Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
DAY 1: ISO/IEC 27017 Fundamentals & Framework and Cloud Risk & Control
- Module 1: Introduction to ISO/IEC 27017 – Overview, relationship with ISO/IEC 27001/27002, and standard objectives.
- Module 2: Scope of ISO/IEC 27017 – Additional controls, cloud environments, and audit boundaries.
- Module 3: ISO/IEC 27017 Certification Scheme – Certification model as an extension of ISO/IEC 27001.
- Module 4: ISO/IEC 27017 Auditor Competency Model – Required competencies, cloud technical knowledge, and risk-based thinking.
- Module 5: Cloud-Specific Risk Examples – VM management risks, multi-tenancy, isolation, and legal jurisdiction risks.
- Module 6: Cloud Service Categories – Audit impact discussion for SaaS, PaaS, IaaS, NaaS, and DSaaS.
- Module 7: ISO/IEC 27017 Specific Controls – Shared responsibilities, VM hardening, and cloud service monitoring.
- Module 8: Control Mapping to Cloud Services – Mapping controls to IAM, Cloud Logging, Cloud KMS, and VPC.
DAY 2: Technical Audit Simulation & Regulatory Integration
- Module 9: Audit Simulation Planning – Defining audit scope (GCP/Organization) and resource sampling.
- Module 10: Cloud Control Audit Simulation (Hands-on) – Auditing Access Control, Resource Configuration, and Security Posture based on real evidence.
- Module 11: Cloud Regulations & Compliance Requirements
- Indonesia Cloud Regulations: Deep dive into POJK 11/2022 & PADK No. 1 Year 2026 regarding Information Technology Implementation by Commercial Banks.
- Mapping: Aligning ISO/IEC 27017 controls directly to local banking compliance requirements.
- Module 12: ISO/IEC 27017 Certification Audit Process – Audit techniques, methodology, and lifecycle.
- Module 13: Integrated Audit Guidance – Comparison between ISO/IEC 27001, 27017, and 27018.
- Module 14: Final Workshop – End-to-End Audit Simulation, preparing findings, and presenting results.
Requirements
- A foundational understanding of IT Security
- Experience in IT Security and Cloud Platforms
Target Audience
- IT Security professionals in banking
- IT Security professionals in other financial institutions
14 Hours
Testimonials (2)
I found new things.
Cristian
Course - OpenStack Security
Azure web security, it was more what i was expecting, the penetration testing i would never do in my job
