getting your it security learners ready for the cloud with ccsk certification

Copyright © 2014 ITpreneurs. All rights reserved.

Getting Your IT

Security Learners

Ready for the Cloud

with CCSK

Certification


Accelerate Your

IT Training BusinessWelcome by Deborah Burton

Channel Marketing Manager, ITpreneurs


Low Barrier & High Impact: How ITpreneurs can boost your Top- & Bottom-line

Access a Comprehensive Library

Save content costs by up to 80%

● No Content Development Costs

● No Content Maintenance Costs

● Pay-per-use: Use more, pay less!

● 1000+ Titles

● Across most IT Domains

● 12 Languages

● Some unique Titles

Enjoy Convenience

● Anytime, Anywhere ordering

● Marketing Support

● Exam Services

● Accreditation

● Trainer Services

Stay on the Cutting-Edge

● First to Market

● Consistent Quality

● Various Delivery Formats

● Always Up-to-Date

● Sales & Marketing Enablement

Increase Revenues Save Costs


Getting Your IT Security

Learners Ready for the

Cloud with CCSK

Certification


Moderator:

May SauProducts & Solutions Marketing, ITpreneurs

Presenter:

Dr. Peter HJ van EijkCloud Security Expert

Today’s Speakers


• One of the world’s most experienced independent cloud

trainer; Delivered worldwide to 100s of students

• Certified trainer for CSA “Certificate of Cloud Security

Knowledge” (CCSK)

• Author of “Cloud Business Essentials”

• Author and Master trainer for “CompTIA Cloud

Essentials”

• Master Trainer for “Virtualization Essentials”

• Worked at (a.o.) Deloitte Consulting, EDS and University

of Twente

• Board member Dutch CSA Chapter

About Peter van Eijk

Copyright © 2014 ITpreneurs. All rights reserved.*

Agenda

● About CCSK: Certificate of Cloud Security Knowledge

● Business Needs

● Go-To-Market Strategy

● Get Started

● Questions & Answers


About CCSK


The CCSK is an examination testing for a broad foundation

of knowledge about cloud security, with topics ranging from

architecture, governance, compliance, operations,

encryption, virtualization and much more.

The body of knowledge was developed by the Cloud

Security Alliance and the European Network and Information

Security Agency (ENISA), and first released in 2010

• CSA: “Security Guidance for Critical Areas of Focus in Cloud Computing

V3.0” is the most important document CSA has produced.

• ENISA: “Cloud Computing, Benefits, risks and recommendations for

information security.

CCSK: Certificate of Cloud Security Knowledge


CCSK is the basis for many consumer/vendor

discussions around risk and assurance, and starts to

become required in certain segments

CIO.com listed CCSK as #1 on the list of Top Ten

Cloud Computing Certifications

(http://www.cio.com/slideshow/detail/129043#slide2)

Market Acceptance

http://www.cio.com/slideshow/detail/129043


Honestly, we don’t know exactly...

● Thousands of CCSK exams have been done already

● Almost every enterprise that uses IT will use cloud, for 30 percent security is

their top worry.

● Anecdotal evidence suggests that people who self study have 50% pass

rate, people who follow training have >90% pass rate

● CCSK adoption is growing double digit

● Course requests are upgrading from single seats to whole teams

Size of the Market


Even though cloud computing is a form of outsourcing, its characteristics have a

new and very important impact on the security posture and the management of

risks.

• It is not totally them or us

• Shared resources

• Ubiquitous access

• … and more

Each of these has a substantial and new impact on IT security and risk

management

History of CCSK – Cloud Characteristics


The Cloud Security Alliance (CSA) (founded in 2008) is a not-for-profit

organization with a mission to promote the use of best practices for providing

security assurance within Cloud Computing, and to provide education on the

uses of Cloud Computing to help secure all other forms of computing.

It is led by a broad coalition of industry practitioners, corporations, associations

and other key stakeholders.

Membership is free for professionals. 50K+ members

The CSA leads volunteer efforts to produce best practices documents.

Developed by the Leading

Industry Coalition


The Cloud Controls Matrix is a security and compliance control framework

● Cloud specific, cross-references multiple frameworks, including PCI-DSS,

ISO 27001, HIPAA.

● Controls match “Guidance” recommendations closely: CCSK is pretty

relevant

● Basis for STAR certification

● Starts to become a recognized tool for consumer vendor dialogue.

Relation with CCM


● To understand and discuss cloud: The body of knowledge facilitates

discussion around cloud computing risks and benefits

● To talk to providers: The CCM is gaining traction in organizing

consumer/provider discussions.

● To assess providers

● To organize compliance

● To demonstrate evidence of control.

Why Do Organizations Use CCSK?


Business Needs


Cloud adoption is unavoidable: the majority of companies is using cloud, and the number of applications is growing rapidly.

Security is listed as the number 1 obstacle to cloud adoption, and for good reason

Organizations struggle to structure the discussion around cloud benefits versus risks, caused by lack of understanding of basic cloud concepts

Business Drivers


1. Cloud is entering the organization from all sides

2. Board level request for a ‘cloud strategy’

3. Need to better understand how to control outsourcing in general

4. Need professional education points (PDU, CPE, etc) Essential in

being able to audit cloud services

5. Want to establish a credible cloud offering

The Need For CCSK


Go-To-Market

Strategies


Cloud Computing is a disruptive innovation in IT, on the same level as the

introduction of the PC and the Internet.

Cloud Computing affects most aspects of IT. If you offer any IT training, CCSK

will be a good addition to your portfolio. In particular if you offer IT training on:

• Risk Management and IT Audit (e.g. ISO 27001, CRISC)

• Service Management and Operations (ITIL)

• Architecture (TOGAF)

• Strategy (COBIT)

• IT Security (CISSP, CISM)

Your Opportunity


How is cloud computing affecting your

• IT Strategy

• Service Management

• IT Architecture

• IT Security

• Compliance and Audit?

You can find lots of white papers on the Cloud Security Alliance website

They all point to the need for better understanding of cloud security

Questions to Ask Your Customers:


Regional Hot Spots

CCSK appears to be fairly strong in

North-America (the exam is also

available in Spanish)

Europe (UK, Ireland, Germany,

Netherlands, Italy), Middle East

(Dubai, Oman), South-East Asia

(Kuala Lumpur, Singapore, and

Manila)

Japan seems to be

behind


Positioning CCSK: Certification Pathp

rofe

ssio

na

l ca

pa

city

career

Cloud

Essentials

Virtualization

Essentials

CCSK

CCC

Professional

Cloud

Security

Manager

Attendants with ISO 27001,

CISSP, CISM and CRISC report

that CCSK adds to their security

knowledge.


● GITEX - model of open training

● Large bank (IT risk management)

● Software Company becoming a cloud provider

● Government agency setting up a G-Cloud

Case Studies

Copyright © 2014 ITpreneurs. All rights reserved.*

• Medium to large organizationso IT staff

o Audit

• Service providerso Sales staff

o Leadership

o Solution consultants

• Auditors and consultants

Target Audience for CCSK Training?


Get Started


CCSK Classroom

The preferred option is a 3-day classroom delivery. This

includes practical work on cloud infrastructures that is

also doable for non technical attendants. Exam token is a

mandatory price component.

eLearning is not available at this time.

CSA lists both CCSK Foundation (1 day) and CCSK Plus (2 days) as options. However:

• Assumes high level of technical and security competence of attendants

• Does not leave room for discussing any attendant’s situation

• CCSK Foundation has no room for labs or demonstration


In-company groups

• Additional benefit is that a diverse cross company group

can be aligned on cloud understanding

• Logistically easier to arrange (venue, trainer)

Open classes

• Will only work if you have large relevant targeted mailing

lists, or can combine the training with a conference

Sales Opportunities


Contents of CCSK

● The body of knowledge is divided in 15 domains

● The exam has questions for each domain

● The domains overlap and cross reference at various points, and a significant portion is managerial

rather than technical

CCSK Exam

The CCSK examination is a timed, multiple choice examination you take online. The examination

consists of 60 multiple choice questions selected randomly from our question pool, and must be

completed within 90 minutes. A participant must correctly answer 80% of the questions to receive a

passing score. Because the exam is online, it is open book.

Participants get two tries

Course Details


How You Can Get Started - 1/2

Classroom Courseware Instructors

Train your own instructor,

or leverage an ITpreneurs

instructor to teach

Exams

We’ll help you book

and deliver all exams -

online or paper based. 1/2


How You Can Get Started - 2/2

Visit the ITpreneurs.com Website

Review the Product of Interest

Get in touch either through the Contact

Form, send us an email, or call!

2/2


Q&A


P: +31 107.110.260

E: [email protected]

Contact Us

May Sau

Products & Solutions Marketing

ITpreneurs | Rotterdam | The Netherlands

mailto:[email protected]

getting your it security learners ready for the cloud with ccsk certification

Technology

cloud security alliance

security guidance

percent security

itpreneurs presenter

cloud computing v3

security learners ready

ccsk certificationcopyright

agendaabout ccsk