Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cloud security training and certification

Scott Hogg | March 8, 2016
Learning to securely develop and use cloud services.

You can study online leveraging the free resources listed above, or you can take one of the variety of training classes offered by the CSA and their partners.  There are official CCSK Training Classes available (HP Education Services) which includes the CCSK Foundation (2 days) and the CCSK Plus (3 days).  Udemy also offers a very economical way to prepare for the CCSK with their “Understand the CCSK Cloud Security Certification” online class.

The CCSK certification exam is an online open-book exam that costs $345.  The exam has 60 questions, takes up to 90 minutes to complete, and you must score an 80% or higher to pass, but you get two attempts at passing.

The Cloud Security Alliance (CSA) then formed their Security Trust and Assurance Registry (STAR) accreditation for cloud service providers.  The CSA STAR certification uses the CSA’s Cloud Controls Matrix (CCM) and the Consensus Assessments Initiative Questionnaire (CAIQ) to review the service provider’s offerings against these domains and best practices.

The first level (Level One) is the introductory CSA STAR Self-Assessment.  The second level (Level Two) has three certifications: CSA STAR Attestation, CSA STAR Certification, and CSA C-STAR Assessment.  The third and highest level (Level Three) is the CSA STAR Continuous Monitoring.  You can see the STAR registry of service providers that have performed these assurance assessments.

(ISC)2 Certified Cloud Security Professional (CCSP)

In 2015, the International Information System Security Certification Consortium, Inc., (ISC)2 created their Certified Cloud Security Professional (CCSP) training and certification program.  The CCSP Common Body of Knowledge (CBK) consists of six domains: Architectural Concepts & Design Requirements, Cloud Data Security, Cloud Platform & Infrastructure Security, Cloud Application Security, Operations, and Legal & Compliance.

Along with the information about these six domains, (ISC)2 also recommends reading the U.S. NIST documents, the CSA’s CMM, and the ENISA whitepaper (similar to the CSA documents mentioned above).  In addition to these, the CCSP also contains information contained within the ISO/IEC 17788:2014 Information technology - Cloud computing - Overview and vocabulary, and the ISO/IEC 17789:2014 Information technology - Cloud computing - Reference architecture.

There are a couple of options for training for the CCSP.  (ISC)2 offers their Live In-Person CBK Training Class which includes 5 days of training for $1995.  (ISC)2 offers Live On-Line CBK Training Class which includes 5 days of training for $1395 and also offers an On-Demand On-Line CBK Training for $495 ($395 for current CISSPs).  I highly recommend the (ISC)2 Certified Cloud Security Professional (CCSP) On-Demand class taught by Adam Gordon.  The training is comprehensive and you can consume the training based on your busy schedule at your leisure.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.