Cloud Security Alliance > Education > Certificate of Cloud Security Knowledge

Certificate of Cloud Security Knowledge

What the Industry Says

"With data being the new currency, the control of trust in the cloud is ever more significant. The CSA updated Certificate of Cloud Security Knowledge (CCSK) brings practical guidance to security professionals deploying workloads in the cloud. It delivers the necessary controls that enable security professionals to deploy cloud applications with security and trust mind."

~ Gavin Hill, Director, Product Marketing, Venafi

“Having dealt with security since the creation of our Group 60 years ago, at Kudelski Security we are thrilled to leverage CSA’s Cloud Security Knowledge certification to bring our Cyber Security Division’s engineering experts to a common level of understanding of best practices and benefits of cloud computing. When training clients in corporate and public segments on information security standards, we highlight the importance of CSA’s CCSK certification for IT professionals who need to ensure adoption of secure cloud environment in their organizations.”

~ Joel Conus, VP Cyber Security Operations, Kudelski Security

“The CSA Certificate of Cloud Security Knowledge (CCSK) will provide a consistent way of developing cloud security competency and provide both organizations and agencies the confidence they need to adopt secure cloud solutions.”

~ Melvin Greer, Chief Strategist, Cloud Computing, Lockheed Martin

“The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud.”

~ Jerry Archer, CSO, Sallie Mae

“The Certificate of Cloud Security Knowledge provides individuals with a solid foundation in cloud security issues and best practices. Organizations that leverage this training will be better positioned to get the most out of their investments in cloud computing. In addition, the certification can be a large help with recruitment efforts as organizations can easily qualify the experience of an individual in cloud security if they have earned the CCSK certificate.”

~ Gary Phillips, senior director, technology assurance and standards research, Symantec Corp

"As the concept of cloud computing continues to evolve it's important that professionals responsible for managing and maintaining cloud environments keep current with the latest information. The Cloud Security Alliance continues to expand and capture more aspects of cloud computing with new areas of focus and guidance's while expand and adapting existing guidance's to the changing landscape. Continued updates to the CCSK certification is an important part of the rapidly evolving nature of cloud computing and a great measure of individuals commitments to understanding this evolving landscape."

~ David Lingenfelter, Information Security Officer, MaaS360 by Fiberlink

“With CCSK certification, professionals who have Cloud Computing responsibilities can demonstrate thorough Cloud security knowledge based on the CSA’s catalogue of security best practices.”

~ Patrick Harding, CTO, Ping Identity

"Despite the clear agility and cost saving benefits, there are factors which are holding back Cloud usage. These include a deficit of trust and reliability. Enterprises simply do not trust third-parties to protect their sensitive data and connections to Cloud services may be subject to delays and outages. With the new CCSK certification program, the CSA is continuing to provide the industry's most comprehensive, prescriptive guidelines for baking trust and reliability-oriented security best-practices into new cloud initiatives."

~ Mark O'Neill, CTO, Vordel

"As enterprises move toward cloud computing, they are desperately seeking guidance and education in this new domain. CSA is bridging this gap and the CCSK provides an important first step in establishing baseline knowledge for individuals tasked with building and managing applications to the cloud."

~ Michael Sutton, VP, Security Research, Zscaler

"CCSK is a much needed next step in the evolution of secure cloud computing because its guidelines are focused on tangible steps that can be taken to assure organizations to take advantage of the benefits of cloud computing in a secure and compliant manner."

~ Dipto Chakravarty, general manager of Cloud Security Services and vice president of engineering for Identity & Security, Novell

CCSK Information

CCSK V3 TEST ONLINE HERE!

CCSK - (SPANISH) - TEST ONLINE HERE!

Certificate of Cloud Security Knowledge (CCSK) Training Courses

CCSK V3 English Availability

CCSK Preparation Guide

CCSK Frequently Asked Questions (FAQ)

Certification Board

Meet the CCSK Early Adopters

CCSK V2.1 Prep Guide (Deprecated)

CCSK V2.1 FAQ (Deprecated)

CCSK Guidance V3

Click each domain to view a question from the V3 examination

Cloud Architecture

What are the five essential characteristics of cloud computing?

Governance and Enterprise Risk

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

Legal and Electronic Discovery

In the majority of data protection laws, when the data is transferred to a third party custodian, who is ultimately responsible for the security of the data?

Compliance and Audit

What is the most important reason for knowing where the cloud service provider will host the data?

Information Lifecycle Management

What are the six phases of the data security lifecycle?

Portability and Interoperability

Why is the size of data sets a consideration in portability between cloud service providers?

Traditional Security, BCM, D/R

What are the four D's of perimeter security?

Data Center Operations

In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

Incident Response

What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents?

Application Security

How should an SDLC be modified to address application security in a Cloud Computing environment?

Encryption and Key Management

What is the most significant reason that customers are advised to maintain in-house key management?

Identity and Access Management

What two types of information will cause additional regulatory issues for all organizations if held as an aspect of an Identity?

Virtualization

Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic?

Security-as-a-Service

When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?

ENISA Document

Economic Denial of Service (EDOS), refers to...

Security, Trust

& Assurance Registry

STAR is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.

STAR Information
STAR Registry Entries
STAR Submission Form

Welcome New Members

The CSA is a member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. We would like to welcome our newest members:

CradlePoint
Adallom
Elastica
Cornerstone OnDemand
SoftLayer

View all Members

Translate CSA

Get Involved

Learn how you can participate in Cloud Security Alliance's goals to promote the use of best practices for providing security assurance within Cloud Computing.

Upcoming Events

1-2 April 2014

SecureCloud 2014

SecureCloud 2014 is an opportunity for government experts, industry experts and corporate decision makers to discuss and exchange ideas about how to shape the future of cloud computing security. Register Now!

April 08-10, 2014

IFINTEC Finance Technologies Conference and Exhibition

IFINTEC Finance Technologies Conference and Exhibition is a dedicated conference focusing on technology solutions developed for finance world. Learn More

April 21-22, 2014

Governance, Technology Audit, Control and Security Conference (GTACS) Conference 2014

>GTACS 2014 will be held from the 21 to 22 April 2014 at the Marina Bay Sands Expo & Convention Centre (Singapore), with the post-conference workshops following on the 23 to 24 April 2014. Learn More

September 16-19, 2014

CSA Congress 2014 & IAPP Privacy Academy 2014

By bringing together the IAPP’s Privacy Academy and the CSA Congress this fall we've broadened the educational and networking opportunities available for both IAPP and CSA members. Learn More

View all Upcoming Events

Cloud Security Readiness Tool

Take a short survey that assesses your current IT environment with regard to systems, processes, and productivity. The survey information creates a custom non-commercial report that provides recommendations on your IT state and helps you evaluate the benefits of cloud computing.

Get Started Now