In July 28, 2010, the Cloud Security Alliance (CSA), with support from many within the industry, launched “the industry’s first user certification program for secure cloud computing.” Since the initial set of early adopters, which include over 80 professionals across the world with different backgrounds and specialties, the CCSK has continued to show broad acceptance and adoption. Currently there are over 1000 professionals maintaining the CCSK.
I have tried below to capture some of the most commons questions that come to mind:
- How much does the CCSK exam cost? $295 (includes two test tokens)
- How much does the training cost? As low as $695 (CCSK Basic) and $1195 (CCSK Plus). In both training options, a CCSK exam token is included.
- Is the study material free? Yes – see the CCSK Prep Guide (see http://cloudsecurityalliance.org/CCSK-prep.pdf)
- So why take CCSK training? Because the CCSK is Not So Simple (in 2011, the pass rate was reported to be around 53 percent – and that is with two attempts).
- Who offers CCSK training? CSA has a trained cadre of certified trainers that offer training globally.
- How does the CSA certify trainers? The CSA has an extensive training partner program that begins with either first taking the CCSK or attending the 3-day Securosis course of CCSK Plus + Train-the-Trainer. But there is more, the trainer must all pass a very extensive one-on-one instructor exam that tests not only the application of the material in the training and the CCSK, but also the ability to apply this material in a practical setting. In either case, all trainers must have successful passed the CCSK exam.
- So why are there two options (CCSK-Basic and CCSK-Plus) for the CCSK training? The CCSK Basic is really meant to provide the fundamentals of the CSA Security Guide and the ENISA Cloud Computing Risk Assessment. The Plus includes an additional day that is focused on applying the knowledge in real cloud environments: public and private.
- How reputable is the CCSK? The CCSK Board is backed by a diverse group of cloud security experts from around the world.
- Should employers be looking for the CCSK? Yes, the CCSK is a valuable measurement of a candidates’ knowledge and competency in cloud security best practices. However, the CCSK is NOT a substitute for other certifications in information security, audit and governance. The CCSK augments other credentialing programs like the CISSP, CAP, CSSLP, etc.
- What is the CCSK examination like? It is a web-based, timed, multiple choice examination consisting of 50 questions in a 60 minute time period. The candidate must answer 80 percent correctly to pass.
- Is it open book? Like any examination taken at home and over the web (yes). But the depth of the questions included in the CCSK exam are really meant to be based on a practical demonstration of knowledge in cloud security issues and best practices. As stated by Jim Reavis, Executive Director and Co-founder of the Cloud Security Alliance, “we wanted to make this test moderately difficult, but as it has turned out, the exam is harder than we expected.”
- Who is the CCSK for? The CCSK is for a broad array of professionals. Since the CCSK covers a wide range of topics such as architecture, governance, legal, compliance and audit, and information management and data security, narrowing the landscape would underscore the holistic viewpoint of the CCSK and security related issues in the adoption of cloud services. In general, the CCSK would be beneficial for the Consumer, Provider, and Auditor.
1ECG will be holding classes in the Washington D.C. area starting April 1, 2012. Please visit http://www.cloudsecuritytraining.com/training-schedule to find a class to meet your schedule.
Sources for learning more about the CCSK, CCSK Training, and the CCSK Exam:
- (ISC)2 and the Cloud Security Alliance Expand Cloud Security Offerings to Their Memberships
- Official CCSK Prep Guide
- Cloud Security Alliance Approved Training Partners
- CCSK FAQ
- Overview of the CSA’s Certificate of Cloud Security Knowledge (CCSK) Exam
- Top 5 Certification for 2012
- Data Security Report: Taking control of the Cloud
- TechAmerica and the Cloud Security Alliance Join Forces to Expand Cloud Offerings to Members
- Cloud Security Knowledge 101
- What about cloud security certifications for cloud providers?
- Selecting an Independent Third Party Assessor (3PAO)