Certificate of Cloud Auditing Knowledge

SKU: CCAK

368.010 kr.

To provide knowledge on cloud security assessment methods and techniques, and to assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance and ISACA.

The CCAK course is designed to cover the following five core areas of focus:

  • Cloud governance
  • Cloud compliance
  • Cloud auditing
  • Cloud assurance
  • CSA tools

The CCAK course prepares you for the CCAK exam and provides expanded material and hands-on exercises to grow your practical knowledge of auditing cloud computing systems. The CCAK course is divided into nine modules that cover the essential principles of auditing cloud computing systems.

MODULE 1 – Cloud Governance
MODULE 2 – Cloud Compliance Program
MODULE 3 – CCM and CAIQ Goals, Objectives and Structure
MODULE 4 – A Threat Analysis Methodology for Cloud Using CCM
MODULE 5 – Evaluating a Cloud Compliance Program
MODULE 6 – Cloud Auditing
MODULE 7 – CCM: Auditing Controls
MODULE 8 – Continuous Assurance and Compliance
MODULE 9 – STAR Program

Forkröfur

There are no prerequisites.

Nemandi mun læra eftirfarandi

  • Demonstrate key concepts of cloud governance and the role of assurance, transparency and accountability in the cloud.
  • Explain cloud risk management and the application of cloud governance tools .
  • Devise the designing, building and evaluating of a cloud compliance program based on laws, regulations and regulatory standards .
  • Apply control objectives, technical and process controls, security metrics and relate them to cloud control frameworks, certification, attestation and authorisations.
  • Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.
  • Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix .
  • Discuss the impact of continuous assurance and auditing, cloud automation, native development and integration models on auditing and compliance .
  • Describe the role of the CSA STAR Program.

Samantekt

MODULE 1 – Cloud Governance

  • Overview of governance
  • Cloud assurance
  • Cloud governance frameworks
  • Cloud risk management
  • Cloud governance tools

MODULE 2 – Cloud Compliance Program

  • Designing a cloud compliance program
  • Building a cloud compliance program

Legal and regulatory requirements
Standards and security frameworks
Identifying controls and measuring effectiveness
CSA certification, attestation and validation

MODULE 3 – CCM and CAIQ Goals, Objectives and Structure

CCM
CAIQ
Relationship to standards: mappings and gap analysis
Transition from CCM V3.0.1 to CCM V4

MODULE 4 – A Threat Analysis Methodology for Cloud Using CCM

  • Definitions and purpose
  • Attack details and impacts
  • Mitigating controls and metrics
  • Use case

MODULE 5 – Evaluating a Cloud Compliance Program

  • Evaluation approach
  • A governance perspective
  • Legal, regulatory and standards perspectives
  • Risk perspectives
  • Services changes implications
  • The need for continuous assurance/continuous compliance

MODULE 6 – Cloud Auditing

  • Audit characteristics, criteria & principles
  • Auditing standards for cloud computing
  • Auditing an on-premises environment vs. cloud
  • Differences in assessing cloud services and cloud delivery models
  • Cloud audit building, planning and execution

MODULE 7 – CCM: Auditing Controls

  • CCM audit scoping guidance
  • CCM risk evaluation guide
  • CCM audit workbook
  • CCM an auditing example

MODULE 8 – Continuous Assurance and Compliance

  • DevOps and DevSecOps
  • Auditing CI/CD pipelines
  • DevSecOps automation and maturity

MODULE 9 – STAR Program

  • Standard for security and privacy
  • Open Certification Framework
  • STAR Registry
  • STAR Level 1
  • STAR Level 2
  • STAR Level 3