The Cloud Security
Alliance (CSA) and ISACA announced the
availability of the Certificate of Cloud
Auditing Knowledge (CCAK), the first credential available for industry
professionals to demonstrate their expertise in the essential principles of
auditing the security of cloud computing systems.
Developed by CSA and ISACA, the CCAK credential and training program fills
the need for vendor-neutral, technical training and credentials in cloud
auditing. By building on the body of knowledge covered in CSA's Certificate of Cloud
Security Knowledge (CCSK) and complementing ISACA's ANSI-accredited certifications, CCAK delivers the best
possible solution for cloud assessment and auditing education by preparing IT
and security professionals to ensure the internal requirements are fulfilled
and the right controls are in place; mitigate the risks and costs of audit
management, as well as penalties for non-compliance; and lead their
organization through successful cloud migration while retaining customer trust.
"The historic shift to cloud has created a new technology foundation for
our global economy. Trusting this computing infrastructure is one of our most
fundamental challenges. The introduction of the Certificate of Cloud Auditing
Knowledge (CCAK) is an important milestone in delivering the necessary
expertise to enable professionals to objectively evaluate critical cloud
assurance issues. Cloud Security Alliance is proud of our collaboration with ISACA
to create this high quality credential which will be leveraged by individuals,
businesses and regulatory bodies around the world to raise the baseline of
security, governance and compliance in cloud computing," said CSA Chief
Technology Officer Daniele Catteddu.
"Cloud, while not an emerging technology, is still new for many
organizations. As such, there tends to be lack of internal knowledge and
effective auditing among leaders and staff. Enterprises need to understand the
hurdles as they attempt to migrate to the cloud to make sure the issues are
adequately addressed. CSA and ISACA decided to collaborate to ensure that
companies had the right tools and expertise to successfully migrate to the
cloud," said ISACA Technical Research Manager Paul Phillips, CISA, CISM, CDPSE.
The CCAK curriculum addresses the main areas where the largest skills gaps
exist, namely cloud governance, cloud compliance, cloud auditing, and cloud
assurance. It also provides practical tools that bolster each of the four
areas, with the goal of driving students to design a cloud compliance program
based on a set of key questions and then measuring the program's effectiveness.
Topics covered include:
- Building and executing a cloud audit plan
and applying auditing as an assurance tool
- The impact of cloud automation, native
development, and integration models on auditing and compliance
- Key concepts and tools of cloud governance
and risk management
- Designing and building a cloud compliance
program
- Compliance requirements, control
objectives and frameworks, certification, attestation, and authorizations
Those interested in taking the exam, which consists of 76 multiple-choice
questions, can choose from an array of study options, ranging from the Certificate of Cloud
Auditing Knowledge Study Guide/Body of Knowledge ($59 for members/$70 for
non-members) to an online, self-paced study course with 16+ CPE credits
(available late April). Other study and exam-prep options include a 2-day
instructor-led virtual course (available March 22) and an item bank, featuring
study games and sample questions, which will be made available in Q2 2021.
The CCAK exam cost is $395 (CSA and ISACA members) and $495 (non-members) A
link to purchase the exam can be found at https://ccsk.cloudsecurityalliance.org/en?_ga=2.227886040.454484037.1616420368-2093560876.1585916278