The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Find Your Footing in Cloud Security with CCSK

CCSK cloud security duoCandidates will also find that the two programs differ significantly in their ongoing maintenance requirements. The CCSK actually has no ongoing requirements. Once you pass the CCSK exam, you’re certified and you don’t need to do anything to maintain your certification on an ongoing basis.


The CCSP implements a continuing education program very similar to the program that (ISC)² uses for its flagship Certified Information Systems Security Professional (CISSP) program. CCSP certification holders must pay a $100 annual maintenance fee and must complete 30 hours of continuing professional education on an annual basis.


What’s Covered on the CCSK?


The CCSK covers a wide variety of cloud computing topics, and you should expect to see questions that quiz your knowledge of those topics. Unlike many certification programs, the CCSK is solely based upon two reference documents cited by the CSA: the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing v3.0 and the European Network and Information Security Agency (ENISA)’s Cloud Computing: Benefits, Risks, and Recommendations for Information Security.


Both of these documents are available for free from their publishers, making it rather straightforward to obtain reference materials and study for the exam. In fact, there’s no need to purchase a study guide or take a course. You can download the materials and prepare fully for the exam with just a few weeks’ effort.


The CSA security guidance document comprises the vast majority of the material on the exam and does cover a wide range of cloud security knowledge. You’ll find that the document divides cloud security issues into 14 distinct domains, each covered by 10 or 20 pages in the guidance document. The 14 CCSK domains as a follows:


1) Architecture
2) Governance and Enterprise Risk Management
3) Legal Issues: Contracts and Electronic Discovery
4) Compliance and Audit Management
5) Information Management and Data Security
6) Interoperability and Portability
7) Traditional Security, Business Continuity, and Disaster Recovery
8) Data Center Operations
9) Incident Response
10) Application Security
11) Encryption and Key Management
12) Identity, Entitlement and Access Management
13) Virtualization
14) Security as a Service


The ENISA document has some overlap with the CSA document in its coverage of cloud security basics, but it adds a strong focus on risk assessment, including a detailed exploration of many of the risks and vulnerabilities associated with doing business in the cloud. The major topics covered by ENISA’s cloud risk assessment include:


● Security benefits of cloud computing
● Risk assessment
● Risk types and categories (policy and organizational risks, technical risks, legal risks, and risks not specific to the cloud)
● Vulnerabilities
● Assets
● Information assurance framework
● Information assurance requirements
● Research recommendations


Together, these two documents comprise the entire body of knowledge for the CCSK certification. Remember: The CCSK is a knowledge-based certification and not an experience-based certification. If you read and understand the information contained within these documents, then you will have all of the information that you need to pass the CCSK exam.


One other word of wisdom — the exam is heavily skewed toward the CSA security guidance document. In fact, 92 percent of the exam questions are drawn from that document, while only 8 percent come from the ENISA document. You should prioritize your study time accordingly!


Technology professionals seeking to broaden their understanding of cloud security should consider CCSK a reliable introductory certification. There is a straightforward study process, and the exam itself affords a high degree of convenience and accessibility. Those seeking a more rigorous credential should consider focusing instead on the more advanced CCSP certification program.



Mike Chapple is Senior Director for IT Service Delivery at the University of Notre Dame. Mike is CISSP certified and holds bachelor’s and doctoral degrees in computer science and engineering from Notre Dame, with a master’s degree in computer science from the University of Idaho and an MBA from Auburn University.