At the end of last year (November 2015), Adam Gordon wrote “The Official (ISC)2 Guide to the CCSP CBK” (ISBN-10: 1119207495, ISBN-13: 978-1119207498, 560 pages, $80 list price). The (ISC)2 also offers Free Flash Cards On-Line (but these seem to be just terms and definitions).
When it comes to the CCSP exam, these are scheduled through Pearson Vue. The exam takes up to 4 hours to complete, contains 125 questions, you must score at least 700 out of 1000 points and the exam costs $549.
SANS SEC524: Cloud Security Fundamentals
SANS has, and continues to offer, the best security training available in the market. SANS has now created a cloud security class that is offered at many of their events as a 2-day in-person or on-line/self-study class. The SANS class is listed as their “SEC524: Cloud Security Fundamentals”. The SANS SEC524 in-person class costs $2130 (list price), but can be reduced to $1350 when you register for this class in addition to another 4 to 6 day SANS class. The SEC524 class is also offered online for $2130 and provides course materials and MP3 audio files of the complete course lecture.
The Day 1 curriculum contains information on: Introduction to Cloud Computing, Security Challenges in the Cloud, Infrastructure Security in the Cloud, Policy and Governance for Cloud Computing, Compliance and Legal Considerations, and Disaster Recovery and Business Continuity Planning in the Cloud. The Day 2 curriculum contains information on: Risk, Audit, and Assessment for the Cloud, Data Security in the Cloud, Identity and Access Management (IAM), and Intrusion Detection and Incident Response.
Cloud security has continued to evolve and now there are training and certification options available from vendor-independent organizations. Being proactive with your cloud security is much better than being reactive with your cloud security. It would behoove your organization to digest these cloud security concepts and then embark on design and then deployment. Alternatively, if your organization has already deployed applications into the cloud and are consuming cloud services, then you can use these domains of knowledge and best practices to assess where you stand. However, if you have gaps between your current cloud security settings, configurations, practices and procedures, then you will have a more difficult time trying to perform a course correction while services are already deployed.
Sign up for CIO Asia eNewsletters.