Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CCAK Frequently Asked Questions

Published 03/02/2021

CCAK Frequently Asked Questions
What is the Certificate of Cloud Auditing Knowledge?

The Certificate of Cloud Auditing Knowledge (CCAK) is a credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing cloud computing systems. This credential leverages CSA’s cloud expertise and ISACA’s traditional audit expertise, combining our know-how and expertise to develop and deliver the best possible solution for cloud auditing education.

How is this certification program different from other IT audit certification programs?

Traditional IT audit education and certification programs have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. The CCAK provides a body of knowledge to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately as to the effectiveness of cloud security controls.

Who should obtain the CCAK?

The CCAK is designed to provide CISOs, security and compliance managers, internal and external auditors and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services. Job roles the CCAK is relevant for include:

  • (Cloud) Security third-party auditors
  • (Cloud) Security internal auditors
  • CISO
  • Chief Privacy Officers
  • Data Protection Officer
  • Compliance Manager
  • Vendor/Partners Program Manager
  • Procurement Officers
  • CSA STAR Program Auditors/Assessors (STAR Certification, STAR Attestation)
  • CSA Code of Conduct assessors
  • Security and Privacy Consultants

What are the benefits for an auditor earning the CCAK?

Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned and the new shared responsibility model means that IT audit must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure.

Are there any prerequisites before attempting to earn the CCAK?

No, however since the CCAK assumes a working knowledge of cloud security best practices, we strongly recommend that you earn your Certificate of Cloud Security Knowledge (CCSK) before pursuing the CCAK.

How will the CCAK relate to the CCSK?

The Certificate of Cloud Security Knowledge (CCSK) is Cloud Security Alliance’s flagship industry credential, created in 2010. The CCAK and CCSK will be complementary by their very nature. The CCSK provides the knowledge enabling an expert to secure cloud systems that will be successfully scrutinized by an expert holding the CCAK. In many cases, an industry professional will be well served by obtaining both certificates.

Is the CCAK a viable substitute for other industry certifications, including the CCSK?

No. The CCAK is unique in the industry and will help to fill the skills gap that will help keep the cloud ecosystem more secure.

Are there any plans to “grandfather” individuals with other certifications into the CCAK program?

No. The CCAK is not a user accreditation, but a certificate of knowledge for a specific topic. Grandfathering would not serve the purpose of encouraging competency in cloud security best practices.

Which other certifications does the CCAK complement?

The CCAK leverages ISACA's traditional audit expertise and CSA's cloud expertise and complements:

  • ISACA's ANSI accredited certifications such as CISA, CISM, CRISC and CGEIT
  • FedRAMP 3PAO Assessor, PCI-DSS Qualified Security Assessor, ISO 27001 Leader Auditor credentials
  • CSA’s Certificate of Cloud Security Knowledge (CCSK).
What is the price of the CCAK?
  • Non-Member: $495
  • Member: $395
When will the exam be available?

The exam will be available on March 22nd. We recommend you prepare to take and pass the exam in advance by purchasing the study guide.

When will training be available?

The training for the CCAK will be released in Q2 of 2021. The following formats will be available:

  • Online Self-Paced
  • Virtual Instructor Led
  • In-Person
How much does the CCAK Study Guide cost? Where can I purchase it?

You can purchase the official exam study guide at the ISACA bookstore here.

  • Member Price: $59.00
  • Non-Member Price: $70.00

CSA Corporate Members can receive bulk discounts on the CCAK exam, trainings and preparation materials. Contact [email protected] to learn more.

What topics does the CCAK Study Guide cover?

The CCAK study guide covers several existing familiar components from the Cloud Security Alliance. Below are a list of the topics covered in the Official CCAK Study Guide:

  • Cloud Governance
  • Cloud Compliance Program
  • Introduction to the CCM and CAIQ
  • A Threat Analysis Methodology for Cloud Using the CCM
  • Cloud Auditing
  • Evaluating a Cloud Compliance Program
  • CCM Auditing Guidelines
  • Continuous Assurance and Compliance
  • Security Trust Assurance and Risk (STAR) Program

Watch our CCAK LinkedIn Live Recording!

Interested in learning more about the CCAK? Watch the recording of our LinkedIn Live event that streamed on March 2nd. During this event Daniele Catteddu, CTO at Cloud Security Alliance and Paul Philips, Technical Research Manager, ISACA discussed how to establish cloud audit expertise.

Share this content on your favorite social network today!