The new credential will build on existing certifications offered by both organisations, including (ISC)²'s Certified Information Systems Security Professional (CISSP) and CSA's Certificate of Cloud Security Knowledge (CCSK), by examining the depth of technical knowledge required in architecting business systems, based on cloud computing.
"As organisations continue to adopt cloud computing at a rapid pace, there is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses," says W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director for (ISC)². "Our combined effort ensures the world's knowledge leaders are put to the task."
"(ISC)² and CSA have each recognised that the global economy's reliance on cloud services has advanced extremely quickly. Businesses are moving vast amounts of data into the cloud, and consumers are gobbling up new, usually mobile services that emerge on a daily basis. It is incumbent upon us to make our collective experience as accessible as possible, and the further development of professional–level recognition is key to achieving this," says Jim Reavis, co-founder and executive director of the Cloud Security Alliance.
The (ISC)² 2013 Global Information Security Workforce Study (GISWS) confirmed cloud computing as the number one area of demand for training, identified by nearly 60% of the study's more than 12,000 respondents. The study, which has tracked the impact of cloud computing on the information security profession since 2010, also confirms that business are embracing the cloud, with virtually all respondents saying they work in companies with some level of cloud computing, and most (61 percent) identifying public cloud services, including software or infrastructure as a service or a hybrid cloud environment. This is despite nearly three quarters also confirming the need for new skills, particularly for deep technical knowledge and guidance on how security applies to the cloud.
"The Information security community remains concerned about the proliferation of cloud computing because it is making its way into the mainstream without the associated risks being well understood. Establishing professional norms will ensure the required knowledge and decision-making skills are proliferated," says John Colley, CISSP, managing director EMEA, (ISC)².
The initiative pools significant expertise from both organisations, including the CSA's body of research, developed by subject matter experts, and its contributions toward the development of an ISO standard; and (ISC)²'s member-driven job task analysis methodology for the development and management of the world's leading information and software security professional credentials. Under the collaboration, (ISC)² will lead subject matter experts drawn from the memberships of both organisations through the job task analysis process to develop a focused common body of knowledge reflecting areas of required expertise and the technology-agnostic approach to defining domains of practice that serve as the foundation of all (ISC)² certifications. The work will also determine a globally accepted benchmark for the level of experience required to denote competency in the field of practice covered by the common body of knowledge.
The new credential and first examinations are due to be available in 2014.