Csa summit who can protect us education for cloud security professionals
-
Upload
csa-argentina -
Category
Technology
-
view
260 -
download
0
Transcript of Csa summit who can protect us education for cloud security professionals
Who can protect us?Education for cloud security professionals
Leonardo GoldimCEO, IT2S Group
Overview
New Technologies, New Models• Virtualization• Cloud Computing• BYO*• Big Data• IoT
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Cloud Computing Concerns
• Security• Privacy• Compliance
2015 (ISC)² Global Information Security Workforce Study
• ~ 14,000 information security professionals: cloud security is a priority for organizations
• 73% - information security professional must develop new skills• 70% - cloud security certification program are relevant
Who are able to protect us?
Industry Needs• Professionals who understand and can apply effective security
measures to cloud environments• A reliable indicator of overall competency in cloud security• Roadmap and career path into cloud security• Common global understanding of professional knowledge and best
practices in the design, implementation and management of cloud computing systems.
Security Professionals Needs• Specialized skill required• Qualified professional help organizations take advantage of cloud services
• Growing adoption of cloud increase the demand for security professional• Cloud expertise move from “nice to have” to “must have”
Required Skills For Cloud• Applying security (general foundational understanding
still needed)• Understanding cloud security guidelines and reference
architectures • Knowing compliance issues • Enhancing technical knowledge • Specifying contractual obligations and requirements
related to security
(ISC)² and CSA
(ISC)² and CSA• CSA
• Individual (CCSK) and organizational (STAR) certifications
• Actively writing ISO standards for cloud security
• 400+ member organizations around the world
• Significant SME pool• Common Book of Knowledge• Ability to reach endorsement on a
company-wide-level with member organizations
• (ISC)2• Individual (CISSP, SSCP, CSSLP etc.)
certifications• Actively involved with ISO on
27xxx• 100,000+ members globally• ISO/IEC 17024 accreditation• DOD mandate• Significant SME pool• Common Bodies of Knowledge
Working Together• Power of two global, industry-leading non-profit associations
• Stewards for the cloud security and information security profession • Corporate cloud thought leaders• Organizations that reinforce professionals’ ability and experience to audit, assess, and
secure cloud infrastructures
• Building on existing certifications from both organizations• Ensures CCSP reflects the most current and comprehensive best practices for
securing & optimizing cloud computing environments• Establishes a globally accepted benchmark for confirming professional
competency in cloud security • Industry expert research and opportunities for continuing education
CCSK(Certificate of Cloud Security knowledge)
Development• Certification Board
– Ariel Litvin– Ben Katsumi– Carlos Saiz– Christofer Hoff– Craig Balding– Gerhard Eschelbeck– Gianluca D’Antonio– Hadass Harel
– Jim Reavis– Joshua Davis– Keith Prabhu– Leonardo Goldim– Peter Gregory– Peter Kunz– Randy Barr– Rich Mogull
Candidates• Suitable for a wide variety of professions that must be concerned with
cloud computing:• IT Professionals• Security Professionals• Auditors• Compliance• Managers• Non-IT Professionals
Value for Candidates• Validate your competence gained through experience in cloud
security• Demonstrate your technical knowledge, skills, and abilities to
effectively develop a holistic cloud security program relative to globally accepted standards• Differentiate yourself from other candidates for desirable
employment in the fast-growing cloud security market• Gain access to valuable career resources, such as tools, networking
and ideas exchange with peers
Value for Organizations• Protect against threats with qualified professionals who have the
expertise to competently design, build, and maintain a secure cloud business environment• Increase your confidence that candidates are qualified and committed
to cloud security• Ensure practitioners use a universal language, circumventing
ambiguity with industry-accepted cloud security terms and practices• Increase organizations’ credibility when working with constituents
Requirements and Domains
• CSA Guidance• Enisa report “Cloud Computing: Benefits, Risks and
Recommendations for Information Security”
CSA Guidance Domains– Cloud Computing Architectural
Framework– Governance and Enterprise Risk
Management– Legal Issues– Compliance and Audit
Management– Information Management and
Data Security– Interoperability and Portability
– Business Continuity and Disaster Recovery
– Data Center Operations– Incident Response– Application Security– Encryption and Key Management– IAM– Virtualization– Security as a Service
Exam• 90 minutes• 60 questions• US$ 345• Web based• No expires
CCSP(Certified cloud security professional)
Development• Job Task Analysis (JTA)
• Subject Matter Experts (SMEs)• (ISC)², CSA, Industry• Asia-Pacific, Europe, Middle East, Brazil, US
Candidates• IT, IT Security, Compliance:
– Enterprise Architect– Security Administrator– Systems Engineer – Security Architect
– Security Consultant– Security Engineer– Security Manager– Systems Architect
Target Organizations• Employers will be crucial to driving adoption of the credential among
appropriate employees and job seekers. • Cloud “thought leaders” (including those attempting to be leaders) who are
trying to promote their position in the cloud market could be influential in driving demand for CCSP. • Target employers include:
• Cloud Service Providers: they know the challenges; value competency; • Information Security Consultants; • IT Integrators and Consultants; • Software Companies. • Government agencies, grappling with migrations to cloud services, should value the
competence reflected by CCSP
Value for Candidates• Demonstrates not just cloud knowledge but competence gained
through hands-on experience in addressing the unique information security demands intrinsic to cloud environments• Affirms commitment to understanding and applying security best
practices to cloud environments – today and in the future• Enhances credibility and marketability for the most desirable cloud
security opportunities; bolsters standing and provides a career differentiator • As a member of (ISC)2, CCSPs gain access to valuable career
resources, such as networking and ideas exchange with peers
Value for Organizations• Secures and optimize organization’s use of cloud computing with qualified
professionals who’ve demonstrated cloud security competence • Ensures the organization is applying the proper cloud security controls internally and
with 3rd parties by reinforcing risk and legal requirements through cloud contract and SLA’s with cloud service providers• Backed by the two leading stewards of information and cloud security knowledge –
(ISC)2 & CSA – organizations can be confident it reflects the most current required best practices and competency• Increases organizational integrity in the eyes of clients and other stakeholders • Ensures work teams stay current on evolving cloud technologies, threats and
mitigation strategies by meeting the continuing professional education requirements
Requirements and Domains• 5 years working experience• 3 years must be in information security• 1 year in one CBK domain
• CCSK can be substituted for 1 year experience in CBK domain• CISSP can be substituted for entire experience requirement
Requirements and Domains• Architectural Concepts & Design Requirements• Cloud Data Security• Cloud Platform and Infrastructure Security• Cloud Application Security• Operations• Legal and Compliance
Exam
• 4 hours• 125 questions• US$ 549• PearsonVUE testing centers
Maintain• 3-year cycle• Annual Maintenance Fee (AMF) US$ 100• 90 CPEs
• 30/year
• Can utilize CSA to satisfy CPE requirements
Compare
Complementary
CCSP
Deeper,
advanced
experience-based
cloud security knowledge
CCSK
Broad, Foundational, Baseline Knowledge
CCSP x Others (ISC)² and CSA Programs
• CCSP complements existing credentials• (ISC)² x CSA: complimentary portifolio• CSA: “Incubator of cloud best practices”• Provide relevant opportunities for CPEs
CCSP x CCSK• Professionals with heavy involvement: CCSK and CCSP• CCSK indicator of broad-based knowledge• CCSP intended for professionals more heavily involved