New professional certification for cloud security

(ISC)2 and the Cloud Security Alliance (CSA) have signed an agreement to collaborate on a new professional certification for information security.

The combined initiative will address a concern over the security of modern business systems by establishing a global understanding of professional knowledge and best practices in the design, implementation and management of cloud computing systems.

The new credential will build on existing certifications offered by both organizations, including (ISC)2’s Certified Information Systems Security Professional (CISSP) and CSA’s Certificate of Cloud Security Knowledge (CCSK), by examining the depth of technical knowledge required in architecting business systems, based on cloud computing.

“As organizations continue to adopt cloud computing at a rapid pace, there is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses,” says W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director for (ISC)2. “Our combined effort ensures the world’s knowledge leaders are put to the task.”

“(ISC)2 and CSA have each recognized that the global economy’s reliance on cloud services has advanced extremely quickly. Businesses are moving vast amounts of data into the cloud, and consumers are gobbling up new, usually mobile services that emerge on a daily basis. It is incumbent upon us to make our collective experience as accessible as possible, and the further development of professional-level recognition is key to achieving this,” says Jim Reavis, co-founder and executive director of the Cloud Security Alliance.

The (ISC)2 2013 Global Information Security Workforce Study (GISWS) confirmed cloud computing as the number one area of demand for training, identified by nearly 60 percent of the study’s more than 12,000 respondents.

The study, which has tracked the impact of cloud computing on the information security profession since 2010, also confirms that business are embracing the cloud, with virtually all respondents saying they work in companies with some level of cloud computing, and most (61 percent) identifying public cloud services, including software or infrastructure as a service or a hybrid cloud environment. This is despite nearly three quarters also confirming the need for new skills, particularly for deep technical knowledge and guidance on how security applies to the cloud.

“The Information security community remains concerned about the proliferation of cloud computing because it is making its way into the mainstream without the associated risks being well understood. Establishing professional norms will ensure the required knowledge and decision-making skills are proliferated,” says John Colley, CISSP, managing director EMEA, (ISC)2.

The initiative pools significant expertise from both organisations, including the CSA’s body of research, developed by subject matter experts, and its contributions toward the development of an ISO standard; and (ISC)2’s member-driven job task analysis methodology for the development and management of the world’s leading information and software security professional credentials.

Under the collaboration, (ISC)2 will lead subject matter experts drawn from the memberships of both organisations through the job task analysis process to develop a focused common body of knowledge reflecting areas of required expertise and the technology-agnostic approach to defining domains of practice that serve as the foundation of all (ISC)2 certifications. The work will also determine a globally accepted benchmark for the level of experience required to denote competency in the field of practice covered by the common body of knowledge.

The new credential and first examinations are due to be available in 2014.