Certificate of Cloud Auditing Knowledge
Utbildningsformer
Längd
3 dagar
Pris
25970 kr
To provide knowledge on cloud security assessment methods and techniques, and to assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance and ISACA.
The CCAK course is designed to cover the following five core areas of focus:
- Cloud governance
- Cloud compliance
- Cloud auditing
- Cloud assurance
- CSA tools
The CCAK course prepares you for the CCAK exam and provides expanded material and hands-on exercises to grow your practical knowledge of auditing cloud computing systems. The CCAK course is divided into nine modules that cover the essential principles of auditing cloud computing systems.
MODULE 1 - Cloud Governance
MODULE 2 - Cloud Compliance Program
MODULE 3 - CCM and CAIQ Goals, Objectives and Structure
MODULE 4 - A Threat Analysis Methodology for Cloud Using CCM
MODULE 5 - Evaluating a Cloud Compliance Program
MODULE 6 - Cloud Auditing
MODULE 7 - CCM: Auditing Controls
MODULE 8 - Continuous Assurance and Compliance
MODULE 9 - STAR Program
- Demonstrate key concepts of cloud governance and the role of assurance, transparency and accountability in the cloud.
- Explain cloud risk management and the application of cloud governance tools .
- Devise the designing, building and evaluating of a cloud compliance program based on laws, regulations and regulatory standards .
- Apply control objectives, technical and process controls, security metrics and relate them to cloud control frameworks, certification, attestation and authorisations.
- Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.
- Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix .
- Discuss the impact of continuous assurance and auditing, cloud automation, native development and integration models on auditing and compliance .
- Describe the role of the CSA STAR Program.
There are no prerequisites.
MODULE 1 - Cloud Governance
- Overview of governance
- Cloud assurance
- Cloud governance frameworks
- Cloud risk management
- Cloud governance tools
MODULE 2 - Cloud Compliance Program
- Designing a cloud compliance program
- Building a cloud compliance program
Legal and regulatory requirements
Standards and security frameworks
Identifying controls and measuring effectiveness
CSA certification, attestation and validation
MODULE 3 - CCM and CAIQ Goals, Objectives and Structure
CCM
CAIQ
Relationship to standards: mappings and gap analysis
Transition from CCM V3.0.1 to CCM V4
MODULE 4 - A Threat Analysis Methodology for Cloud Using CCM
- Definitions and purpose
- Attack details and impacts
- Mitigating controls and metrics
- Use case
MODULE 5 - Evaluating a Cloud Compliance Program
- Evaluation approach
- A governance perspective
- Legal, regulatory and standards perspectives
- Risk perspectives
- Services changes implications
- The need for continuous assurance/continuous compliance
MODULE 6 - Cloud Auditing
- Audit characteristics, criteria & principles
- Auditing standards for cloud computing
- Auditing an on-premises environment vs. cloud
- Differences in assessing cloud services and cloud delivery models
- Cloud audit building, planning and execution
MODULE 7 - CCM: Auditing Controls
- CCM audit scoping guidance
- CCM risk evaluation guide
- CCM audit workbook
- CCM an auditing example
MODULE 8 - Continuous Assurance and Compliance
- DevOps and DevSecOps
- Auditing CI/CD pipelines
- DevSecOps automation and maturity
MODULE 9 - STAR Program
- Standard for security and privacy
- Open Certification Framework
- STAR Registry
- STAR Level 1
- STAR Level 2
- STAR Level 3