Q. What is the Certificate of Cloud Security Knowledge (CCSK)?
A. The CCSK is a web-based examination of an individual’s competency in key cloud security issues. Launched in 2010, the CCSK is a widely recognized standard of expertise and is the industry’s primary benchmark for measuring cloud security skillsets. The CCSK was recently lauded as the most valuable IT certification in terms of average salary by Certification Magazine.
Q. Who should consider obtaining the CCSK?
A. The CCSK is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, and it is even required for portions of the CSA Security, Trust & Assurance Registry (STAR) program.
Q. On what body of knowledge is the CCSK v4 exam is based?
A. The CCSK v4 exam contains material sourced from the CSA Cloud Security Guidance v4, the CSA Cloud Control Matrix and the ENISA Cloud Computing Risk Assessment report. Approximately 80% of the exam questions will be related to content included in the CSA Security Guidance.
Q. Is the CCSK a viable substitute for other industry certifications?
A. The CCSK is NOT a substitute for other certifications in information security, audit and governance. Many certification programs help personal development within specific professional roles and job duties. They also provide vetting of individuals, which the CCSK does not do. The CCSK augments these other credentialing programs by encouraging competency in cloud computing security best practices, which we believe will help individuals better cope with the increasingly pervasive cloud computing issues they are now facing. The Cloud Security Alliance is a strong supporter of popular professional certification programs within our industry, and we look forward to developing formalized relationships with these programs in the future.
Q. Are there any plans to “grandfather in” individuals with other certifications into the CCSK program?
A. No. The CCSK is not a user accreditation, but a certificate of knowledge for a specific topic. Grandfathering in certain individuals would not serve the purpose of encouraging competency in cloud security best practices.
Q. Does the CCSK have industry support?
A. The CCSK is strongly supported by a broad coalition of experts and organizations. Since its launch in 2010, the CCSK has achieved global adoption and continues to set the standard for cloud security competency. Our partnership with ENISA has created a solid foundation for the industry’s first cloud security certification, backed by the world’s top organizations in vendor-neutral cloud security research.
Q. Does the Cloud Security Alliance plan other certifications?
A. CSA is developing education and certification programs in conjunction with industry partners and higher education on an ongoing basis. CSA’s Cloud Controls Matrix (CCM) training and Security, Trust and Assurance Registry (STAR) certifications and attestations are additional examples of CSA’s offerings. We are also working to develop educational programs in the areas of security architecture, audit and assurance, and software development.
The current version of the CCSK test is version 3. The new version 4 of the examination is scheduled to be available December 1, 2017.
The CCSK Foundation course provides a solid foundation in cloud security fundamentals and covers all the material needed to pass the CSA Certificate of Cloud Security Knowledge (CCSK) exam.
The CCSK Version 4 is a significant update with approximately 85% new content and changes now align training with the recently released Security Guidance for Critical Areas of Focus in Cloud Computing v4.0.
Review the steps and requirements to become an official Certificate of Cloud Security Knowledge trainer.
CSA CCSK Exam
Q. What is the latest version of the CCSK examination?
A. The current version of the CCSK test is version 3. The new version 4 of the examination is scheduled to be available December 1, 2017.
Q. What is the cost of the CCSK exam registration (token)?
A. The CCSK v3 exam cost is $345 USD. Effective December 1, 2017, the CCSK v4 exam will launch and the token price will increase to $395 USD.
Q. How do I take the CCSK exam?
A. You can take the exam by completing the following steps:
- Prepare for the exam through self-study or by participating in a CCSK training.
- Register at the CCSK exam website.
- Purchase a CCSK exam token (unless one was provided in your training package).
Q. How do I prepare for the CCSK examination?
A. CSA has developed a preparation guide for the CCSK examination. The guide covers the key learning objectives of each domain. Preparation Guide
You may also be interested in the benefits of instructor-led training - more information can be found at CCSK Training.
Q. Once a user purchases an exam token, is there a time limit on when they are required to complete the exam?
A. No, there is no expiration on token redemption.
Q. Once a user has taken and passes the exam, is there an expiration on the certification?
A. No. However, information technologies in general, and cloud computing in particular, are rapidly progressing fields, and it is advisable to stay up-to-date with the most current version of the CCSK.
CSA CCSK v3 to v4 Changes
Q. Why has CSA decided to update the CCSK content, exam, and training?
A. CSA is committed to providing the best guidance possible to its members and the greater information security community. Since its inception, the CCSK has served as a benchmark for information security practitioners, IT users, and decision makers. It is meant to reflect the changing landscape in cloud computing security.
Typically, within our organization, major industry changes are first captured in the Cloud Security Guidance and then reflected in the CCSK. We released the Guidance v4 in July 2017, and consequently we are updating the CCSK training and certification exam.
Q. When will the CCSK v4 exam will be available?
A. The CCSK v4 exam will be available December 1, 2017.
Q. How long will the CCSK v4 certificate be valid?
A. Your CCSK v4 certificate will not expire. However, information technologies in general, and cloud computing in particular, are rapidly progressing fields, and it is advisable to stay up-to-date with the most current version of CCSK.
Q. What’s the difference between CCSK v3 and CCSK v4?
A. The CCSK Version 4 is a significant update, with approximately 85% new content. The lectures are aligned with CSA’s Security Guidance v4, and the labs for the CCSK Plus course have also been updated to reflect current real-world cloud security practices.
Q. I am already a CCSK certificate holder based on a previous version. Will I need to update to v4 in order to maintain my CCSK status?
A. A person who has successfully passed any version of the CCSK exam will continue to be considered a CCSK certificate holder. The actual digitized certificate that is awarded specifies the version of the exam that was completed. Because the CCSK v4 is considered to cover state-of-the-art knowledge, it is highly recommended that all existing CCSK v2 and v3 certificate holders begin planning to upgrade their skillsets and pass the CCSK v4 exam.
Q. I am already a CCSK certificate holder based on a previous version and I would like to update my certificate to v4. How can I do that?
A. CCSK certificate holders are eligible to receive a special CCSK upgrade token, which allows the holder two attempts to take the CCSK v4 exam. For individuals who passed an earlier version of the CCSK exam within 12 months prior to the release of CCSK v4 (i.e., between December 1, 2016 and December 1, 2017), the new token will be available at no cost. For individuals who achieved CCSK certification prior to December 1, 2016, you may purchase the CCSK upgrade token for a discounted rate of $75. To take advantage of this offer, login to the CCSK portal at ccsk.cloudsecurityalliance.org after CCSK v4 is released and either claim your free token or purchase the upgrade.
Q I have a CCSK v3 (or v2) certificate. Is there a way that I can obtain the material or training that covers only the new content in v4?
A. No. Given that each domain has undergone substantial revisions to address the current state of cloud security, an estimated 85% of the content is new. CSA therefore recommends that all students study the complete, updated body of knowledge.
Q. I have bought a CCSK token for CCSK v3, will it be suitable for taking the CCSK v4 exam?
A. Yes. Any student that has already purchased a CCSK v3 token and not used it, can instead take the CCSK v4 exam once it is available.
Q. I have already started studying for the CCSK exam based on the v3 material, will I still be able to take the CCSK test based on v3 of the exam after December 1, 2017?
A. Yes, the CCSK v3 exam will be available for an additional 12 months after the v4 launch, (i.e. until November 31, 2018).
CSA CCSK Training
Q. Does CSA provide training programs for CCSK test preparation?
A. Yes. CSA has developed a training program that provides hands-on experience in securing a cloud environment and that assists students in achieving CCSK certification:
CCSK Foundation - This course provides a solid foundation in cloud security fundamentals and covers all the material needed to pass the CCSK exam. The course is designed to appeal to a wide range of knowledge levels, but we highly recommend a solid security foundation. This training is a lecture-only, one-day course.
CCSK Plus - This course provides a solid foundation in cloud security and includes a full day of hands-on labs to apply the principles in practice. It incorporates new, expanded material for advanced students. The course covers all the material needed to pass the CCSK v4 exam while adding a pragmatic approach to immediately kickstart your cloud security projects. (**Note: All labs use Amazon Web Services, and students will need to have an AWS account and a laptop, instructions are sent before class). We do include demonstrations of some other major cloud platforms, such as Microsoft Azure, but all exercises are restricted to AWS.**
The course is designed to appeal to a wide range of skill levels, but we highly recommend a solid security foundation and, for the labs, experience making SSH connections. While most of the labs occur in a web browser, you will need to connect to Linux cloud servers and copy and paste a handful of command lines. This training mixes lecture and lab modules across two days.
Q. Are live, instructor-led trainings available, and if so, what is the cost?
A. Yes, CSA works with several training partners to provide live, instructor-led training, both in the classroom and remotely. These trainings happen in a variety of settings (i.e. standalone, at conferences, dedicated in-company training sessions, etc.).
For a more detailed overview of training dates and cost, please check here.
Q. Is there an option for an on-site training?
A. Yes, CSA organizes on-site training sessions in collaboration with our training partners.
Get Certified as a Trainer
Q. What is the process for becoming a CCSK v4 Trainer?
A. An individual who wants to a CCSK trainer should comply with the following requirements:
- Hold a CCSK certificate
- Attend the latest version of the CCSK PLUS training (v4)
- Complete the online Train the Trainer (TTT) course
- Pass an additional online exam for trainers
- Sign the CSA Training Partners Agreement
Q. I’m already a CCSK v3 Trainer. Are there additional steps I should take to prepare for v4 training?
A. Current CCSK v3 Trainers will be required to attend a CCSK v4 TTT integration class. Please contact CSA at [email protected] for additional details.