Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
DAY 1: ISO/IEC 27017 Fundamentals & Framework and Cloud Risk & Control
- Module 1: Introduction to ISO/IEC 27017 – Overview, its relationship with ISO/IEC 27001/27002, and standard objectives.
- Module 2: Scope of ISO/IEC 27017 – Supplementary controls, cloud environments, and audit boundaries.
- Module 3: ISO/IEC 27017 Certification Scheme – The certification model as an extension of ISO/IEC 27001.
- Module 4: ISO/IEC 27017 Auditor Competency Model – Essential competencies, cloud technical knowledge, and risk-based thinking.
- Module 5: Cloud-Specific Risk Examples – Risks associated with VM management, multi-tenancy, isolation, and legal jurisdiction.
- Module 6: Cloud Service Categories – Discussion on audit implications for SaaS, PaaS, IaaS, NaaS, and DSaaS.
- Module 7: ISO/IEC 27017 Specific Controls – Shared responsibilities, VM hardening, and cloud service monitoring.
- Module 8: Control Mapping to Cloud Services – Mapping controls to IAM, Cloud Logging, Cloud KMS, and VPC.
DAY 2: Technical Audit Simulation & Regulatory Integration
- Module 9: Audit Simulation Planning – Defining the audit scope (GCP/Organization) and resource sampling.
- Module 10: Cloud Control Audit Simulation (Hands-on) – Auditing Access Control, Resource Configuration, and Security Posture using real evidence.
- Module 11: Cloud Regulations & Compliance Requirements
- Indonesia Cloud Regulations: Detailed exploration of POJK 11/2022 & PADK No. 1 Year 2026 concerning Information Technology Implementation by Commercial Banks.
- Mapping: Aligning ISO/IEC 27017 controls directly with local banking compliance requirements.
- Module 12: ISO/IEC 27017 Certification Audit Process – Audit techniques, methodology, and lifecycle.
- Module 13: Integrated Audit Guidance – Comparison between ISO/IEC 27001, 27017, and 27018.
- Module 14: Final Workshop – End-to-End Audit Simulation, preparing findings, and presenting results.
Requirements
- Fundamental understanding of IT Security.
- Practical experience with IT Security and Cloud Platforms.
Intended Audience
- IT Security professionals within banking.
- IT Security professionals at other financial institutions.
14 Hours
Testimonials (2)
I found new things.
Cristian
Course - OpenStack Security
Azure web security, it was more what i was expecting, the penetration testing i would never do in my job
