Related Links

Related Stories

  • Latest (ISC)2 Workforce Study Shows Lack of Skilled Infosec Professionals and Developers
    The problem is that not enough skilled people actually get into the profession; and all too often security is deemed to be separate from software development. These are the key findings of the sixth and latest study among the existing global security workforce conducted by (ISC)2, Booz Allen Hamilton and Frost and Sullivan.
  • A Risk Management-based Look at the Infosec Skills Gap
    The (ISC)² US Government Advisory Board Executive Writers Bureau explores a broader perspective of the skills gap challenge and addresses why a wide range of knowledge and skill – from junior technical levels to senior management – is needed to adequately meet the demands
  • (ISC)² looks to address security expertise gap with 2013 scholarships
    It’s no secret that with the ever-rising tide of cyber threats there comes a need for additional security expertise to adequately combat the scope of attacks. Many IT departments suffer from a human capital resource issue, and it’s not always funding-related.
  • Top federal security execs join (ISC)²'s Government Advisory Board
    Members of the Securities & Exchange Commission (SEC), the US Department of Health and Human Services and the US Department of Homeland Security (DHS) have joined the (ISC)² US Government Advisory Board for Cyber Security.
  • ISF will open up its library to (ISC)² for certification development
    Faced with an age of unprecedented growth and scope of cyberthreats, the Information Security Forum (ISF) has reached an agreement with the (ISC)² to provide its extensive research library for use in development of (ISC)² examinations and official education materials, significantly broadening the reach of the information and, hopefully, threat awareness.

Top 5 Stories


(ISC)2 and the CSA join forces to develop new cloud security credentials

24 April 2013

It is generally accepted that the adoption of cloud technology is hampered by concerns over cloud security. Now (ISC)2 has partnered with the Cloud Security Alliance to develop new training and a new certification in cloud security.

(ISC)2 and CSA have each recognized that the global economy’s reliance on cloud services has advanced extremely quickly”, explains Jim Reavis, co-founder and executive director of the Cloud Security Alliance. “Businesses are moving vast amounts of data into the cloud, and consumers are gobbling up new, usually mobile services that emerge on a daily basis. It is incumbent upon us to make our collective experience as accessible as possible, and the further development of professional-level recognition is key to achieving this.”

(ISC)2 is the world’s largest not-for-profit information security professional body, and administrates the CISSP professional security qualification. In the 2013 Global Information Security Workforce Study (GISWS) published earlier this year, 60% of the 12,000 respondents (gathered from (ISC)2’s 90,000 members and the general security community) confirmed cloud computing as the number one need for training. ‘How security applies to cloud’ and ‘an enhanced understanding of cloud security guidelines and reference architectures’ were noted as the top two skills required for dealing with cloud computing (89% and 78% respectively). With such a demand, it was only natural that (ISC)2 should form an alliance with the world’s existing cloud security experts – the Cloud Security Alliance (CSA) to provide a solution. The Cloud Security Alliance, “led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders,” was formed to promote the use of best practices for providing security assurance within Cloud Computing.

The issue at stake is well illustrated in Europe. The European Union is strongly advocating greater use of cloud computing while at the same time pushing for new and enhanced data protection policies. How the two can co-exist has become a hot topic for debate, and clearly requires a deep understanding of cloud technology, security risks, and compliance requirements. But the basic decision to adopt the cloud is usually a business decision based on business arguments, and one that is imposed on IT and Security as a fait accompli.

Understandably, comments John Colley, managing director EMEA for (ISC)2, “The Information security community remains concerned about the proliferation of cloud computing because it is making its way into the mainstream without the associated risks being well understood. Establishing professional norms will ensure the required knowledge and decision-making skills are proliferated.”

The alliance between the CSA and (ISC)2 will combine the existing body of expertise held by the CSA with (ISC)2’s methodology for the development and maintenance of professional security credentials. “There is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses,” concludes W. Hord Tipton, executive director for (ISC)2. “Our combined effort ensures the world’s knowledge leaders are put to the task.”

The new credential and first examinations are expected to be available in 2014.

This article is featured in:
Cloud Computing  •  Internet and Network Security  •  Security Training and Education


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×