Certificate of Cloud Security (CCSK) Review

rob1234 · March 2014

The Certificate of Cloud Security (CCSK) is an exam focusing on cloud computing and security. The exam is administrated by the Cloud Security Alliance. I have not seen a great deal mentioned about this certification but I decided about a month ago I would study for it.

What I liked is that you do not need to buy any studying material the exam is based on two documents the CSA Guidance and the ENISA: Report both these documents are free to download from the CSA website and that's all you need!

The exam itself is open book and done on-line from anywhere the cost is $345 (£212) and is 90 minutes long with 60 questions to answer during the exam you can mark answers that your not sure about and go back to any question in the exam. There is a timer at the top of the page telling you time left and how many questions you have answered. You also get two attempts at the exam if needed. The pass mark is 80% which I think is quite high. 92% of the questions are from the CSA guidance document with the remaining 8% from the ENISA document.

To prepare for the exam I simply read both the documents a few times the exam itself was not as difficult as I expected as I had read that the pass rate including both attempts was only around 55% some of the questions you could simply cut and paste sections of the question and search within the pdf study guides for the answers but the majority that was not the case and due to the time constraints if you did not know the answers the guides would not help you.

Overall I would recommend this exam to anyone that is interested in cloud computing it contains some useful material and although I am not a big fan of on-line exams as anyone could sit the exam etc. I think for the cost and with a lack of cloud computing certifications aimed at the security field this is a reasonable certification to purse. It is worth noting that the cloud security alliance has teamed up with ISC2 and are working on releasing a new cloud security certification this year this will gain more coverage due to the ISC2 involvement and is worth keeping an eye out for as well.

docrice · March 2014

Thanks for the review. I hear very little about the CCSK so it's great to hear from someone who has gone through the process.

JDMurray · March 2014

Did you actually take the exam and pass?

MSP-IT · March 2014

I think cloud security would be a great role. It'll be interesting to see what they and (ISC)2 will be able to come up with.

JDMurray · March 2014

The (ISC)2 is looking for Cloud SMEs now to create their new Cloud cert.

rob1234 · March 2014

JDMurray wrote: »

Did you actually take the exam and pass?

Yep password with 92%

GoodBishop · March 2014

I'm tempted to wait until ISC2 comes out with their cloud cert (merging with CCSK), before I go for it.

colemic · March 2014

Does anyone think existing certholders will be grandfathered into the new one?

certmonk · January 2015

Passed the exam in my first attempt.
General impression:
Easier than I anticipated, candidates with some background in Cloud security can handle this if they gain sufficient familiarity with the guides provided.

Preparation for the exam
Resources used:
Primary: CCSK Guide V3.0, ENISA security & risk assessment guide, NIST 800-145
Additional: NIST Cloud Security Reference Architecture, NIST SP 500-292

Preparation approach:
I have a background in reviewing SaaS from a security perspective for the past 2+ years. Studied the primary resources once thoroughly over a month before the exam, created a mind map of relevant facts (glad to share the mind map if anyone is interested - send an email to <nathantsuri>AT<gmail>DOT<com>), reviewed recommendations and requirements sections for each domain the week before the exam.

Exam Logistics:
60 Qs in 90 min; gave me sufficient time to study each question, review answer choices, pick the closest one and in some cases search through the documents for confirmation when in doubt.

Good luck aspiring CCSK candidates!
Nathan Suri

certmonk · January 2015

@JDMurray, do you know how one can volunteer/participate/contribute to the ISC2 cloud certification creation. I have been working in Cloud security space for the past 2-3 years, now have CCSK certification, I have participated in CSSLP item development in the past.

JDMurray · January 2015

I would suggest contacting the (ISC)2 people you worked with for the CSSLP cert and ask about their upcoming Cloud cert.

fuz1on · January 2015

Congrats. I'm really interested in this cert but didn't know what to expect in difficulty vs. an exam like Cloud+. Plus, I know Symantec's cert is the CCSK + their proprietary exam now and that's always nice to be 50% of the way there to another cert.

GoodBishop · January 2015

I'd be interested in your mind map, certmonk, I'll see if I can send you a PM.

bburrell804 · January 2016

Hello Sir,

I am interested in your mind map for the CCSK exam. I am gearing up my second attempt, so you can assist me with providing your map would be a great help.

GoodBishop · January 2016

Pleased to note that I passed the CCSK v3.0 as of 12/30. Bam.

bigdogz · January 2016

GoodBishop,

Congrats on the pass !!!
What did you use for study material... the newer documentation from CCSK?

GoodBishop · January 2016

Yep, just the two documents that were listed that you need to study. I didn't buy any books or anything from Amazon.

I did however went through each document, and took the corresponding domains, and essentially cut and paste the answer to the domain in a document. As I was doing that, it was essentially like a review, so when I took the test, it was fairly easy.

Certificate of Cloud Security (CCSK) Review

Comments