The Certificate of Cloud Auditing Knowledge (CCAK) is here! Created by the Cloud Security Alliance (CSA) and ISACA, it is the first credential that is focused on the essential principles of auditing cloud applications.
Though the key word in the title is Auditing, the real scope is a bit broader, as it really focuses on establishing a scalable cloud risk management and governance program.
This long-awaited program will fill a real gap in the market, in particular for professionals who are involved in cloud risk management and audits, such as auditors, risk assessors, CISOs, and governance professionals. Another group of professionals who will benefit is security architects. This program, and its suggested prerequisite CCSK, are also great opportunities for keeping up CPE (Continued Professional Education) points.
The CCAK course is designed to cover the following 5 core areas of focus:
- Cloud Governance
- Cloud Compliance
- Cloud Auditing
- Cloud Assurance
- CSA Tools: CCM, CAIQ, and STAR Program
The course contains the following modules:
- An overview of cloud governance, frameworks, and cloud governance tools
- Cloud compliance program: designing and building
- CCM and CAIQ Goals, Objectives, & Structure
- A Threat Analysis Methodology For Cloud using CCM
- Evaluating a Cloud Compliance Program
- Cloud Auditing
- CCM: Auditing Controls
- Continuous Assurance and Compliance including DevSecOps
- STAR Program
Prerequisites: according to CSA, this course assumes some working knowledge of cloud and cloud security. It also assumes some basic understanding of IT risk and audit. CCAK is a perfect complement to CCSK or CISA. More information on the CSA website.
The next (online) course starts on Sept 13th, 2022, and is organized as a series of 5 online workshops. Between the workshops, there will be some preparation. Each workshop consists of lectures and some quizzes and exercises.
CCAK8 is a public open enrollment course. This runs over 5 sessions of 4 hours. The dates and times are Sept 13, 14, 15, 20, 21, 22, 2022 (which includes 1 spare day). The workshops run between 1 pm and 5 pm Central European Summer Time (Amsterdam/Paris), which is 7 am – 11 am New York Time. Planned coverage is as follows. Day 1: chapter 1, Day 2: chapter 2; Day 3: chapters 3-5; Day 4: chapters 6-7; Day 5: chapters 8-9 and review.
More information on the program and the timing is here.
The next workshops are being planned for early 2023.
The CCAK is an online, proctored exam that contains 76 multiple-choice questions. The exam is two hours and the passing score is 70%. No annual renewals or CPEs required. The exam tests understanding of a 410-page study guide. For more information on the FAQ, see below.
The fee for this online course is € 2200, including the exam, exam training, and lifetime access to all my CCAK online workshops and courseware. The ISACA materials are online and available for a year.
My courseware has additional material to:
- fill in knowledge gaps
- reiterate material that is also in CCAK
- help to apply CCAK in the day job.
If you are ready to register, go here to secure your place.
If you want to stay up to date and want to register later, you can leave your contact details below (no commitment). I will send you a message with a brief FAQ. Feel free to use the chatbot to enter any questions, suggestions, or other comments.
How hard is the exam?
We don’t know yet. It has 76 multiple choice questions and you have two hours to answer them.
How much time will it take to pass the exam?
The study guide should have all the material to study. At 410 pages and 3 minutes per page, this should take you over 20 hours.
If you participate in the online sessions, that is another 20 hours.
The exam itself will take you 2 hours.
A very optimistic estimate is therefore 42 hours. In reality, you would probably double or triple that, depending on your background.
And remember, CCSK or equivalent is assumed knowledge.