CCSP-isc2

CCSP , joint project from CSA and ISC2

(All comments and blog posts are personal opinions. Not related to any organisation.)

I like to share an exciting news about Certified Cloud Security Professional (CCSP℠). This week I received an email from ISC2 on awarding me CCSP designation. The blue color of CCSP (Certified Cloud Security Professional) Logo from ISC2 resembles the sky in a sunny day. Same as the sky here in Singapore.

Risks of running application and services on the cloud has been an impediment  and people (journalist in particular) tends to see the cloudy side! I involved in many discussions on cloud security in my volunteer works in CSA Hong Kong & Macau Chapter. Some of the concerns are valid , in particular the lack of experienced professionals and knowledge framework.

CCSP with the support from CSA and ISC2 is the answer to these concerns. In 2013, visionaries (like Aloysius Cheang from CSA APAC and Hord Tipton from ISC2 ) in both organisations joined together in response to market needs. In the past two years, A few other volunteers from CSA and I worked with ISC2 and their consultant Pearson VUE to develop CCSP CBK and examination questions. It was a rewarding experiences.

The process administrated is very structured and all rounded, with concept mapping, team discussions and psychometric analysis. As a security professional, I am thinking maybe system development life cycle (SDLC) should also make use of similar validation process to ensure each feature implemented is user facing and also balanced!

Developing Cloud Security certification is a challenge due to its extensive scope. The final CBK covers six domains:

  • Architectural Concepts & Design Requirements
  • Cloud Data Security
  • Cloud Platform & Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal & Compliance

Very few people acquired working experiences in all six domains. However, learning cloud technology knowledge and applying security principles in a virtualised environment are both achievable via CCSP CBK. Studying CCSP domains and passing the exam will help security professional to gain knowledge in a structure way, thus able to demonstrate their security skills are not outdated.

This entry was posted in Information security strategy, Security Certification and tagged , , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup www.powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s