mais conectados (muitas vezes, mesmo sem saber).
Consequentemente, quanto mais dispositivos conectados, mais informações nossas expostas na internet. Ataques, comprometimentos de sistemas, vazamento de dados, etc, são cada vez mais frequentes.
Antigamente apenas nossas informações comerciais estavam disponível nos nossos dispositivos, hoje colocamos nossa vida nestes aparelhos (aplicativos e dispositivos fitness: relógio que mede frequência cardíaca, horas de sono, exercícios, etc; aplicativos para cuidar da dieta – redes sociais: instagram, facebook, twitter, etc; aplicativo para traição”?”; aplicativos de finanças pessoais; começar e terminar relacionamentos;).
O site “Information is Beautiful” apresenta um gráfico apresentando os maiores incidentes com vazamento de dados, maiores de 30.000 registros. Nomes conhecidos como Sony, US OPM, JP Morgan Chase, Ebay, Uber, UPS, Ashley Madison, entre outros são alguns que figuram na lista (alguns mais de uma vez em um curto período de tempo).
Dois incidentes, no minimo curiosos, de 2015 são os da Jeep, onde pesquisadores de segurança conseguiram comprometer remotamente o sistema de um carro, assumindo o controle de freios, direção, motor, etc. Os pesquisadores conseguiram enfiar o carro na parede de um estacionamento, por sorte o carro estava estacionado e ninguém se feriu.
Outro incidente é o de um rifle de precisão, que se conecta em um computador para fazer os cáculos para o disparo, considerando velocidade do vento, distância do alvo, movimentação do alvo, etc. Também foi comprometido, possibilitando alterar as variáveis utilizadas para o cáculo, possibilitando acertar o “alvo errado”. Minha maior dúvida nesse caso é: porque um atirador de elite precisa de um computador para fazer esses cáculos?
Em 2015 também tivemos o caso de uma clínica que contratou pesquisadores de segurança para avaliar os dispositivos médicos utilizados, todos também reprovados.
Enfim, incidentes como estes mostram que não só nossas informações dentro das organizações estão vulneraveis, mas nós também estamos.
Como podemos ver na nossa volta, a adoção de Cloud Computing não é mais uma questão de se ou quando, mas quanto. Cloud Computing já uma realidade no nosso dia-a-dia e não temos mais como voltar atrás.
Microsoft costuma chamar Cloud Computing de “um modelo transformador que vai reduzir custos, estimular a inovação e abrir novos postos de trabalho e qualificações ao redor do mundo.” Alguém discorda?
Apesar da crescente adoção de Cloud Computing, profissionais de segurança (nós) estamos preocupados com as vioações e perda de dados, além de outros riscos de segurança.
Segurança ainda é a maior barreira na hora de adotar Cloud Computing, 9 de 10 organizações possuem preocupações sobre segurança de Cloud pública.
Mas, como garantir a segurança de um ambiente tão peculiar e com tantas particularidades? Como garantir a segurança de um ambiente com uma grande variedade de dispositivos? Alguém sabe implantar um firewall em um carro? Ou em um rifle?
Outra preocupação é com a privacidade dos dados, um dos projeto da CSA (Top Threats) apresenta um relatório onde mostra que violação e perda de dados estão no topo da lista.
Como Cloud Computing nos permite conectar globalmente, questões de compliance, como localização fisica de determinados dados, leis sobre privacidade, etc estão cada vez mais relevantes.
De acordo com o estudo realizado pela (ISC)², com aproximadamente 14K profissionais ao redor do mundo, cloud computing é uma prioridade para as organizações, e continuará sendo nos próximos anos.
Cloud computing também foi identificada como a principal área de SI com demanda crescente de educação e treinamento dentro dos próximos 3 anos. 70% dos profissionais acreditam que um programa de certificação seria algo relevante.
73% dos profissionais que responderam ao estudo, informaram que os profissionais de segurança precisarão desenvolver novas habilidades.
Como vimos, nosso cenário está passando por mudanças e, como profissionais, precisamos nos adaptar a essas mudanças. Vimos que novas habilidades serão necessárias, mas quais? Como será esse novo profissional?
O mercado precisa de um profissional de segurança que entenda e possa aplicar medidas efetivas de segurança na nuvem. E uma forma de avaliar este profissional.
Muitas organizações podem não saber o suficiente sobre segurança em cloud computing para entender o que precisam para melhorar. Há muitas diferenças, em termos de medidas de segurança, que precisam ser aplicadas a nuvem, já que abordagens atuais não são suficientes.
A CCSP foi desenvolvida buscando ser um indicador confiável de competências e conhecimento sobre segurança em cloud computing.
Habilidades especializadas em segurança na nuvem serão necessárias para suprir a lacuna entre o aumento da adoção da nuvem e altos níveis de preocupações de segurança. Ter pessoas qualificadas a liderar um processo de avaliação minucioso pode ajudar as organizações de forma responsável a tirar o melhor proveito de serviços em nuvem.
A crescente adoção de serviços em nuvem vai aumentar a demanda por profissionais de segurança que podem aplicar os controles apropriados de segurança em modelos de nuvem pública, privada, comunitária ou hibrída.
Provedores de nuvem, organizações adotando serviços em nuvem e empresas de serviços profissionais que auxiliam no gerenciamento e implementação vão precisar de profissionais qualificados. Conforme as organizações substituem a arquitetura tradicional de TI por nuvem, expertise em nuvem passará de “bom ter” para “deve ter”.
Algumas das habilidades esperadas do profissional de segurança em nuvem são:
Ainda é preciso uma compreensão geral de segurança, já que alguns controles e conceitos permanecem os mesmos, apenas precisam ser adaptados para um novo modelo;
Para implantar os controles de forma efetiva é preciso entender as referências e arquiteturas deste novo modelo, além das orientações gerais de segurança em nuvem;
Questões de compliance são ainda mais importantes neste modelo (como já vimos antes)
O contrato (com fornecedor do serviço) é um dos maiores aliados da segurança neste modelo, saber especificar obrigações contratuais e requisitos relacionados a segurança é fundamental
Para atender essa necessidade de mercado, a (ISC)² e CSA juntaram-se para desenvolver uma nova certificação para Segurança em Cloud Computing.
(ISC)² e Cloud Security Alliance são organizações de renome mundial, respeitadas no mundo da segurança da informação e cloud computing. Convergiram suas expertises para lançar no mercado uma certificação profissional avançada de segurança em nuvem, vendor-neutral. Ambas possuem extensos conhecimentos, desenvolvidos por profissionais globais que atuam com segurança em nuvem
(ISC)²:
Há demanda entre os membros da (ISC)², e no mercado de SI, para uma certificação global, vendor-neutral, avançada de segurança em nuvem.
Cloud computing emergiu como um tópico crítico que necessita de considerações adicionais de segurança.
(ISC)² reconhece que segurança deve ser endereçada dentro de cloud computing para que o modelo possa continuar prosperando.
CSA:
Cloud Security Alliance (CSA) é uma organização pioneira dedicada a definir e elevar a conscientização das boas práticas para garantir um ambiente de nuvem seguro.
CSA aproveita o conhecimento da indústria, associações, governos, empresas e membros individuais para oferecer pesquisas específicas de segurança em nuvem, educação, certificação e eventos. As atividades da CSA, conhecimento e ampla rede de relacionamento beneficia a comunidade como um todo – de provedores a clientes, governos, empreendedores – e fornece um forum onde diversas partes podem trabalhar em conjunto para criar e manter um eco sistema de nuvem confiável.
CSA desenvolveu as melhores práticas para a indústria, como "Security Guidance for Critical Areas of Focus in Cloud Computing", "Cloud Controls Matrix", "Top Threats to Cloud Computing" e 50 outras pesquisas.
A colaboração entre as duas entidades proporciona uma voz mais forte para a profissão e, juntos, permite liderar como os principais conselheiros de confiança para o futuro da profissão de segurança da nuvem.
Benefícios de trabalhar juntos:
A força de duas lideranças globais da indústria;
CCSP desenvolvida com base nas certificações já existentes de ambas entidades;
Garante que a CCSP reflete as atuais melhores práticas para segurança de ambiente de nuvem;
Estabelece um parâmetro global aceitável para avaliar a competência em segurança em nuvem;
Oferece oportunidades para educação continuada
Suitable for a wide variety of professions that must be concerned with cloud computing
Excellent baseline indicator of foundational cloud security knowledge
Publico alvo
Publico alvo
Publico alvo
Publico alvo
As with all its credentials, (ISC)² conducted a job task analysis (JTA) study to determine the scope and content of the CCSP credential program
Subject matter experts from the (ISC)² and CSA memberships, as well as other industry luminaires from organizations in Asia-Pacific, Europe, the Middle East, Brazil and the United States attended several exam development workshops and contributed to develop the Common Body of Knowledge (CBK®) that serves as the foundation for the credential
Most appropriate for those whose day-to-day responsibilities involve procuring, securing and managing cloud environments or purchased cloud services.
The CCSP is most appropriate for those well versed in IT and information security, with some experience in cloud computing. The ideal candidate will have experience in applying security concepts and controls to cloud environments
We expect CCSP professionals will come from a suite of IT, IT security and compliance positions, including
IT Architects – Systems Architects, Enterprise Architects, Security Architects, Web Solutions Architects should all find CCSP applicable and helpful to their careers
Web Security & Cloud Security Engineers should view the CCSP as a career-enhancing credential
IT Security Professionals, including CISSPs, with cloud experience. They should want to further their careers by positioning themselves as cloud security professionals
Governance, Risk & Compliance (GRC) professionals – those who meet the CCSP criteria will see value in the credential, given the importance of the risk and compliance aspects of cloud services
IT Auditors may see CCSP as a good way to further their careers as the world moves to the cloud
CCSP is designed for infosec professionals with at least 5 years……
The training was developed for cloud providers and cloud consumers.
Cloud goes across all industries, all organizations – the move to the cloud is happening -- and employers will be crucial in driving adoption.
Cloud service providers will be a good target,
information security consultants,
integrator consultants,
software companies,
government agencies.
The CCSP will provide candidates with a widely recognized measure of their competency in cloud security; thereby providing valuable differentiation that promotes their cloud security knowledge, skills and experience and instills confidence among existing and prospective employers as well as the industry in general
CCSP is valuable to candidates because…
Much like our other credentials -- it takes work to acquire, it reflects knowledge and experience…
For candidates, it is a credential they can be proud of -- it should help them gain the job or career path they are looking for.
Professionals will seek the CCSP to differentiate themselves among other security professionals.
The CCSP provides employers with a reliable indicator of candidates’ overall competency in cloud security; thereby ensuring they put the right people in place who can leverage the benefits of cloud computing and possess the knowledge, skills and abilities needed to address the security and business issues associated with the complexities of cloud computing. The CCSP should simplify and improve the hiring process for both public and private sector organizations
CSSP is valuable to organizations because….
It provides a measure for competence,
it increases organizational integrity in the eyes of customers and clients,
and the certification requires the professional to stay current.
Professionals who acquire the CCSP show commitment to the field -- employers know that CCSPs have invested their careers -- as well as time and money to acquire the credential.
To attain CCSP, applicants must have a minimum of five years of cumulative, paid, full-time working experience in information technology, of which three years must be in information security and one year in one of the six CBK domains
Earning the Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) can be substituted for one year of experience in one of the six domains of the CCSP CBK. Earning the CISSP credential can be substituted for the entire CCSP experience requirement
As with all (ISC)² credentials, CCSP candidates must also subscribe to the (ISC)² Code of Ethics and be endorsed by an (ISC)² member in good standing
Its body of knowledge reflects the most current and comprehensive best practices for securing and optimizing cloud computing environments.
Architectural Concepts & Design Requirements
Cloud Data Security
Cloud Platform and Infrastructure Security
Cloud Application Security
Operations
Legal and Compliance
Exam candidates are given 4 hours to take the exam, which consists of 125 questions.
Cost is US$549
Exam registration is available as of April 21, 2015. Candidates will be able to sit for the CCSP exam beginning July 21, 2015. Candidates can register to take the CCSP exam at PearsonVUE testing centers worldwide at http://www.pearsonvue.com/isc2/
During their three-year certification cycle, CCSPs must pay Annual Maintenance Fees (AMFs) of US$100 per year, earn 90 CPEs, with a minimum of 30 each year. Associates of (ISC)² working toward the CCSP must pay US$35 AMFs and earn 15 CPEs each year.
As part of (ISC)²’s and CSA’s collaboration, CCSP and other (ISC)² credential holders can utilize CSA’s education and training, research projects, events, working groups and other programs to stay abreast of cloud security best practices while helping to satisfy their CPE requirements
The two credentials do address some of the same educational topics, but from a different perspective. One performing a detailed review of the bodies of knowledge will discover that some learning objectives are reinforced and a broader understanding is gained. For example the CCSK’s architecture domain teaches the widely adopted NIST cloud computing definition and the CSA layered cloud reference model. The CCSP teaches the new ISO/IEC 17788 cloud taxonomy standard. All of these definitions will be fundamental to the cloud for many years to come, and mastering these definitions enables a professional to be more fluent and competent in their job.
There are also several areas where each credential provides unique knowledge, due to their own provenance and learning objectives.
CCSP complements and builds upon existing credentials and educational programs, including (ISC)²’s Certified Information Systems Security Professional (CISSP®) and CSA’s Certificate of Cloud Security Knowledge (CCSKTM).
The program we have developed strong incentives for information security professionals to obtain both the CCSK and CCSP, which will help to create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”
CSA’s Certificate of Cloud Security Knowledge (CCSK) examination tests across a broad foundation of cloud security knowledge. The CCSK body of knowledge includes 14 domains and covers some unique and critical areas of knowledge, such as Security as a Service, which are not covered in other credentials.
The CCSP credential builds upon many of the areas covered by CCSK in order to provide a deeper set of knowledge and competency derived from hands-on experience with information security and cloud computing. It validates practical know-how applicable to those professionals whose day-to-day responsibilities involve cloud security architecture, design, operations, and service orchestration. As an advanced professional credential, CCSP also reflects more than the knowledge needed to pass an exam. It includes: a) exam and testing meeting ANSI requirements; b) legal commitment to code of ethics; c) endorsement from appropriate certified professionals; and d) commitment to continuing professional education – all of which demonstrate that CCSPs are qualified and committed to tackling the cloud security challenges of today and tomorrow.
While there are other cloud-related certifications available, most are vendor-specific and relate to vendor technology and solutions. Those that include information security, do so nominally at a theoretical level. Both CCSP and CCSK are vendor-neutral and reflect overall industry best practices for securing cloud environments.
The Certified Cloud Security Professional (CCSP) credential complements and builds upon the existing credentials and educational programs of both CSA and (ISC)². Both organizations provide a complimentary portfolio of industry-leading certifications that validate a professional’s knowledge in the security of cloud computing systems.
Because CSA is the agile group that quickly addresses changes in the cloud security landscape and is an “incubator of cloud best practices,” their research and working groups as well as their education and training programs can provide relevant opportunities for continuing education and CPEs for maintaining the CCSP.
CCSP builds upon CSA’s efforts with CCSK
CCSK is an examination, CCSP provides a much needed credential for the cloud security profession
CCSP depth within key domains is complementary to CCSK’s breadth of coverage
CCSP adds to the credibility of the argument for more education for cloud security as a mainstream IT challenge
CSA will encourage CCSK + CCSP as a 2 step program
CSA encourages virtually all existing CCSKs to pursue CCSP
CCSK early adopters tend to have a high interest in cloud security, the target of CCSP
CSA creating CPE opportunities within our research targeted at CCSP
CSA training partners encouraged to partner with (ISC)2
No brainer for CCSK holders to add CCSP
CCSK can be obtained quickly via self-study and online exam, saving training budget
CCSKs get largest discount for CCSP of any certification
CCSKs already have demonstrated knowledge increasing likelihood of successful CCSP outcome
CCSK counts for one year of cloud security experience for CCSP
CCSK Plus and CCSP bundled training
CCSK Plus training
One day classroom instruction for exam preparation
Second day hands-on lab exercises to apply concepts (Amazon AWS or HP Helion) – Lab consistently gets extremely positive feedback
Professionals whose job requirements include a heavy involvement with cloud security should pursue both the CCSK and CCSP. The CCSK is an excellent indicator of broad-based cloud security knowledge. It is appropriate for a wide range of IT professionals, including those in governance and compliance and even some non-IT professionals. The CCSP credential is intended for professionals more heavily involved in cloud security via roles that are accountable for protecting enterprise architectures.
The breadth of CCSK, combined with the depth of CCSP will now be the benchmark for comprehensive and demonstrable cloud security expertise.
CSA’s Certificate of Cloud Security Knowledge (CCSK) examination tests across a broad foundation of cloud security knowledge. The knowledge reflected by the CCSK certification program helps employers ensure their teams are better equipped to cope with the increasingly pervasive cloud computing issues they now face.
The CCSK body of knowledge covers the popular "Security Guidance for Critical Areas of Focus in Cloud Computing" and the "Cloud Controls Matrix".
The CCSK is a requirement for auditors performing assessments in conjunction with the CSA Security Trust & Assurance Registry (STAR) Attestation program.
The CCSP credential builds upon many of the areas covered by CCSK in order to provide deeper knowledge derived from hands-on information security and cloud computing experience.
As an advanced professional credential, CCSP focuses on assessment and reflects more than the knowledge needed to pass an exam. It includes: a) exam and testing meeting ANSI requirements; b) legal commitment to code of ethics; c) endorsement from appropriate certified professionals; and d) commitment to continuing professional education – all of which demonstrate that CCSPs are qualified and committed to tackling the cloud security challenges of today and tomorrow.
While there are other cloud-related certifications available, most are vendor-specific and relate to vendor technology and solutions. Those that include information security, do so nominally at a theoretical level. Both CCSP and CCSK are vendor-neutral and reflect overall industry best practices for securing cloud environments