The initiative is aimed at addressing concern over the security of cloud-based services by establishing a common global understanding and best practices in design, implementation and management.
The new credential will build on existing certifications offered by both organisations by examining the depth of technical knowledge required in architecting business systems based on cloud computing.
“There is a strong need to provide a body of knowledge that encompasses the evolving technology and risk landscape and that validates the skills of the professionals tasked with protecting those businesses,” said Hord Tipton, executive director for (ISC)2.
As businesses move vast amounts of data into the cloud, it is incumbent on (ISC)2 and the CSA to make their collective experience as accessible as possible, said Jim Reavis, executive director of the CSA.
“The further development of professional-level recognition is key to achieving this,” he said.
The (ISC)2 2013 Global Information Security Workforce Study confirmed cloud computing as the top area of demand for training, identified by nearly 60% of the study’s respondents.
Read more on cloud security
The study also confirms that businesses are embracing the cloud, with virtually all respondents saying they work in companies with some level of cloud computing.
This is despite nearly three-quarters also confirming the need for new skills, particularly for deep technical knowledge and guidance on how security applies to the cloud.
“The Information security community remains concerned about the proliferation of cloud computing because it is making its way into the mainstream without the associated risks being well understood,” said John Colley, managing director, Europe, for (ISC)2 .
“Establishing professional norms will ensure the required knowledge and decision-making skills are proliferated,” he said.
Under the collaboration, (ISC)2 will lead subject matter experts drawn from both organisations through the job task analysis process to develop a common body of knowledge reflecting areas of required expertise.
It will also lead the technology-agnostic approach to defining domains of practice that serve as the foundation of all (ISC)2 certifications.
The organisations hope the work will determine a globally accepted benchmark for the level of experience required to denote competency in the field of practice covered by the common body of knowledge.
The new credential and first examinations are due to be available in 2014.