Certificate of Cloud Auditing Knowledge (CCAK)

• Overview of governance
• Cloud assurance
• Cloud governance frameworks
• Cloud risk management
• Cloud governance tools

• Designing a cloud compliance program
• Building a cloud compliance program
• Legal and regulatory requirements
• Standards and security frameworks
• Identifying controls and measuring effectiveness
• CSA certification, attestation and validation

• CCM
• CAIQ
• Relationship to standards: mappings and gap analysis
• Transition from CCM V3.0.1 to CCM V4

• Definitions and purpose
• Attack details and impacts
• Mitigating controls and metrics
• Use case

• Evaluation approach
• A governance perspective
• Legal, regulatory and standards perspectives
• Risk perspectives
• Services changes implications
• The need for continuous assurance/continuous compliance

• Audit characteristics, criteria & principles
• Auditing standards for cloud computing
• Auditing an on-premises environment vs. Cloud
• Differences in assessing cloud services and cloud delivery models
• Cloud audit building, planning and execution

• CCM audit scoping guidance
• CCM risk evaluation guide
• CCM audit workbook
• CCM an auditing example

• DevOps and DevSecOps
• Auditing CI/CD pipelines
• DevSecOps automation and maturity

• Standard for security and privacy
• Open Certification Framework
• STAR Registry
• STAR Level 1
• STAR Level 2
• STAR Level 3

A cloud audit is a periodic examination an organization does to assess and document its cloud vendor's performance. The goal of such audit is to see how well a cloud vendor is doing in meeting a set of established controls and best practices.

The internal audit role in cloud computing

Through its key role as assurance provider, internal audit (IA) is well positioned to help management as well as the Board identify key risks related to Cloud. IA can assist the business in determining whether those risks are being appropriately mitigated.

The three key areas of auditing are change control process, operation visibility, & incident response

Cloud, Clusters, Containers, and Code are the four pillars of cloud native security. Note: The defence in depth computing approach to security, which is widely considered as a best practise for protecting software systems, is supplemented by this layered strategy.

A: To attend the training session you should have an operational Desktops or Laptops with required specification along with good internet connection to access the labs. 

A: We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

A: Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice. 

Participants can easily access these labs over Cloud with the help of remote desktop connection. 

Radiant virtual labs provides you the flexibility to learn from anywhere in the world and in any time zone. 

A: The learners will be enthralled as we engage them the real world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.