(ISC)² and CSA introduce new cloud security certification

News by Doug Drinkwater

(ISC)² and CSA have partnered to launch the new Certified Cloud Security Professional (CCSP) certification, which it hopes will move security up the agenda when it comes down to designing, implementing and managing enterprise cloud environments.

The two bodies say that they've established CCSP in order to “meet a critical market need to ensure that cloud security professionals have the required knowledge, skills and abilities to audit, assess and secure cloud infrastructures”. They also add that the new certification complements and builds upon existing certifications and programs, including (ISC)²'s Certified Information Systems Security Professional (CISSP) and CSA's Certificate of Cloud Security Knowledge (CCSK). 

In the press release announcing the new accreditation, the two bodies said that CCSP is designed for professionals who are “heavily involved in cloud security via roles that are accountable for protecting enterprise architectures.” In addition, comparing CSSP to CCSK, they say that the former goes deeper on cloud computing from an information security standpoint.

“It's essential to have qualified IT professionals who understand how cloud services need to be securely implemented and managed within their organizations,” says David Shearer, CISSP, PMP, executive director, (ISC)². “We are pleased to collaborate with the distinguished Cloud Security Alliance to build this unique credential that combines the collective experience and research of both organisations and establishes a new benchmark for advanced cloud security knowledge and competence.”

“Many enterprises have told us that cloud computing is becoming their primary IT system,” says Jim Reavis, CEO, Cloud Security Alliance. “An effective cloud security strategy and architecture adds several nuances to traditional security best practices; which is why it's critical to accelerate efforts to address the cloud security skills gap. CCSP helps to set the highest standard for cloud security expertise. The programme we have developed with (ISC)² creates strong incentives for information security professionals to obtain both the CCSK and CCSP, which will create a workforce of experts who possess a mastery of the broadest cloud security body of knowledge.”

To attain CCSP, applications must have a minimum of five years' experience in IT, three of which must be in information security and one in cloud computing. All candidates must be able to demonstrate capabilities in each of the six CBK domains:


•           Architectural Concepts & Design Requirements

•           Cloud Data Security

•           Cloud Platform and Infrastructure Security

•           Cloud Application Security

•           Operations

•           Legal and Compliance

The CCSP exam will be available at PearsonVUE testing centres worldwide from July 21 2015. Training seminars begin June 8, 2015 in the United States. Candidates can find more information about CCSP, download the exam outline, register for the exam and/or training at https://www.isc2.org/ccsp

This news follows on from the 2015 (ISC)² Global Information Security Workforce Study, which found that 73 percent of nearly 14,000 respondents believe that cloud computing will require information security professionals to develop new skills.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews