Certificate of Cloud Auditing Knowledge CCAK Eğitimi

There are no prerequisites.

• Demonstrate key concepts of cloud governance and the role of assurance, transparency and accountability in the cloud.
• Explain cloud risk management and the application of cloud governance tools .
• Devise the designing, building and evaluating of a cloud compliance program based on laws, regulations and regulatory standards .
• Apply control objectives, technical and process controls, security metrics and relate them to cloud control frameworks, certification, attestation and authorisations.
• Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.
• Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix .
• Discuss the impact of continuous assurance and auditing, cloud automation, native development and integration models on auditing and compliance .
• Describe the role of the CSA STAR Program.

MODULE 1 - Cloud Governance

• Overview of governance
• Cloud assurance
• Cloud governance frameworks
• Cloud risk management
• Cloud governance tools

MODULE 2 - Cloud Compliance Program

• Designing a cloud compliance program
• Building a cloud compliance program

Legal and regulatory requirements
Standards and security frameworks
Identifying controls and measuring effectiveness
CSA certification, attestation and validation

MODULE 3 - CCM and CAIQ Goals, Objectives and Structure

CCM
CAIQ
Relationship to standards: mappings and gap analysis
Transition from CCM V3.0.1 to CCM V4

MODULE 4 - A Threat Analysis Methodology for Cloud Using CCM

• Definitions and purpose
• Attack details and impacts
• Mitigating controls and metrics
• Use case

MODULE 5 - Evaluating a Cloud Compliance Program

• Evaluation approach
• A governance perspective
• Legal, regulatory and standards perspectives
• Risk perspectives
• Services changes implications
• The need for continuous assurance/continuous compliance

MODULE 6 - Cloud Auditing

• Audit characteristics, criteria & principles
• Auditing standards for cloud computing
• Auditing an on-premises environment vs. cloud
• Differences in assessing cloud services and cloud delivery models
• Cloud audit building, planning and execution

MODULE 7 - CCM: Auditing Controls

• CCM audit scoping guidance
• CCM risk evaluation guide
• CCM audit workbook
• CCM an auditing example

MODULE 8 - Continuous Assurance and Compliance

• DevOps and DevSecOps
• Auditing CI/CD pipelines
• DevSecOps automation and maturity

MODULE 9 - STAR Program

• Standard for security and privacy
• Open Certification Framework
• STAR Registry
• STAR Level 1
• STAR Level 2
• STAR Level 3