There are risks associated with the use of any new technology. Moving applications and data to the cloud has its economic benefits, but there are potential risks that organizations need to be aware of. Security professionals need to do their part and identify any risks associated with an organization’s desired move to the cloud, and manage those risks through the usual risk treatment.
To be effective, security professionals need to be acutely aware of the technologies involved, so that they may effectively identify and manage risk. Like so many specialties, there is now a certification available, Certified in Cloud Security Knowledge, or CCSK. This certification is offered by the Cloud Security Alliance, the same organization that published its seminal Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (PDF download).
Candidates who wish to earn the CCSK must take a 50 question, one hour exam as a test of their knowledge about cloud security. More information on earning the certificate is available here.
The CISA Forum is an online community whose purpose is to assist CISA candidates in their studies towards the Certified Information Systems Auditor certification. The forum, started in 2002 by Peter H Gregory, CISA, CISSP, is hosted by Yahoo Groups and has more than 3,000 members.
“The forum has helped many achieve their certification through lively discussions about the security audit profession and the CISA exam itself,” Gregory states. “I started this forum as a way to help new CISA candidates and to provide a platform for others to help these new candidates.” Gregory encourages newly-minted CISA holders to stay on the van and help others on their way.
The CISA Forum is open to all who possess the CISA certification or are interested in attaining it.
The CISA certification is owned and managed by the Information Systems Audit and Control Association. ISACA does not endorse or sponsor the CISA Forum. Read more about the CISA certification here.
About ISACA. With more than 65,000 members in more than 140 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 55,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by 7,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
CISA is a registered trademark of ISACA.