Start Learning

Certificate of Cloud Auditing Knowledge (CCAK) Online Certification Training

The Certificate of Cloud Auditing Knowledge CCAK is brought by CSA and ISACA. CSA® (Cloud Security Alliance) and ISACA® are prestigious global certification providers. Cloud auditing can give a better understanding of the type of cloud services and deployment strategy that would best benefit your business. The CCAK meshes well with  CISA, CISM, CRISC, CGEIT, CDPSE and CSX-P, FedRAMP 3PAO Assessor, PCI-DSS Qualified Security Assessor and ISO 27001 Lead Auditor Credentials.

CCAK tests on the below domains:
  1. Assessment Understand how to assess and audit cloud environments versus traditional IT infrastructure and services.
  1. Evaluation Discover how to use cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
  1. Governance Learn how existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
  1. Compliance Understand the unique requirements of compliance in the cloud due to shared responsibility between cloud providers and customers.
  1. Internal Security Learn how to use a cloud-specific security controls framework to ensure security within your organization.
  1. Continuous monitoring Architect in a way that allows you to measure control effectiveness through metrics and ultimately leads to continuous monitoring.
CCAK Course Objectives
  • Assessing and auditing cloud environments versus traditional IT infrastructure & services.
  • Using cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
  • How existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
  • The unique requirements of compliance in the cloud due to shared responsibility between cloud providers and customers.
  • How to use a cloud-specific security controls framework to ensure security within your organization.
  • Measuring control effectiveness through metrics and ultimately leading to continuous monitoring.
CCAK Course Content

  • Domain 1: Cloud Governance

    • Describe cloud governance concepts.
    • Explain cloud trust, transparency, and assurance.
    • Identify cloud governance frameworks and requirements.
    • Discuss cloud risk management and cloud compliance considerations.
    • Distinguish cloud governance tools and uses

Domain 2: Cloud Compliance Program

  • Explain the fundamental criteria for cloud compliance program
  • Build and design a cloud compliance program
  • Describe legal and regulatory requirements and standards and security frameworks.
  • Define controls and identify technical and process controls
  • Recall CSA certification, attestation, and validation.

Domain 3: CCM and CAIQ: Goals, Objectives, and Structure

  • Identify the CSA Cloud Controls Matrix (CCM) and CCM domains.
  • Explain the Consensus Assessment Initiative Questionnaire (CAIQ).
  • Outline CCM and CAIQ structures.
  • Recall CCM relationships with other frameworks (mapping and gap analysis).
  • Compare transition changes from CCM V3.0.1 to CCM V4.

Domain 4: A Threat Analysis Methodology for Cloud Using CCM

  • Describe threat analysis essentials.
  • Use the Top Threat Analysis Methodology to analyze attack details.
  • Document attack impacts based on the Top Threat Analysis Methodology.
  • Apply Threat Analysis Methodology for cloud using CCM.
  • Evaluate a Top Threats method use case

Domain 5: Evaluating a Cloud Compliance Program

  • Describe the compliance program evaluation approach.
  • Recall the governance perspective.
  • Outline the perspectives of laws, regulations, and standards.
  • Define service changes.
  • Explain the need for continuous assurance and continuous appliances.

Domain 6: Evaluating a Cloud Compliance Program

  • Outline audit characteristics, criteria, and principles.
  • Describe auditing standards for cloud computing.
  • Define auditing an on-premises environment vs. cloud.
  • Recall differences in cloud services and cloud delivery models.
  • Explain audit building/planning and execution.

Domain 7: CCM Auditing Guidelines

  • Detail CCM Auditing Guidelines.
  • Define the CCM Audit Scoping Guide.
  • Explain the approach taken in the CCM Risk Evaluation Guide.
  • Evaluate the CCM Audit Workbook.
  • Apply the CCM Auditing Guide.

Domain 8: Continuous Assurance and Compliance

  • Explain continuous assurance and compliance.
  • Define DevOps and DevSecOps.
  • Apply DevOps and DevSecOps to security.
  • Outline auditing deployment/CI/CD pipelines.
  • Describe DevSecOps automation and maturity

Domain 9: STAR Program

  • Outline the components of the STAR program.
  • Explain the security and privacy implications of STAR.
  • Describe the Open Certification Framework.
  • Recall CSA STAR attestation and certification.
  • Detail STAR continuous auditing.
Target Audience
  • Internal and External Assessors and Auditors
  • Compliance Managers
  • Third Party Assessors and Auditors
  • Vendor/Partners Program Managers
  • Security Analysts and Architects
  • Procurement Officers
  • Cloud Managers
  • Cloud Architects / Security Architects
  • Security & Privacy Consultants
  • Cybersecurity Lead/Architect
  • Cloud Compliance Experts