Sorry, you need to enable JavaScript to visit this website.

Image CAPTCHA
Enter the characters shown in the image.

7 tips for getting CCSK certified

7 tips for getting CCSK certified
2012-09-042013-03-28securityen
Cloud computing security is a topic of increasing interest to IT professionals . Understanding it requires a strong knowledge of both cloud computing and security. The Cloud Security Alliance's Certificate of Cloud Security Knowledge (CCSK) is designed to assess knowledge of IT as a Service...
Published September 4, 2012 by Jean-François Audenard in security
7 tips for getting CCSK certified

Cloud computing security is a topic of increasing interest to IT professionals . Understanding it requires a strong knowledge of both cloud computing and security.

The Cloud Security Alliance’s Certificate of Cloud Security Knowledge (CCSK) is designed to assess knowledge of IT as a Service security. Passing a certification test is always a challenge, since you can never be sure whether there will be trick questions, what topics will be covered, etc.

my experience

As someone who had the same worries and is now certified, let me offer you some useful tips. This information is based on the test I passed on April 16, 2012, so it’s up to date.

I can’t tell you the questions I was asked—in any case, you may not have the same ones—but I’ll give you advice that helped me. Then it’s up to you!

important documents (in theory)

Theoretically, it is important to review these four documents (in order of decreasing importance):

important documents (in practice)

If you only have time to read one thing, it should be the Cloud Security Alliance document, which is essential for the test. The “Domain 5 – Information Lifecycle Management” chapter is key—I had quite a few questions about it on the test.

You should also read at least the executive summary of the ENISA document. As for the other two, a quick read-through should suffice.

Of course, the amount of time you need to spend reading the documents depends on your familiarity with the subject matter. I dream about this stuff at night, so I was able to skim over certain areas .

types of questions

The test consists of 50 multiple-choice questions, each with only one correct answer (at least when I took the exam, thank goodness ).

The most difficult ones are based on the Cloud Security Alliance document (although those covering “Domain 5 – Information Lifecycle Management” were not too difficult). The questions referring to the other documents are identified as such, so it’s clear where to find the answers—the test is pretty straightforward.

For sample questions, check out at the CCSK certification page on the Cloud Security Alliance website.

registration and scoring

You can register and take the test online ($295 for two tries) at any time. The Web interface is easy to use; I didn’t have any problems during my test.

To be CCSK certified, you must correctly answer at least 40 out of 50 questions (80% accuracy) in less than an hour.

Overall, the questions are relatively difficult. But the questions on the ENISA document weren’t too hard, and you can consult the documents during the test (the “find” bar is quite useful). The questions on the NIST and Jericho Forum documents weren’t too challenging either.

using the documents: helpful but not sufficient

Although you are allowed to search the documents, you only have an hour to answer 50 questions. That’s a little more than a minute per question (72 seconds to be exact). That’s not much time, so if you try to just search the documents, you’re likely to have problems. And of course, you can’t pause the test once it has started—that would be too easy.

But the “find” bar can come in handy for questions on the ENISA document. It’s also reassuring to have “Domain 5 – Information Lifecycle Management" from the Cloud Security Alliance guide on hand. But consulting the documents is not enough, at least in my experience.

Of course, being certified does not necessarily mean you’re an expert. I've interviewed CISSP-certified candidates who couldn’t clearly explain the principles of a document signature with asymmetric keys.

what’s not in the documents

I had to answer a few questions (two or three) on the security of the Amazon EC2 service. So I encourage you to read (among other things) “Amazon Web Services: Risk and Compliance” and to look at this “Using Security Groups” page.

Although I got questions about Amazon EC2, it’s entirely possible that you will have questions about other services. Your profession and experience will obviously play a key role here. If you work in cloud security and are a curious person by nature, passing the CCSK test shouldn’t be too difficult.

the pot of gold at the end

At the end of 60 minutes you’ll get your score immediately. If everything goes well, you can download your diploma in PDF or HTML format.

You’ll be able to see your success rate in each area (Applied, Domains 1-10 and ENISA), but not which questions you answered incorrectly. I made two mistakes (one in “Domain 3 – Legal and eDiscovery” and another in “Domain 4 – Compliance and Audit”).

in conclusion

Getting certified is not that simple. According to DarkReading's “Cloud Security Certification Not So Simple” (August 9, 2011), only 53% of test takers manage to get the diploma. The article’s author, Jim Reavis, lists four primary topics to study, and I had questions on them during my test.

If you work in cloud security, getting CCSK certified can benefit both you and your employer. If you know the field, you just need to refresh a bit (and concentrate for an hour). In my case, the idea came to me at the office on a Monday morning. I said to myself, “I can do this!” One hour later I had my diploma.

Good luck!

Jean-Francois (aka Jeff)

This post was originally published in French here.

image © niakc10 - Fotolia.com

3 Comments

  • April 6, 2014
    2014-04-06
    by
    Dezmond Bonaparte
    Hello, Thank you for your insightful strategies. I am currently reading through the document provided by the CSA. However, I am a "note taker" and I'm finding that its hampering my progress in completing the 177 page document. D you have any tips on how to properly take notes, as in, finding key points that will undoubtedly need to be known. I've been doing research and apparently there are people clearing this document in as little as a few hours and passing the exam. T
  • September 19, 2013
    2014-04-06
    by
    Jeff
    Hi Jerry.
    If you want to jump into the Cloud security bandwagon my recommendation will be to print out the "Security Guidance" document from the Cloud Security Alliance (can be donwloaded for free from the CSA website) and to read-it carefully. From what I can see this the most comprehensive document (at least for now) on the topic.
    Afterwards, read the other documents and try to pass the CCSK certification.
    Good luck to you.
    Jeff.
  • September 19, 2013
    2014-04-06
    by
    Jerry
    Hi Jeff,
    Nice writeup. I am currently not in the cloud security business. But I have been in the IT industry (mainly storage and server deployment) for the last 10 years. I wanted to get a certification on cloud + security and found this CCSK by accident. It sounds like a hill to climb for me but I really want to attempt this. Do you have any advice for me? Thanks
    Jerry

Add comment

comments

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <br>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Email HTML

  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
Image CAPTCHA
Enter the characters shown in the image.
Change the display