Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
DAY 1: Fundamentals of ISO/IEC 27017 Framework & Cloud Risk & Control
- Module 1: Introduction to ISO/IEC 27017 – Overview, alignment with ISO/IEC 27001/27002, and core objectives.
- Module 2: Scope of ISO/IEC 27017 – Supplemental controls, cloud-specific environments, and audit boundaries.
- Module 3: ISO/IEC 27017 Certification Scheme – Understanding the certification model as an extension of ISO/IEC 27001.
- Module 4: ISO/IEC 27017 Auditor Competency Model – Essential competencies, technical cloud knowledge, and risk-based thinking.
- Module 5: Cloud-Specific Risk Examples – Risks associated with VM management, multi-tenancy, data isolation, and legal jurisdiction.
- Module 6: Cloud Service Categories – Audit implications for SaaS, PaaS, IaaS, NaaS, and DSaaS.
- Module 7: ISO/IEC 27017 Specific Controls – Shared responsibility models, VM hardening, and cloud service monitoring.
- Module 8: Control Mapping to Cloud Services – Mapping controls to IAM, Cloud Logging, Cloud KMS, and VPC.
DAY 2: Technical Audit Simulation & Regulatory Integration
- Module 9: Audit Simulation Planning – Defining audit scope (GCP/Organization) and resource sampling strategies.
- Module 10: Cloud Control Audit Simulation (Hands-on) – Auditing Access Control, Resource Configuration, and Security Posture using real-world evidence.
- Module 11: Cloud Regulations & Compliance Requirements
- Indonesian Cloud Regulations: Detailed analysis of POJK 11/2022 & PADK No. 1 Year 2026 concerning IT Implementation by Commercial Banks.
- Mapping: Aligning ISO/IEC 27017 controls directly with local banking compliance mandates.
- Module 12: ISO/IEC 27017 Certification Audit Process – Audit techniques, methodology, and lifecycle management.
- Module 13: Integrated Audit Guidance – Comparative analysis of ISO/IEC 27001, 27017, and 27018.
- Module 14: Final Workshop – End-to-End Audit Simulation, compiling findings, and presenting results.
Requirements
- Familiarity with fundamental IT Security concepts
- Practical experience in IT Security and Cloud Platforms
Target Audience
- Banking IT Security Professionals
- IT Security Staff from Other Financial Institutions
14 Hours
Testimonials (3)
Cloud security standar
Singgih Sulaksono - Pt bank Sinarmas
Course - Cloud Security Audit for Financial Institutions
mas nya bagus berikan insightnya buat ngaudit and additional value
Retno Wulansari - Pt bank Sinarmas
Course - Cloud Security Audit for Financial Institutions
sharing knowledge