Upload
itpreneurs
View
126
Download
0
Tags:
Embed Size (px)
Citation preview
Copyright © 2014 ITpreneurs. All rights reserved.
Getting Your IT
Security Learners
Ready for the Cloud
with CCSK
Certification
Copyright © 2014 ITpreneurs. All rights reserved.
Accelerate Your
IT Training BusinessWelcome by Deborah Burton
Channel Marketing Manager, ITpreneurs
Copyright © 2014 ITpreneurs. All rights reserved.
Low Barrier & High Impact: How ITpreneurs can boost your Top- & Bottom-line
Access a Comprehensive Library
Save content costs by up to 80%
● No Content Development Costs
● No Content Maintenance Costs
● Pay-per-use: Use more, pay less!
● 1000+ Titles
● Across most IT Domains
● 12 Languages
● Some unique Titles
Enjoy Convenience
● Anytime, Anywhere ordering
● Marketing Support
● Exam Services
● Accreditation
● Trainer Services
Stay on the Cutting-Edge
● First to Market
● Consistent Quality
● Various Delivery Formats
● Always Up-to-Date
● Sales & Marketing Enablement
Increase Revenues Save Costs
Copyright © 2014 ITpreneurs. All rights reserved.
Getting Your IT Security
Learners Ready for the
Cloud with CCSK
Certification
Copyright © 2014 ITpreneurs. All rights reserved.
Moderator:
May SauProducts & Solutions Marketing, ITpreneurs
Presenter:
Dr. Peter HJ van EijkCloud Security Expert
Today’s Speakers
Copyright © 2014 ITpreneurs. All rights reserved.
• One of the world’s most experienced independent cloud
trainer; Delivered worldwide to 100s of students
• Certified trainer for CSA “Certificate of Cloud Security
Knowledge” (CCSK)
• Author of “Cloud Business Essentials”
• Author and Master trainer for “CompTIA Cloud
Essentials”
• Master Trainer for “Virtualization Essentials”
• Worked at (a.o.) Deloitte Consulting, EDS and University
of Twente
• Board member Dutch CSA Chapter
About Peter van Eijk
Copyright © 2014 ITpreneurs. All rights reserved.*
Agenda
● About CCSK: Certificate of Cloud Security Knowledge
● Business Needs
● Go-To-Market Strategy
● Get Started
● Questions & Answers
Copyright © 2014 ITpreneurs. All rights reserved.
The CCSK is an examination testing for a broad foundation
of knowledge about cloud security, with topics ranging from
architecture, governance, compliance, operations,
encryption, virtualization and much more.
The body of knowledge was developed by the Cloud
Security Alliance and the European Network and Information
Security Agency (ENISA), and first released in 2010
• CSA: “Security Guidance for Critical Areas of Focus in Cloud Computing
V3.0” is the most important document CSA has produced.
• ENISA: “Cloud Computing, Benefits, risks and recommendations for
information security.
CCSK: Certificate of Cloud Security Knowledge
Copyright © 2014 ITpreneurs. All rights reserved.
CCSK is the basis for many consumer/vendor
discussions around risk and assurance, and starts to
become required in certain segments
CIO.com listed CCSK as #1 on the list of Top Ten
Cloud Computing Certifications
(http://www.cio.com/slideshow/detail/129043#slide2)
Market Acceptance
Copyright © 2014 ITpreneurs. All rights reserved.
Honestly, we don’t know exactly...
● Thousands of CCSK exams have been done already
● Almost every enterprise that uses IT will use cloud, for 30 percent security is
their top worry.
● Anecdotal evidence suggests that people who self study have 50% pass
rate, people who follow training have >90% pass rate
● CCSK adoption is growing double digit
● Course requests are upgrading from single seats to whole teams
Size of the Market
Copyright © 2014 ITpreneurs. All rights reserved.
Even though cloud computing is a form of outsourcing, its characteristics have a
new and very important impact on the security posture and the management of
risks.
• It is not totally them or us
• Shared resources
• Ubiquitous access
• … and more
Each of these has a substantial and new impact on IT security and risk
management
History of CCSK – Cloud Characteristics
Copyright © 2014 ITpreneurs. All rights reserved.
The Cloud Security Alliance (CSA) (founded in 2008) is a not-for-profit
organization with a mission to promote the use of best practices for providing
security assurance within Cloud Computing, and to provide education on the
uses of Cloud Computing to help secure all other forms of computing.
It is led by a broad coalition of industry practitioners, corporations, associations
and other key stakeholders.
Membership is free for professionals. 50K+ members
The CSA leads volunteer efforts to produce best practices documents.
Developed by the Leading
Industry Coalition
Copyright © 2014 ITpreneurs. All rights reserved.
The Cloud Controls Matrix is a security and compliance control framework
● Cloud specific, cross-references multiple frameworks, including PCI-DSS,
ISO 27001, HIPAA.
● Controls match “Guidance” recommendations closely: CCSK is pretty
relevant
● Basis for STAR certification
● Starts to become a recognized tool for consumer vendor dialogue.
Relation with CCM
Copyright © 2014 ITpreneurs. All rights reserved.
● To understand and discuss cloud: The body of knowledge facilitates
discussion around cloud computing risks and benefits
● To talk to providers: The CCM is gaining traction in organizing
consumer/provider discussions.
● To assess providers
● To organize compliance
● To demonstrate evidence of control.
Why Do Organizations Use CCSK?
Copyright © 2014 ITpreneurs. All rights reserved.
Cloud adoption is unavoidable: the majority of companies is using cloud, and the number of applications is growing rapidly.
Security is listed as the number 1 obstacle to cloud adoption, and for good reason
Organizations struggle to structure the discussion around cloud benefits versus risks, caused by lack of understanding of basic cloud concepts
Business Drivers
Copyright © 2014 ITpreneurs. All rights reserved.
1. Cloud is entering the organization from all sides
2. Board level request for a ‘cloud strategy’
3. Need to better understand how to control outsourcing in general
4. Need professional education points (PDU, CPE, etc) Essential in
being able to audit cloud services
5. Want to establish a credible cloud offering
The Need For CCSK
Copyright © 2014 ITpreneurs. All rights reserved.
Cloud Computing is a disruptive innovation in IT, on the same level as the
introduction of the PC and the Internet.
Cloud Computing affects most aspects of IT. If you offer any IT training, CCSK
will be a good addition to your portfolio. In particular if you offer IT training on:
• Risk Management and IT Audit (e.g. ISO 27001, CRISC)
• Service Management and Operations (ITIL)
• Architecture (TOGAF)
• Strategy (COBIT)
• IT Security (CISSP, CISM)
Your Opportunity
Copyright © 2014 ITpreneurs. All rights reserved.
How is cloud computing affecting your
• IT Strategy
• Service Management
• IT Architecture
• IT Security
• Compliance and Audit?
You can find lots of white papers on the Cloud Security Alliance website
They all point to the need for better understanding of cloud security
Questions to Ask Your Customers:
Copyright © 2014 ITpreneurs. All rights reserved.
Regional Hot Spots
CCSK appears to be fairly strong in
North-America (the exam is also
available in Spanish)
Europe (UK, Ireland, Germany,
Netherlands, Italy), Middle East
(Dubai, Oman), South-East Asia
(Kuala Lumpur, Singapore, and
Manila)
Japan seems to be
behind
Copyright © 2014 ITpreneurs. All rights reserved.
Positioning CCSK: Certification Pathp
rofe
ssio
na
l ca
pa
city
career
Cloud
Essentials
Virtualization
Essentials
CCSK
CCC
Professional
Cloud
Security
Manager
Attendants with ISO 27001,
CISSP, CISM and CRISC report
that CCSK adds to their security
knowledge.
Copyright © 2014 ITpreneurs. All rights reserved.
● GITEX - model of open training
● Large bank (IT risk management)
● Software Company becoming a cloud provider
● Government agency setting up a G-Cloud
Case Studies
Copyright © 2014 ITpreneurs. All rights reserved.*
• Medium to large organizationso IT staff
o Audit
• Service providerso Sales staff
o Leadership
o Solution consultants
• Auditors and consultants
Target Audience for CCSK Training?
Copyright © 2014 ITpreneurs. All rights reserved.
CCSK Classroom
The preferred option is a 3-day classroom delivery. This
includes practical work on cloud infrastructures that is
also doable for non technical attendants. Exam token is a
mandatory price component.
eLearning is not available at this time.
CSA lists both CCSK Foundation (1 day) and CCSK Plus (2 days) as options. However:
• Assumes high level of technical and security competence of attendants
• Does not leave room for discussing any attendant’s situation
• CCSK Foundation has no room for labs or demonstration
Copyright © 2014 ITpreneurs. All rights reserved.
In-company groups
• Additional benefit is that a diverse cross company group
can be aligned on cloud understanding
• Logistically easier to arrange (venue, trainer)
Open classes
• Will only work if you have large relevant targeted mailing
lists, or can combine the training with a conference
Sales Opportunities
Copyright © 2014 ITpreneurs. All rights reserved.
Contents of CCSK
● The body of knowledge is divided in 15 domains
● The exam has questions for each domain
● The domains overlap and cross reference at various points, and a significant portion is managerial
rather than technical
CCSK Exam
The CCSK examination is a timed, multiple choice examination you take online. The examination
consists of 60 multiple choice questions selected randomly from our question pool, and must be
completed within 90 minutes. A participant must correctly answer 80% of the questions to receive a
passing score. Because the exam is online, it is open book.
Participants get two tries
Course Details
Copyright © 2014 ITpreneurs. All rights reserved.
How You Can Get Started - 1/2
Classroom Courseware Instructors
Train your own instructor,
or leverage an ITpreneurs
instructor to teach
Exams
We’ll help you book
and deliver all exams -
online or paper based. 1/2
Copyright © 2014 ITpreneurs. All rights reserved.
How You Can Get Started - 2/2
Visit the ITpreneurs.com Website
Review the Product of Interest
Get in touch either through the Contact
Form, send us an email, or call!
2/2
Copyright © 2014 ITpreneurs. All rights reserved.
P: +31 107.110.260
Contact Us
May Sau
Products & Solutions Marketing
ITpreneurs | Rotterdam | The Netherlands