Course Overview
The Certificate of Cloud Auditing Knowledge (CCAK) course provides the knowledge and skills required to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance. This program was developed by the Cloud Security Alliance, the global leader in cloud security best practices, in partnership with ISACA.
Course Outcomes
- Assess and audit cloud environments versus traditional IT infrastructure & services.
- Use cloud security assessment methods and techniques to evaluate a cloud service prior to and during the provision of the service.
- Understand how existing governance policies and frameworks are affected by the introduction of cloud into the ecosystem.
- Understand the unique requirements of compliance in the cloud due to shared responsibility between cloud providers and customers.
- Learn how to use a cloud-specific security controls framework to ensure security within an organization.
- Measure control effectiveness through metrics.
Who Should Attend?
Anyone who is setting up systems, performing audits or is the target of an audit. Specific job roles include:
- Third Party Assessors and Auditors
- Internal and External Assessors and Auditors
- Teams in the offices of CISOs and Information Security Officers
- Compliance Managers
- Vendor/Partners Program Managers
- Procurement Officers
Course Outline:
Cloud Governance
- An Overview of Governance
- Cloud Assurance
- Cloud Governance Frameworks
- Cloud Risk Management
- Cloud Governance Tools
Cloud Compliance Program
- Designing a Cloud Compliance Program
- Building a Cloud Compliance Program
- Legal & Regulatory Requirements
- Standards & Security Frameworks
- Identifying Controls & Measuring Effectiveness
- CSA Certification, Attestation, & Validation
CCM and CAIQ Goals, Objectives & Structure
- CCM
- CAIQ
- Relationship to Standards: Mappings & Gap Analysis
- Transition from CCM V3.0.1 to CCM V4
Threat Analysis Methodology for Cloud using CCM
- Definitions & Purpose
- Attack Details & Impacts
- Mitigating Controls & Metrics
- A Use Case
Evaluating a Cloud Compliance Program
- Evaluation Approach
- A Governance Perspective
- Legal, Regulatory & Standards Perspectives
- Risk Perspectives
- Services Changes Implications
- The Need for Continuous Assurance/Continuous Compliance
Cloud Auditing
- Audit Characteristics, Criteria & Principles
- Auditing Standards for Cloud Computing
- Auditing an On-Premises Environment vs. Cloud
- Differences in Assessing Cloud Services & Cloud Delivery Models
- Cloud Audit Building, Planning & Execution
CCM Auditing Controls
- CCM Audit Scoping Guidance
- CCM Risk Evaluation Guide
- CCM Audit Workbook
- CCM an Auditing Example
Continuous Assurance & Compliance
- DevOps and DevSecOps
- Auditing CI/CD Pipelines
- DevSecOps Automation and Maturity
STAR Program
- Standard for Security and Privacy
- Open Certification Framework
- STAR Registry
- STAR Level 1
- STAR Level 2
- STAR Level 3
Prerequisites
To succeed in this course, you should have some foundational education or experience in cybersecurity.
