• Vendor: ISACA Authorized
  • Class: 4 Days
  • Voucher: Yes
  • Certification: CCAK Certified
  • Exam Method: Virtual Exam
  • 4 Days
  • Stafford VA or Zoom

Class Is Recorded with Unlimited Access for 90-Days

We Coach Until You Pass

100 % Exam Pass Guarantee

12-Additional Hours of Exam Review at No Charge

CCAK Overview

Welcome to ISACA’s Certificate of Cloud Auditing Knowledge, or CCAK, training and certification course. Are you considering CCAK Certification? This course prepares students to pass the certification exam and be recognized among the world’s most qualified information security cloud professionals. The CCAK program at 327 Solutions is an ISACA Authorized Event. 327 Solutions is an ISACA Authorized Training Organization (ATO). Our training utilizes the latest courseware and exam prep material in the market, delivered by ISACA Authorized Trainers, and uses 327 Solutions Persistent Training Environment. When you take a training program with 327, we will record your event, and after class, you’ll have access to your training for 3-months after we turn your event into eLearning, along with live exam review and mentoring.

The course covers all nine CCAK domains. BONUS! In our program, you’ll also learn FedRAMP and FISMA regulatory oversights related to CCAK and cloud compliance.


  1. Pass your exam, guaranteed (if you don’t pass, you’ll be coached until you do)
  2. Intensive Authorized Virtual-Live & Live Training (online live sessions on Zoom)
  3. YOUR live class is recorded and turned into eLearning with 3-months access via the student portal
  4. Access mock exams, exam prep, and assessments to ensure you are ready to test


Domain 1 - Cloud Governance

In this module, you will learn about the basics of cloud governance, including:  

  • Assurance 
  • Governance Frameworks 
  • Risk Management 
  • Governance Tools 

Domain 2 - Cloud Compliance Program

In this module, you will learn:

  • How to design and build a Cloud Compliance Program
  • Legal and regulatory requirements
  • Standards and security frameworks
  • How to identify controls and measure effectiveness
  • CSA certification, attestation, and validation

Domain 3 - CCM and CAIQ Goals, Objectives, and Structure

In this module, you will learn about:

  • The CSA Cloud Controls Matrix (CCM)
  • The Consensus Assessments Initiative Questionnaire (CAIQ)
  • The relationship to standards: mappings and gap analysis
  • The transition from CCM V3.0.1 to CCM V4

Domain 4 - Threat Analysis Methodology for Cloud Using CCM

In this module, you will learn about:

  • Definitions and purpose
  • Attack details and impacts
  • Mitigating controls and metrics

Domain 5 - Evaluating a Cloud Compliance Program

In this module, you will learn:

  • Governance perspectives
  • Legal, regulatory, and standards perspectives
  • Risk perspectives
  • Services changes implications
  • The need for continuous assurance/continuous compliance

Domain 6 - Cloud Auditing

In this module, you will learn how to:

  • Audit characteristics, criteria, and principles
  • Audit standards for cloud computing
  • Audit an on-premises environment vs. cloud
  • Pinpoint the differences in assessing cloud services vs. cloud delivery models
  • Build, plan, and execute a cloud audit

Domain 7 - CCM Auditing Controls

In this module, you will learn about:

  • Audit scoping guidance
  • Risk evaluation guide
  • Using an audit workbook

Domain 8 - Continuous Assurance and Compliance

In this module, you will learn about:

  • DevOps and DevSecOps
  • Auditing CI/CD pipelines
  • DevSecOps automation and maturity

Domain 8 - STAR Program

In this module, you will learn about:

  • Security and privacy standards
  • Open Certification Framework
  • STAR Registry
  • STAR Levels 1, 2 and 3

Domain 9 - FedRAMP and FISMA Compliance

This content is written and contributed by 327 Solutions. Understanding and demonstrating cloud governance, compliance, analysis, auditing, controls, and related topics require an oversight standard. FedRAMP (Federal Risk and Authorization Management Program) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services.

Here are the key aspects of FedRAMP:
  1. Standardization: FedRAMP establishes a uniform set of security requirements for cloud service providers (CSPs) that work with federal agencies.
  2. Security Assessment: CSPs must undergo a thorough security assessment conducted by an independent third-party assessment organization (3PAO) to ensure they meet FedRAMP’s security standards.
  3. Authorization: CSPs that meet the required security standards receive an Authorization to Operate (ATO) from a federal agency or a provisional ATO (P-ATO) from the Joint Authorization Board (JAB).
  4. Continuous Monitoring: FedRAMP requires ongoing monitoring and regular security assessments to ensure that authorized cloud services continue to meet security requirements.
  5. Risk Management: The program emphasizes risk management to protect federal data in cloud environments, ensuring that any potential security threats are identified and mitigated promptly.

FedRAMP is essential for ensuring the security and reliability of cloud services used by federal agencies, providing a standardized approach to managing and mitigating risks associated with cloud computing.

Ted Dziekanowski (ISACA Authorized Trainer)

Upcoming Public Training

Upcoming Classes

Do not sell my info