Get in Touch

Course Outline

DAY 1: Fundamentals of ISO/IEC 27017 Framework & Cloud Risk & Control

  • Module 1: Introduction to ISO/IEC 27017 – Overview, alignment with ISO/IEC 27001/27002, and core objectives.
  • Module 2: Scope of ISO/IEC 27017 – Supplemental controls, cloud-specific environments, and audit boundaries.
  • Module 3: ISO/IEC 27017 Certification Scheme – Understanding the certification model as an extension of ISO/IEC 27001.
  • Module 4: ISO/IEC 27017 Auditor Competency Model – Essential competencies, technical cloud knowledge, and risk-based thinking.
  • Module 5: Cloud-Specific Risk Examples – Risks associated with VM management, multi-tenancy, data isolation, and legal jurisdiction.
  • Module 6: Cloud Service Categories – Audit implications for SaaS, PaaS, IaaS, NaaS, and DSaaS.
  • Module 7: ISO/IEC 27017 Specific Controls – Shared responsibility models, VM hardening, and cloud service monitoring.
  • Module 8: Control Mapping to Cloud Services – Mapping controls to IAM, Cloud Logging, Cloud KMS, and VPC.

DAY 2: Technical Audit Simulation & Regulatory Integration

  • Module 9: Audit Simulation Planning – Defining audit scope (GCP/Organization) and resource sampling strategies.
  • Module 10: Cloud Control Audit Simulation (Hands-on) – Auditing Access Control, Resource Configuration, and Security Posture using real-world evidence.
  • Module 11: Cloud Regulations & Compliance Requirements
    • Indonesian Cloud Regulations: Detailed analysis of POJK 11/2022 & PADK No. 1 Year 2026 concerning IT Implementation by Commercial Banks.
    • Mapping: Aligning ISO/IEC 27017 controls directly with local banking compliance mandates.
  • Module 12: ISO/IEC 27017 Certification Audit Process – Audit techniques, methodology, and lifecycle management.
  • Module 13: Integrated Audit Guidance – Comparative analysis of ISO/IEC 27001, 27017, and 27018.
  • Module 14: Final Workshop – End-to-End Audit Simulation, compiling findings, and presenting results.

Requirements

  • Familiarity with fundamental IT Security concepts
  • Practical experience in IT Security and Cloud Platforms

Target Audience

  • Banking IT Security Professionals
  • IT Security Staff from Other Financial Institutions
 14 Hours

Number of participants


Price per participant

Testimonials (3)

Upcoming Courses

Related Categories