CCAK: Certificate of Cloud Auditing Knowledge
With the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program, the Cloud Security Alliance® and ISACA® are partnering to develop the first credential designed for industry professionals to demonstrate their understanding of the fundamental principles of cloud computing auditing. The CCAK aims to create a common understanding of cloud auditing. The approach to meeting control objectives differs when an organization is using cloud computing. The security controls employed by a cloud tenant will be beyond those of a traditional IT audit since cloud tenants will not have the same administrative access as legacy IT tenants.
Who Should Earn the CCAK?
A CCAK certificate would be helpful to anyone who sets up systems, performs audits, or is audited, particularly:
- Internal and External Assessors and Auditors
- Compliance Managers
- Third Party Assessors and Auditors
- Vendor/Partners Program Managers
- Security Analysts & Architects
- Procurement Officers
- Cybersecurity Lead/Architect
- Security and Privacy Consultants
Prerequisites
There are no prerequisites to take the CCAK exam. It is recommended, however, that you earn the Certification of Cloud Security Knowledge (CCSK) before pursuing the CCAK since it assumes you have a working knowledge of cloud security best practices.
What will you learn when you earn the CCAK?
- Assessment: Understand how cloud environments and IT infrastructure & services are different from traditional environments.
- Evaluation: Identify methods and techniques for evaluating cloud services before and during their provision using cloud security assessment methods and techniques.
- Governance: Explore the impact of the cloud on governance policies and frameworks.
- Compliance: Comprehend the unique compliance requirements in the cloud, where cloud providers and customers share the responsibility.
- Internal Security: Develop a framework for ensuring the security of your organization using cloud-specific security controls.
- Continuous Monitoring: Implementing metrics that enable continuous monitoring allows for control effectiveness to be measured.
Exam Format
The CCAK exam consists of 76 multiple-choice questions and the exam duration is 2 hours. Once done, you can get a preliminary score immediately, and a real verification of your score within 10 days after the exam date.
CCAK: Certificate of Cloud Auditing Knowledge FAQ
Course Outline
The Certificate of Cloud Auditing Knowledge (CCAK) exam covers the following modules:
MODULE 1 – Cloud Governance
- Overview of governance
- Cloud assurance
- Cloud governance frameworks
- Cloud risk management
- Cloud governance tools
MODULE 2 – Cloud Compliance Program
- Designing a cloud compliance program
- Building a cloud compliance program
- Legal and regulatory requirements
- Standards and security frameworks
- Identifying controls and measuring the effectiveness
- CSA certification, attestation, and validation
MODULE 3 – CCM and CAIQ Goals, Objectives, and Structure
- CCM
- CAIQ
- Relationship to standards: mappings and gap analysis
- The transition from CCM V3.0.1 to CCM V4
MODULE 4 – A Threat Analysis Methodology for Cloud Using CCM
- Definitions and purpose
- Attack details and impacts
- Mitigating controls and metrics
- Use case
MODULE 5 – Evaluating a Cloud Compliance Program
- Evaluation approach
- A governance perspective
- Legal, regulatory, and standards perspectives
- Risk perspectives
- Services changes implications
- The need for continuous assurance/continuous compliance
MODULE 6 – Cloud Auditing
- Audit characteristics, criteria & principles
- Auditing standards for cloud computing
- Auditing an on-premises environment vs. cloud
- Differences in assessing cloud services and cloud delivery models
- Cloud audit building, planning, and execution
MODULE 7 – CCM: Auditing Controls
- CCM audit scoping guidance
- CCM risk evaluation guide
- CCM audit workbook
- CCM is an auditing example
MODULE 8 – Continuous Assurance and Compliance
- DevOps and DevSecOps
- Auditing CI/CD pipelines
- DevSecOps automation and maturity
MODULE 9 – STAR Program
- The standard for security and privacy
- Open Certification Framework
- STAR Registry
- STAR Level 1
- STAR Level 2
- STAR Level 3
Preparation Guide for Certificate of Cloud Auditing Knowledge (CCAK) Exam
Official Study Guide
This guide will help you gain insight into these aspects of auditing cloud computing systems and will serve as an excellent resource for preparing for the CCAK test.
Online Self-Paced Training
A global leader in cloud security best practices, Cloud Security Alliance developed the CCAK online review course in partnership with ISACA, an international professional organization devoted to IT audit, security, cybersecurity, privacy, risk, and governance. It features interactive graphics and knowledge-based questions, as well as a self-paced mode of learning that allows learners in:
- Following a recommended structure for exam preparation
- Revisiting specific areas for further study
- Starting and stopping the course as needed, picking up exactly where they left off
- Using flashcards, memory games, and crosswords for testing their understanding of the topics
Virtual Instructor Led-Training (VILT)
You will be able to learn from highly qualified and experienced instructors in an online classroom through VILT sessions. During these sessions, you will engage in interactive lectures and demonstrations to enhance your knowledge and prepare you for exams.
CCAK-Related Study Materials
This file includes the following documents:
- Consensus Assessments Initiative Questionnaire (CAIQ) v3.1
- Cloud Controls Matrix (CCM) v3.0.1
- Top Threats to Cloud Computing Deep Dive (2018)
- Value of STAR for Cloud Customers
Evaluate Yourself with Practice Tests
Your final step in preparation should be to take the CCAK Practice exams once you have completed all the above training courses and documentation. Our goal at Testprep Training is to make your study experience as convenient as possible. It is important to take practice exams before taking the exam since they are one of the most important steps to take. It is highly recommended that you take as many practice tests as you can.