The Cloud Security Alliance (CSA) and ISACA have launched the Certificate of Cloud Auditing Knowledge, the global, vendor-neutral, technical credential for auditing in the cloud environment. CCAK is developed for competent technical professionals who can help organizations mitigate risks and optimize ROI in the cloud. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information, security, governance, assurance, risk, and privacy to drive innovation through technology.
The CCAK curriculum
The CCAK credential builds on the body of knowledge covered in CSA’s Certificate of Cloud Security Knowledge (CCSK) and complements ISACA’s ANSI-accredited certifications including the Certified Information Systems Auditor (CISA).
CSA Chief Technology Officer Daniele Catteddu said,
“The historic shift to cloud has created a new technology foundation for our global economy. Trusting this computing infrastructure is one of our most fundamental challenges. The introduction of the Certificate of Cloud Auditing Knowledge (CCAK) is an important milestone in delivering the necessary expertise to enable professionals to objectively evaluate critical cloud assurance issues. Cloud Security Alliance is proud of our collaboration with ISACA to create this high-quality credential which will be leveraged by individuals, businesses and regulatory bodies around the world to raise the baseline of security, governance and compliance in cloud computing.”
The CCAK curriculum addresses the main areas where the largest skills gaps exist, namely cloud governance, cloud compliance, cloud auditing and cloud assurance. It also provides practical tools to design a cloud compliance program based on a set of key questions. Here are the topics of the program:
- Building and executing a cloud audit plan and applying auditing as an assurance tool
- The impact of cloud automation, native development, and integration models on auditing and compliance
- Key concepts and tools of cloud governance and risk management
- Designing and building a cloud compliance program
- Compliance requirements, control objectives and frameworks, certification, attestation, and authorizations
Those interested in taking the exam, which consists of 76 multiple-choice questions, can choose from an array of study options, ranging from the Certificate of Cloud Auditing Knowledge Study Guide/Body of Knowledge ($59 for members/$70 for non-members) to an online, self-paced study course with 16+ CPE credits (available late April). Other study and exam-prep options include a two-day instructor-led virtual course (available today) and a sample item bank, featuring study games, which will be made available in Q2 2021.