1) Q. What is the Certificate of Cloud Security Knowledge (CCSK)?

A. The CCSK is a web-based, multiple choice examination of individual competency in key cloud security issues. The test is a 50 question, timed multiple choice examination which must be completed within 60 minutes.

2) Q. When will the CCSK be publicly available?

A. The CCSK is now available online at https://ccsk.cloudsecurityalliance.org/ The test is available online on demand from any Internet-connected computer, it is not necessary to schedule your test.

3) Q. What is the cost of the CCSK?

A. The CCSK costs $295 USD. From our certification launch on September 1, 2010 through the end of 2010, we are offering the CCSK examination for $195 USD. There is no time expiration for the CCSK examination, you may purchase the test in 2010 and take it in 2011 if you desire.

4) Q. What is the body of knowledge covered by CCSK?

A. The body of knowledge that the first version of the CCSK examination covers is the CSA Guidance V2.1, English language version and ENISA’s report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.

CSA Guidance: https://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf

ENISA: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

CCSK Study Guide: https://cloudsecurityalliance.org/CCSK-prep.pdf

5) Q. Is the CCSK a viable substitute for other industry certifications?

A. The CCSK is NOT a substitute for other certifications in information security, audit and governance. Many certification programs help personal development within specific professional roles and job duties, and also provide vetting of individuals, which the CCSK does not do. The CCSK augments these other credentialing programs by encouraging an addition of competency in cloud computing security best practices, which we believe will help individuals better cope with the increasingly pervasive cloud computing issues they are now facing. The Cloud Security Alliance is a strong supporter of popular professional certification programs within our industry and looks forward to developing formalized relationships with these programs in the future.

6) Q. Are there any plans to “grandfather” individuals with other certifications into the CCSK program?

A. No. The CCSK is not a user accreditation, but a certificate of knowledge for a specific topic. Grandfathering would not serve the purpose of encouraging competency in cloud security best practices.

7) Q. Does the Cloud Security Alliance plan other certifications?

A. The CSA certification board is studying this issue with a plan to release our roadmap in Q4 2010. Our mission is to research and understand how cloud computing is impacting IT-related professions and to respond with certifications that address market gaps. Our intention is that the CCSK will provide foundational requirements for any future certifications that focus on specific professions, management or technical skills.

8) Q. Will my CCSK certification expire?

A. No. The CCSK does not expire, however it will be given a version number equating it to a specific body of knowledge. It is likely that updated exams will be required as the body of knowledge changes. In principle, we would provide free access to a new exam that was introduced within 12 months of a user obtaining certification based on the older exam and provide discounts for others exceeding 12 months. Specific policies related to this issue are being developed by our certification board as part of the Q4 roadmap and we welcome your feedback at [email protected].

9) Q. Will CSA provide training programs for CCSK test preparation?

A. The CSA will leverage our chapter organizations to provide training sessions for the CCSK. In conjunction with the CCSK launch, we will release a short document advising test takers as to how to read the source documents, to optimize their study time. Current chapters are listed here: https://cloudsecurityalliance.org/Chapters.html

In Q4 2010, CSA will be announcing 3rd party training affiliations and partnerships to provide a variety of educational programs related to our certification. In advance of this program, the CSA is very interested in working with any training providers who want to work with us on mutually beneficial programs to educate professionals on cloud security issues and best practices. If interested, please contact us at [email protected].

10) Q. Can I receive CPE credits for the CCSK that can be applied to other certifications I hold?

A. In conjunction with our September 1 launch we are working to provide information on CPE credits for the CCSK and how this information can be transmitted to the relevant bodies.

11) Q. Who is on the CSA Certification Board?

A. Our board is a diverse group of cloud security experts from around the world, listed here: https://cloudsecurityalliance.org/ccsk_certification_board.html

12) Q. Does the CCSK have industry support?

A. The CCSK is strongly supported by a broad coalition of experts and organizations from around the world. The collaboration with ENISA means that the world’s two leading organizations for vendor neutral cloud security research are providing the foundation for the industry’s first cloud security certification. CSA’s breadth of industry participation and strategic alliances are being leveraged to communicate the need and value of this certification to employers within cloud providers, cloud consumers, consultants and variety of other stakeholders.

More questions you would like to see answered? Please direct them to [email protected].