CCAK: Certificate of Cloud Auditing Knowledge

  1. Home
  2. CCAK: Certificate of Cloud Auditing Knowledge
Certificate of Cloud Auditing Knowledge (CCAK) Online tutorial

With the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program, the Cloud Security Alliance® and ISACA® are partnering to develop the first credential designed for industry professionals to demonstrate their understanding of the fundamental principles of cloud computing auditing. The CCAK aims to create a common understanding of cloud auditing. The approach to meeting control objectives differs when an organization is using cloud computing. The security controls employed by a cloud tenant will be beyond those of a traditional IT audit since cloud tenants will not have the same administrative access as legacy IT tenants.

Who Should Earn the CCAK?

A CCAK certificate would be helpful to anyone who sets up systems, performs audits, or is audited, particularly:

  • Internal and External Assessors and Auditors
  • Compliance Managers
  • Third Party Assessors and Auditors
  • Vendor/Partners Program Managers
  • Security Analysts & Architects
  • Procurement Officers
  • Cybersecurity Lead/Architect
  • Security and Privacy Consultants

Prerequisites

There are no prerequisites to take the CCAK exam. It is recommended, however, that you earn the Certification of Cloud Security Knowledge (CCSK) before pursuing the CCAK since it assumes you have a working knowledge of cloud security best practices.

What will you learn when you earn the CCAK?

  • Assessment: Understand how cloud environments and IT infrastructure & services are different from traditional environments.
  • Evaluation: Identify methods and techniques for evaluating cloud services before and during their provision using cloud security assessment methods and techniques.
  • Governance: Explore the impact of the cloud on governance policies and frameworks.
  • Compliance: Comprehend the unique compliance requirements in the cloud, where cloud providers and customers share the responsibility.
  • Internal Security: Develop a framework for ensuring the security of your organization using cloud-specific security controls.
  • Continuous Monitoring: Implementing metrics that enable continuous monitoring allows for control effectiveness to be measured.

Exam Format

The CCAK exam consists of 76 multiple-choice questions and the exam duration is 2 hours. Once done, you can get a preliminary score immediately, and a real verification of your score within 10 days after the exam date.

CCAK: Certificate of Cloud Auditing Knowledge FAQ

Certificate of Cloud Auditing Knowledge (CCAK) FAQ

Course Outline

The Certificate of Cloud Auditing Knowledge (CCAK) exam covers the following modules:

MODULE 1 – Cloud Governance

  • Overview of governance
  • Cloud assurance
  • Cloud governance frameworks
  • Cloud risk management
  • Cloud governance tools

MODULE 2 – Cloud Compliance Program

  • Designing a cloud compliance program
  • Building a cloud compliance program
  • Legal and regulatory requirements
  • Standards and security frameworks
  • Identifying controls and measuring the effectiveness
  • CSA certification, attestation, and validation

MODULE 3 – CCM and CAIQ Goals, Objectives, and Structure

  • CCM
  • CAIQ
  • Relationship to standards: mappings and gap analysis
  • The transition from CCM V3.0.1 to CCM V4

MODULE 4 – A Threat Analysis Methodology for Cloud Using CCM

  • Definitions and purpose
  • Attack details and impacts
  • Mitigating controls and metrics
  • Use case

MODULE 5 – Evaluating a Cloud Compliance Program

  • Evaluation approach
  • A governance perspective
  • Legal, regulatory, and standards perspectives
  • Risk perspectives
  • Services changes implications
  • The need for continuous assurance/continuous compliance

MODULE 6 – Cloud Auditing

  • Audit characteristics, criteria & principles
  • Auditing standards for cloud computing
  • Auditing an on-premises environment vs. cloud
  • Differences in assessing cloud services and cloud delivery models
  • Cloud audit building, planning, and execution

MODULE 7 – CCM: Auditing Controls

  • CCM audit scoping guidance
  • CCM risk evaluation guide
  • CCM audit workbook
  • CCM is an auditing example

MODULE 8 – Continuous Assurance and Compliance

  • DevOps and DevSecOps
  • Auditing CI/CD pipelines
  • DevSecOps automation and maturity

MODULE 9 – STAR Program

  • The standard for security and privacy
  • Open Certification Framework
  • STAR Registry
  • STAR Level 1
  • STAR Level 2
  • STAR Level 3

Preparation Guide for Certificate of Cloud Auditing Knowledge (CCAK) Exam

Certificate of Cloud Auditing Knowledge (CCAK) Study guide
Official Study Guide

This guide will help you gain insight into these aspects of auditing cloud computing systems and will serve as an excellent resource for preparing for the CCAK test.

Online Self-Paced Training

A global leader in cloud security best practices, Cloud Security Alliance developed the CCAK online review course in partnership with ISACA, an international professional organization devoted to IT audit, security, cybersecurity, privacy, risk, and governance. It features interactive graphics and knowledge-based questions, as well as a self-paced mode of learning that allows learners in:

  • Following a recommended structure for exam preparation
  • Revisiting specific areas for further study
  • Starting and stopping the course as needed, picking up exactly where they left off
  • Using flashcards, memory games, and crosswords for testing their understanding of the topics
Virtual Instructor Led-Training (VILT)

You will be able to learn from highly qualified and experienced instructors in an online classroom through VILT sessions. During these sessions, you will engage in interactive lectures and demonstrations to enhance your knowledge and prepare you for exams.

CCAK-Related Study Materials

This file includes the following documents:

Evaluate Yourself with Practice Tests

Your final step in preparation should be to take the CCAK Practice exams once you have completed all the above training courses and documentation. Our goal at Testprep Training is to make your study experience as convenient as possible. It is important to take practice exams before taking the exam since they are one of the most important steps to take. It is highly recommended that you take as many practice tests as you can. 

Certificate of Cloud Auditing Knowledge Free Practice Tests
Menu