Pay them just $195 and the Cloud Security Alliance (CSA) says they are willing to certify you as competent.
The CSA is perhaps most infamous for a remap of other standards to its own. Not satisfied with existing maps of NIST, ISO, HIPAA, FISMA, PCI, etc. they happily added a new column to the mix and called it…the CSA cloud control matrix. This immediately begged the question why be ISO or PCI certified when you can be CSA instead? Why adhere to Requirement 10 of PCI DSS when you can now adhere to CSA 15? Who needs ISO 6 when you have CSA 5?
They said it was to make things easier but now it sounds more difficult. I mean they might be implying that it is so hard that without a test you could be considered incompetent. Oh, wait, never mind. I just read the test, administered by Cosaint, is to demonstrate a “rudimentary understanding of cloud security“.
Marketing questions should be expected:
In which three ways can we distinguish cloud computing from traditional outsourcing?
The universal customer perspective is also on the test:
What is the key aspect of a cloud provider’s SAS 70 Type II audit statement a customer should review to determine if it meets customer requirements?
However, my favorite section of the test is on cloud grammar:
Why do communications between multiple virtual machines often evade tradition security monitoring systems?
If you do not know english well enough to find this obvious flaw…no CoC for you!
Who can resist this bargain? The test sounds like a no brainer! Act now because pricing goes up to $295 in 2011.
Just to clarify the CSA seems to refer to it as the Certificate of Cloud Security Knowledge (CCSK) test but also the CSSK, while elsewhere I found it called a CoC test.
The latter of the three just rolls off the tongue, so to speak. If they are lucky, everyone might want their CoC. A CCSK, on the other hand, has the unfortunate overlap with clear cell sarcoma of the kidney, the second most common kidney tumor in children. I do not think anyone really wants CCSK.