Last Updated: June 24, 2020.
Art Wittmann stated that “As we’ve come to realize, the idea that security starts and ends with the purchase of a prepackaged firewall is simply misguided.”
The increasing global connectivity and cloud adoption for storage and operation purposes have led to the reinvention of cybercrime which takes security risks for businesses to a whole new level. Firewalls and powerful antiviruses might have been very effective forms of protection for business systems a decade ago. Well, they are not sufficient protection today.
Information security, rather than being left in the hands of the most skilled cloud security professionals with CCSP Certification, should be everyone’s affair from the top management down to the new intern who just joined the organization a week ago. This is because, as Christopher Graham rightly puts it, “The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.” Yet, while it may be a big blow to the business, to the world it will be just another statistic on top of the already high number of breaches.
The rapid advancement in technology is a blessing but it certainly comes with higher challenges in terms of security. Figure this. In the U.S. alone, over 4,000 ransomware attacks occurred every day from 2016, and in the U.K. at least 130,000 businesses suffered one form of a cyberattack or another.
Governments are paying more attention to cybersecurity. GDPR(General Data Protection Regulation), for instance, was included in EU law on data protection and privacy and applies to EU states and the entire EU economic area. This regulation requires that organizations within the EU.
- Anonymize collected data for privacy
- Communicate data breaches
- Appoint a data protection officer to oversee GDPR compliance
- Seek user consent before processing their information
- Handle data transfer across borders with utmost safety
Why should companies focus on cybersecurity?
Data security issues can have grave consequences for businesses. This is why companies should shift focus to information security. Today cybercriminals explore vulnerabilities at any business level which means cybersecurity education and sensitization should target everyone including suppliers and other external stakeholders of the business.
Cybersecurity is of critical importance to any business because it helps us prevent the following:
Loss of customers: Customers are always at the centre of a data breach. They are the ones whose information privacy is compromised yet the business exists because of them. Their exit on grounds of cybersecurity means the business is at a loss of the revenue they would have brought in and the loss of reputation for the business.
Loss of revenue: Revenue is not only lost to departed customers but also to disruption of operations, lawsuits against the business, and damaged reputation.
Risk occurrence: Risk prevention in the form of employee training, early threat detection, and compliance to regulations is always less costly compared to the cost of reacting to a cyber breach. This is because the implications of a breach may be of such a magnitude that the business will not have the capacity to handle it.
Damage to reputation: With breaches comes the loss of a business reputation. Negative word of mouth can go as far as causing the business to shut down. Customer relations go beyond mere trust. It is very personal and this is what keeps them loyal. When this is broken, a business stands to lose both loyal and potential customers.
Given the increasing number of cyber breaches across the globe, companies are on the lookout for individuals whose skills match the sophisticated security challenges that businesses are facing today.
The CSSP (Certified Cyber Security Professional) certification is a credential offered by the International Information System Security Certification Consortium (ISC)² to professionals with at least 5 years of experience in the field.
This is an advanced cloud security certification that proves one’s ability in designing, managing, and securing cloud data, systems, and architecture. It also equips them with practical knowledge of practices, regulations, policies, and procedures that apply to cybersecurity.
Requirements for CCSP
- A minimum of 5 years of practical experience in information technology with at least three years in information security and one in CBK CCSP domains listed below or (the Cloud Security Alliance CCSK certification which can be substituted for the one year experience).
- Cloud Concepts, Architecture and Design
- Cloud Data Security
- Cloud Platform & Infrastructure Security
- Cloud Application Security
- Cloud Security Operations
- Legal, Risk, and Compliance
- Alternatively, a CISSP (Certified Information Systems Security Professional) certification can replace the five years requirement.
Preparing for the CCSP Exams
It takes studying to pass the CCSP exams.
- (ISC)² offers you two study options available to you including
- Classroom-based learning
- Online instructor-led learning
- Alternatively, you can enroll for a CCSP online certification course from credible learning providers. A good provider offers a comprehensive course curriculum and flexible learning options including instructor-led, self-paced, and blended learning.
- The online training seminars by (ISC)² are a good place to learn all you need about CCSP training courses.
- There are also several self-study resources you’ll come across on the internet. Start with the self-study tools in the (ISC)² site and have access to textbooks, study guides, flashcards, study apps, and revision tests to help you prepare for the exams.
The CCSP Examination
The CCSP certification is a 4-hour exam consisting of 125 multiple-choice questions and should be taken at a Pearson Professional Center. To earn this credential you need to score at least 70 out of a total of 100 points.
- he exam tests candidates’ knowledge in the six CCSP CBK domains as follows:
- Cloud Concepts, Architecture and Design – 19%
- Cloud Data Security – 20%
- Cloud Platform & Infrastructure Security – 19%
- Cloud Application Security – 15%
- Cloud Security Operations – 15%
- Legal, Risk, and Compliance – 12%
After attaining the examination pass mark
Once you have been informed that you have passed the CCSP exam, you go through an online endorsement process before receiving your certification.
- Agree to the (ISC)² Code of Ethics
- Pay your first annual maintenance fee of U.S. $125 within the first year after certification
- Automatically become an (ISC)² member and a part of a global community with more than 140,000 certified cybersecurity professionals
Maintaining your CCSP certification
The CCSP certification is valid through three years after which you will be required to renew its validity. To maintain the certification you will need to have achieved the following:
Pay an annual maintenance fee of U.S. $100
- Earn 90 Continuing Professional Education (CPE) units (30 units per year during the cycle) by taking part in events, seminars, and other related activities.
- Comply with the (ISC)² Code of Ethics