CCSK FAQ Arrow to Content

1) Q. What is the Certificate of Cloud Security Knowledge (CCSK)?

A. The CCSK is a web-based examination of individual competency in key cloud security issues.

2) Q. What is the latest version of the CCSK examination?

A. The current version of the CCSK test is version 3. The older version 2.1 of the examination is available
until December 31, 2013. However, it is highly recommended that students take the version 3
examination, unless you have studied exclusively for version 2.1.

3) Q. What is the cost of the CCSK?

A. The CCSK costs $345 USD, effective May 1, 2013. Prior to then, you may purchase the CCSK
examination for $295 USD.

4) Q. How do I prepare for the CCSK examination?

A. CSA has developed a preparation guide for the CCSK examination. The CSA prep guide covers the key
learning objectives of each domain and is available here:
https://cloudsecurityalliance.org/wp-content/uploads/2013/02/CCSK-Prep-Guide-V3.pdf

You may also be interested in the benefits of instructor-led training available here:
https://cloudsecurityalliance.org/education/training/

5) Q. How do I take the CCSK examination?

The CCSK test is available online 24 hours a day, 7 days a week at https://ccsk.cloudsecurityalliance.org/. You can also register and pay for the exam online at the aforementioned site (https://ccsk.cloudsecurityalliance.org/). Once you have started an attempt to take the exam it is not possible to pause or stop the examination and finish it at a later date. Therefore, the participant should be properly prepared to take the test before starting, and while you can choose to take the test any time of the day or night, one should budget for 90 minutes of uninterrupted time once you make the commitment to start the test. During the test you can review and change answers, however once you have submitted the test for grading or the time expires you can no longer add or change answers.

If you have any problems with the test itself, or other extenuating circumstances such as network
outages that inhibit your ability to complete the test, please contact CCSK Test Support at [email protected]

6) Q. I have achieved the CCSK version 2.1, do I need to take the CCSK version 3 test?

A. No, CSA is developing an online update module for holders of the CCSK version 2.1. This update
module will be offered free of charge in Q2 2013.

7) Q. What is the body of knowledge covered by CCSK?

A. The body of knowledge for the CCSK examination is the CSA Security Guidance for Critical Areas of
Focus in Cloud Computing V3, English language version, and the ENISA report “Cloud Computing:
Benefits, Risks and Recommendations for Information Security”. These research documents can be
downloaded here:

CSA Guidance: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf

ENISA: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

92% of the questions are based on the CSA Guidance and 8% of the questions are based on the ENISA
report. The very best way to prepare for the CCSK examination is to thoroughly read and understand
these two documents.

8) Q. Is the CCSK a viable substitute for other industry certifications?

A. The CCSK is NOT a substitute for other certifications in information security, audit and governance.
Many certification programs help personal development within specific professional roles and job duties, and also provide vetting of individuals, which the CCSK does not do. The CCSK augments these other credentialing programs by encouraging an addition of competency in cloud computing security best practices, which we believe will help individuals better cope with the increasingly pervasive cloud computing issues they are now facing. The Cloud Security Alliance is a strong supporter of popular professional certification programs within our industry and looks forward to developing formalized relationships with these programs in the future.

8) Q. Are there any plans to “grandfather” individuals with other certifications into the CCSK program?

A. No. The CCSK is not a user accreditation, but a certificate of knowledge for a specific topic. Grandfathering would not serve the purpose of encouraging competency in cloud security best practices.

9) Q. Does the Cloud Security Alliance plan other certifications?

A. CSA is developing new complementary education and certification programs in conjunction with
industry partners and higher education. We are developing educational programs in the areas of
security architecture, audit & assurance and software development.

10) Q. Does the CSA provide training programs for CCSK test preparation?

A. CSA has developed a training program to assist students in achieving their CCSK as well as to provide
hands on experience in securing a cloud environment:

Cloud Computing Security Knowledge- Basic
The Cloud Computing Security Knowledge- Basic class provides students a comprehensive
one day review of cloud security fundamentals and prepares them to take the Cloud
Security Alliance CCSK certification exam. Starting with a detailed description of cloud
computing, the course covers all major domains in the latest Guidance document from the
Cloud Security Alliance, and the recommendations from the European Network and
Information Security Agency (ENISA).

This class is geared towards security professionals, but is also useful for anyone looking to
expand their knowledge of cloud security. (We recommend attendees have at least a basic
understanding of security fundamentals, such as firewalls, secure development, encryption,
and identity management

Cloud Computing Security Knowledge- Plus
The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive
hands-on activities with a second day of training. Students will learn to apply their
knowledge as they perform a series of exercises as they complete a scenario bringing a
fictional organization securely into the cloud.

This second day of training includes additional lecture, although student’s will spend most of
their time assessing, building, and securing a cloud infrastructure during the exercises.
More information on class schedules and training partners is available here:
https://cloudsecurityalliance.org/education/training/

11) Q. Can I receive CPE credits for the CCSK that can be applied to other certifications I hold?

A. Yes, other certifying bodies will provide CPE credits for the 1 hr to take the CCSK test and the other hours required to study for the test.

12) Q. Who is on the CSA Certification Board?

A. Our board is a diverse group of cloud security experts from around the world, listed here: https://cloudsecurityalliance.org/education/certificate-of-cloud-security-knowledge/ccsk-certification-board/

13) Q. Does the CCSK have industry support?

A. The CCSK is strongly supported by a broad coalition of experts and organizations from around the world. The collaboration with ENISA means that the world’s two leading organizations for vendor neutral cloud security research are providing the foundation for the industry’s first cloud security certification. CSA’s breadth of industry participation and strategic alliances are being leveraged to communicate the need and value of this certification to employers within cloud providers, cloud consumers, consultants and variety of other stakeholders.

14) Q. What are the CCSK Key Examination Concepts?

A. Please review the CCSK Preparation Guide to understand the key concepts for a successful examination:

CCSK Preparation Guide Download

Are there more questions you would like to see answered? Please direct them to [email protected].

Page Dividing Line