The Cloud Security Alliance (CSA) has significantly updated its Certificate of Cloud Security Knowledge (CCSK) to version 5 (v5). This version reflects the latest advancements in cloud security, ensuring cybersecurity professionals comprehensively understand modern cloud components and best practices. Below, we explore the key updates and enhancements in CCSK v5, outlining the changes across the various domains.
Overview
CCSK v5 has introduced substantial updates to keep pace with the evolving cloud security landscape. It provides an in-depth understanding of cloud architecture, workloads, data protection, virtual networking, and DevSecOps. Furthermore, it includes introductory content on Zero Trust, Generative AI, and more. The curriculum emphasizes managing risks, achieving compliance, optimizing cloud security strategies, and clarifying the shared responsibility model between cloud providers and users.
Consolidated Domain Structure
The number of domains has been streamlined from 14 to 12, improving the organization and grouping of related topics for a more coherent learning experience.
CCSK v5 Domains
CCSK v5 Domains | Description |
Domain 1: Cloud Computing Concepts & Architectures | Defines cloud computing and details controls, deployment, and architectural models. |
Domain 2: Cloud Governance | Highlights cloud governance and security’s role in aligning IT with business objectives. |
Domain 3: Risk, Audit, & Compliance | Covers cloud security, risk, audit, compliance, and cloud service provider evaluation. |
Domain 4: Organization | Manages the cloud footprint, securing and validating service provider deployments. |
Domain 5: Identity & Access Management | Focuses on IAM between organizations and cloud providers. |
Domain 6: Security Monitoring | Addresses security monitoring challenges in cloud environments, emphasizing telemetry and logs. |
Domain 7: Infrastructure & Networking | Manages infrastructure and network security, including CSP responsibilities. |
Domain 8: Cloud Workload Security | Secures deployable software and data units on various platforms. |
Domain 9: Data Security | Covers cloud data security strategies, tools, and practices. |
Domain 10: Application Security | Addresses cloud application security from design to maintenance. |
Domain 11: Incident Response & Resilience | Identifies best practices for cloud incident response and resilience. |
Domain 12: Related Technologies & Strategies | Introduces Zero Trust and AI for strategic cybersecurity. |
CCSK v5 Exam Structure
Exam Name | CCSK v4 | CCSK v5 |
Exam Duration | 90 Minutes | 120 Minutes |
Number of Questions | 60 Questions | |
Exam Format | Multiple choice questions | |
Passing Score | 80% Minimum passing score | |
Exam Language | English, Japanese, Spanish |
Detailed Domain Additions and Changes
CCSK v5 introduces several new topics that reflect the latest advancements in cloud security.
Domain 1: Cloud Computing Concepts & Architectures
Domain 1, “Cloud Computing Concepts & Architectures,” remains foundational in the CCSK v5 curriculum, ensuring a comprehensive understanding of essential cloud computing principles. While the core content has largely been retained, this domain has been enhanced with the inclusion of the CSA Enterprise Architecture Model.
Domain 2: Cloud Governance
The domain previously known as “Governance and Enterprise Risk Management” has been renamed to “Cloud Governance.” This change reflects a more focused approach to managing governance, specifically within cloud environments.
Key Additions
Domain 3: Risk, Audit, & Compliance
Formerly known as Domain 4, “Compliance and Audit Management,” this domain has been renamed and updated to Domain 3, “Risk, Audit, & Compliance.” This updated domain includes substantial enhancements to provide a more comprehensive understanding of risk management, auditing processes, and compliance requirements in cloud environments.
Key Additions
Expanded Coverage Areas
Domain 4: Organization Management
Domain 4 is a newly introduced domain that covers essential aspects of organizational structure and security management in cloud environments. It includes the following key areas:
Domain 5: Identity & Access Management
Formerly known as Domain 12, “Identity, Entitlement, and Access Management,” this domain has been renamed and updated to Domain 5, “Identity & Access Management (IAM).” This redefined domain strongly emphasizes the principles and practices of IAM in cloud environments.
Key Focus Areas
Domain 6: Security Monitoring
“Security Monitoring” is a new addition in CCSK v5, replacing the previous focus on “Management Plane and Business Continuity”. This domain encompasses the following key topics:
Domain 7: Infrastructure & Networking
The domain name has changed from “Infrastructure Security” to “Infrastructure & Networking,” reflecting an expanded focus. This domain now includes several new topics and provides increased coverage of key areas.
Key Additions
Expanded Coverage Areas
Domain 8: Cloud Workload Security
The domain has been renamed from “Virtualization and Containers” to “Cloud Workload Security,” reflecting its broader scope.
Key Additions
Expanded Coverage Areas
Domain 9: Data Security
Previously known as “Data Security and Encryption,” this domain is now called “Data Security” and includes new topics with expanded coverage on existing ones.
Key Additions
Expanded Coverage Areas
Domain 10: Application Security
This domain has been updated to include new topics and expanded coverage on key areas critical to securing cloud applications.
Renamed Topics
Key Additions
Expanded Coverage Areas
Domain 11: Incident Response & Resilience
Formerly known as Domain 9, “Incident Response,” this domain has been renamed and updated to Domain 11, “Incident Response & Resilience.” The focus has expanded to include new topics such as:
Domain 12: Related Technologies & Strategies
Formerly known as Domain 14, “Related Technologies & Strategies,” this domain has been renamed and updated to Domain 12, “Related Technologies.” The focus has shifted from IoT and Mobile Data to more relevant issues in current cloud security, particularly AI and Generative AI.
Key Additions
Reduced Coverage and Removed Topics
CCSK v5 has reduced its focus on legal and regulatory specifics, moving away from detailed discussions on laws and regulations. Additionally, Security as a Service (Sec-aaS) has been removed, with cloud security tools now integrated across several domains.
You can also explore our latest article: CCSK v4 vs. CCSK v5
CCSK Training with InfosecTrain
Enroll in InfosecTrain’s CCSK v5 Certification training course to enhance your cloud security expertise and prepare for the CCSK certification exams. Our course offers in-depth knowledge, practical experience, and guidance from expert instructors to help you excel in cloud security roles and secure cloud environments effectively.