ISC2 launches security cert training for cloud-defending cherubs
'Making a bible of cloud knowledge'
ISC2 has announced the dates of its training courses for its new cloud security certification, created alongside Cloud Security Alliance (CSA), beginning with exam availability in PearsonVUE testing centres from 21 July.
The pitch for the ISC2- and CSA-developed Certified Cloud Security Professional (CCSP) certification describes it as meeting "a critical market need to ensure that cloud security professionals have the required knowledge, skills and abilities to audit, assess and secure cloud infrastructures".
ISC2, or the International Information Systems Security Certification Consortium, is a non-profit organisation which specialises in information security education and certifications.
ISC2 notes that offering market reassurance is a pressing need in the light of over two-thirds (68 per cent) of the telecoms industry listing cloud services as a top security threat, while 55 per cent in the banking sector, 50 per cent in government, 40 per cent in defence and 60 per cent in utilities said the same, according to their recent study.
James Rees, managing director at consultants Razor Thorn, told The Register that "to date there is a serious lack of information security in the cloud computing industry and maybe CCSP is a good first step to begin to address the situation."
He added, however, that "those security professionals with long established careers are unlikely to require or find much value with this new certification; any IS professional with technical skills would have lived and breathed security for more than a few years and followed the development of cloud computing with keen interest."
Talking to The Register, Dr Adrian Davis, managing director for EMEA at ISC2 explained that what it intends to create is a "gold standard for individuals".
To receive the CCSP post-nominal, candidates for the certification will have a minimum of five years of experience in IT, of which three will have been spent in infosec and one in cloud computing.
"This is not just about going on an exam for three days," said Davis, who explained that the CBK was created alongside experts from without the ISC2. "We're making a bible of cloud knowledge," he added.
"The training isn't there for you to pass the exam, we don't teach the exam, we expect candidates to understand the breadth of the field. We teach the body of knowledge," added Davis.
Frank Jennings, a lawyer specialising in cloud and technology, wrote on the pressing need, and counter-productive proliferation, of cloud standards for The Channel.
The usual "flashpoints in any cloud contract are: the choice of law, data control, service availability & resilience, liabilities & indemnities, termination by the cloud service provider, deletion of data and service transfer", he wrote.
Jennings also noted that customers "want to know not only that their data is secure but they also want to know where it is. This dual concern over data security and data residency leads to confusion over whether data can move into the cloud at all".
"In short, EU data protection law allows for the transfer of data provided it is kept secure. So, while it is legitimate to know where the data is and to exercise control over that, the key is to ensure the data is secure, wherever it is held," he added.
The exam for the certification will be available at PearsonVUE testing centres beginning 21 July, and the first training sessions will be delivered in EMEA as follows in live online sessions, from 14 July to 3 September, along with bootcamps in the UK on 7 September and 23 November. ®