With the rising adoption of cloud solutions, it is very important for organizations and enterprises to be sure that their IT department and the professionals they hire are competent with the key concepts of cloud services and its environment. This is what the Certificate of Cloud Security Knowledge is for. But what is it really and how do you pursue it? This article will give you all the details that you need to know regarding CCSK and how to obtain it.
What is Certificate of Cloud Security Knowledge?
The Certificate of Cloud Security Knowledge or CCSK is an online examination that measures your skills and know-how on important cloud security concerns.
So basically, the CCSK just proves that the IT professional is aware of the security risks in going cloud, as well as the best practices to observe when going for cloud security.
The CCSK exam can be accessed on an on-demand basis so there is no need to schedule. The examination was created and hosted by the Cloud Security Alliance. It was launched in September 2010.
The CCSK is supported by cloud security experts and IT organizations all over the world. Not only is it supported by Cloud Security Alliance, but it also has the backing of the European Network and Information Security Agency. These are the two leading organizations that are involved in cloud security research worldwide.
The CCSK has 50 multiple-choice items and you would need to answer 40 of these correctly to obtain your certification.
It is important to note that you will need 60 minutes to finish the test and test takers are not allowed to pause the exam, so once you start, you should make sure that you will be able to finish the exam in one sitting. When the time runs out, you can no longer modify or add to your answers.
The CCSK costs $295 for an exam token. In the event that you fail the examination, you will have two more chances to pass using the same exam token.
The CCSK certification is valid forever, but if there are changes, you might want to upgrade your certification. The CSA allows you to take a new version of the exam when it becomes available.
Why it matters
The CSA is very upfront in saying that CCSK is not an alternative for other information technology security certifications, which are focused on a particular skill or job function. But it can still be rather important, especially for someone looking to establish a career in IT. The CCSK is still a good way to measure an IT professional’s competency in the best practices of cloud security. The CCSK is also a good add-on for other certification programs such as the Certified Information Systems Security Professional, Certified Secure Software Lifecycle Professional, and Certified Authorization Professional, among others.
Who should pursue CCSK?
While geared towards security professionals, the CCSK should be recommended for a wide array of IT professionals. This is because it covers a broad array of topics from governance to architecture, compliance to data security. There are really no requisites that you need to fulfill if you want to pursue a CCSK certification. There are training courses that can help you prepare, but these are not required.
How to pass the CCSK
You might think that the CCSK is easy. Think again. According to Jim Reavis at the Dark Reading Blog, the passing rate for CCSK as of August 2011 is only 53%. Yes, close to half of those who take the test fail. Fortunately, there are some things that you should know about the CCSK in order to help you pass:
1. Scope.The certification exam aims to measure your skills in these domains:
- Application Security
- Cloud Architecture
- Compliance and Audit
- Data Center Operations
- Encryption and Key Management
- Governance and Enterprise Risk
- Identity and Access Management
- Incident Response
- Information Lifecycle Management
- Legal and Electronic Discovery
- Portability and Interoperability
- Traditional Security, BCM, D/R
2. The exam questions.The content of the exam comes from three different sources: CSA Guidance, ENISA and the CCSK Study Guide.
The CSA Guidance is a set of top practices for cloud operations and its latest version is available online. Seven out of 10 questions will come from the CSA Guidance.
ENISA stands for European Network and Information Security Agency, and 20% of the questions on the CCSK come from their Cloud Computing Risk Assessment document.
The CSA also provides you with a study guide that incorporates the concepts and best practices set out in both the ENISA and CSA Guidance documents. The remaining 10 percent of the questions would come from the Cloud Security Alliance study guide.
3.Official training courses. The Cloud Security Alliance has two official training courses for those who want to be better prepared for the CCSK.
The CCSK Basic is a one-day comprehensive review of the basic concepts of cloud security. You can get a comprehensive account of cloud computing, as well as the different domains as laid out by the CSA Guidance and the ENISA framework. The Basic module costs $695, but you are already provided with an exam token with the purchase.
The CCSK Plus, on the other hand, contains expanded materials and a lot of practical activities. This module costs $1195 and comes with a free exam token.
There are also some books and materials that could help you in preparing for the exam. For those who are looking for CCSK help for less than $50, check out the following books:
- Cloud Computing Security (Networking Technology)
- Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance
- Securing the Cloud: Cloud Computer Security Techniques and Tactics
Like most certification programs, the Certificate of Cloud Security Knowledge should not be used as a shortcut to experience. You must have the requisite experience to make the certification meaningful. Experience, review and training could help you secure a CCSK certification easily and quickly.