The Cloud Security Alliance (CSA) and ISACA have announced the availability of the first credential for auditing the security of cloud security systems.
The introduction of the Certificate of Cloud Auditing Knowledge (CCAK) comes amid a huge surge in the adoption of the cloud in the past year, as organizations scrambled to facilitate mass remote working.
Developed by the CSA and ISACA, the CCAK credential and training program aims to prepare IT and security professionals to ensure internal requirements are fulfilled and the right controls are in place when assessing cloud systems. It also teaches how to mitigate the risks and costs of audit management, avoid penalties for non-compliance and lead an organization through successful cloud migration while retaining customer trust.
The four topics the CCAK curriculum focuses on are cloud governance, cloud compliance, cloud auditing and cloud assurance, with these areas supported through practical tools.
There are a range of study and exam prep options for industry professionals, including an online, self-paced course and a two-day instructor-led virtual course. The exam consists of 76 multiple-choice questions.
The program builds on the knowledge covered in the CSA’s Certificate of Cloud Security Knowledge (CCSK) as well as complementing ISACA’s ANSI accredited certifications.
CSA chief technology officer, Daniele Catteddu commented: “The historic shift to cloud has created a new technology foundation for our global economy. Trusting this computing infrastructure is one of our most fundamental challenges. The introduction of the CCAK is an important milestone in delivering the necessary expertise to enable professionals to objectively evaluate critical cloud assurance issues. CSA is proud of our collaboration with ISACA to create this high quality credential which will be leveraged by individuals, businesses and regulatory bodies around the world to raise the baseline of security, governance and compliance in cloud computing.”
Paul Phillips, CISA, CISM, CDPSE, technical research manager at ISACA, said: “Cloud, while not an emerging technology, is still new for many organizations. As such, there tends to be lack of internal knowledge and effective auditing among leaders and staff. Enterprises need to understand the hurdles as they attempt to migrate to the cloud to make sure the issues are adequately addressed. CSA and ISACA decided to collaborate to ensure that companies had the right tools and expertise to successfully migrate to the cloud.”
The certification has been developed for the following roles: internal and external assessors and auditors, third party assessors and auditors, CISOs and information security officers, chief privacy officers, data protection officers, security and privacy consultants, compliance managers, vendor/partners program managers and procurement officers.