Get in Touch

Course Outline

DAY 1: ISO/IEC 27017 Fundamentals, Framework Architecture, and Cloud Risk Management

  • Module 1: Introduction to ISO/IEC 27017 – Comprehensive overview, alignment with ISO/IEC 27001 and 27002, and definition of standard objectives for public sector implementation.
  • Module 2: Scope of ISO/IEC 27017 – Examination of supplementary controls, cloud environment applications, and defined audit boundaries for government systems.
  • Module 3: ISO/IEC 27017 Certification Scheme – Analysis of the certification model as an extension of ISO/IEC 27001 for cloud service providers serving governmental entities.
  • Module 4: ISO/IEC 27017 Auditor Competency Model – Evaluation of required competencies, technical proficiency in cloud infrastructure, and risk-based audit methodologies for public sector auditors.
  • Module 5: Cloud-Specific Risk Assessment – Identification of risks related to virtual machine management, multi-tenancy, data isolation, and legal jurisdictional compliance.
  • Module 6: Cloud Service Categories – Assessment of audit implications across Service Models (SaaS, PaaS, IaaS, NaaS, and DSaaS) relevant to federal and state operations.
  • Module 7: ISO/IEC 27017 Specific Controls – Review of shared responsibility models, virtual machine hardening standards, and continuous cloud service monitoring protocols.
  • Module 8: Control Mapping to Cloud Services – Alignment of security controls with Identity and Access Management (IAM), cloud logging, Key Management Services (KMS), and Virtual Private Clouds (VPC).

DAY 2: Technical Audit Simulation and Regulatory Compliance Integration

  • Module 9: Audit Simulation Planning – Definition of audit scope (e.g., GCP/Organization structure) and methodology for resource sampling in government cloud environments.
  • Module 10: Cloud Control Audit Simulation (Practical Application) – Execution of audits on Access Control, Resource Configuration, and Security Posture using verified government data sources.
  • Module 11: Cloud Regulations & Compliance Requirements
    • Regulatory Framework Analysis: Comprehensive review of POJK 11/2022 and PADK No. 1 Year 2026 concerning Information Technology Implementation within commercial banking sectors.
    • Compliance Alignment: Direct mapping of ISO/IEC 27017 controls to local financial sector regulatory mandates to ensure for government and private sector accountability.
  • Module 12: ISO/IEC 27017 Certification Audit Process – Examination of audit techniques, standard methodology, and lifecycle management for government-certified auditors.
  • Module 13: Integrated Audit Guidance – Comparative analysis of ISO/IEC 27001, 27017, and 27018 to support unified information security governance.
  • Module 14: Final Workshop – End-to-end audit simulation, development of formal findings, and presentation of audit results to stakeholders.

Requirements

  • Foundational knowledge of information technology security principles
  • Operational experience with IT security frameworks and cloud infrastructure

Target Participants

  • Information security personnel within banking institutions
  • Security professionals at other financial services entities
 14 Hours

Number of participants


Price per participant

Runs with a minimum of 4 + people. For 1-to-1 or private group training, request a quote.

Testimonials (3)

I found new things.

Cristian
Course - OpenStack Security

Azure web security, it was more what i was expecting, the penetration testing i would never do in my job

Toby
Course - Application Security in the Cloud

A wide range of knowledge of the lecturer.

Marcin Szklarski - Santander Consumer Bank
Course - CCSK Plus (Certificate of Cloud Security Knowledge - Plus)

Upcoming Courses

Cloud Security Audit for Financial Institutions

2026-06-15 09:30
14 hours
Charlotte, NC – City Center
$ 2703 (Online)
$ 3903 (Classroom)

Cloud Security Audit for Financial Institutions

2026-06-29 09:30
14 hours
Augusta, GA – At Broad Street
$ 2703 (Online)
$ 3903 (Classroom)

Cloud Security Audit for Financial Institutions

2026-07-13 09:30
14 hours
Charleston, SC – Regus at Downtown Charleston
$ 2703 (Online)
$ 3903 (Classroom)

Cloud Security Audit for Financial Institutions

2026-07-27 09:30
14 hours
Durham, NC – Regus at Shannon Road
$ 2703 (Online)
$ 3903 (Classroom)

Cloud Security Audit for Financial Institutions

2026-08-10 09:30
14 hours
Miami, FL – Regus at Waterford at Blue Lagoon
$ 2703 (Online)
$ 3903 (Classroom)

Related Courses

Cloud Computing Security Knowledge (CCSK) Preparation Course

 21 Hours

Cloud Computing Security Knowledge (CCSK) Preparation Course

The CCSK course is designed to provide a comprehensive understanding of security issues and best practices across various cloud computing domains. As cloud computing continues to be the predominant IT framework, this course is relevant for a wide array of IT and information security roles in virtually every organization, including those within the public sector. It is particularly recommended for IT auditors, system administrators, and security professionals with at least five years of experience.

Upon completion of this course, participants will be able to:

  • Validate their competence in cloud security gained through practical experience
  • Prepare for the CCSK certification exam
  • Demonstrate technical knowledge, skills, and abilities necessary to develop a comprehensive cloud security program aligned with global standards
  • Differentiate themselves from other candidates in the competitive cloud security job market
  • Access valuable career resources, including tools, networking opportunities, and peer collaboration
  • Protect against threats by leveraging the expertise of qualified professionals who can competently design, build, and maintain a secure cloud environment

Format of the Course

  • Interactive lectures and discussions
  • Extensive exercises and practice sessions
  • Hands-on implementation in a live-lab environment

Course Customization Options for Government

  • To request a customized training session tailored to the specific needs of government agencies, please contact us to arrange.
Read more...

Certificate of Cloud Security Knowledge

 14 Hours

Description:

This 2-day CCSK Plus course encompasses all the content from the CCSK Foundation course and builds upon it with extensive hands-on labs on the second day of training. Participants will gain practical experience by performing a series of exercises that involve securely migrating a fictional organization to the cloud. Upon completion, students will be well-prepared for the CCSK certification exam, which is sponsored by the Cloud Security Alliance. The second day of the course includes additional lectures, though the focus remains on assessing, building, and securing cloud infrastructure through hands-on exercises.

Objectives:

This two-day class begins with CCSK Basic training and continues with a second day of expanded content and practical activities designed to enhance participants' skills in cloud security.

Target Audience:

This course is tailored for security professionals but is also beneficial for anyone seeking to deepen their understanding of cloud security, particularly those working in or supporting government agencies for government operations.

Read more...

Certificate of Cloud Security Knowledge (CCSK) Foundation (CSA authorized)

 14 Hours
The CCSK Foundation course begins with an introduction to fundamental concepts, gradually advancing through all 16 domains of the CSA Security Guidance, incorporating recommendations from the European Union Agency for Network and Information Security (ENISA), and providing a comprehensive overview of the Cloud Controls Matrix. This course is officially authorized by the Cloud Security Alliance (CSA), and NobleProg serves as an accredited CSA Training Partner. The course is delivered by CSA Authorized CCSK Instructors. All participants will receive: - Official CSA CCSK Foundation course certificates - Official CCSK Foundation Student Handbooks - One CCSK exam voucher and one re-attempt exam voucher The curriculum covers the latest version of the CCSK exam, currently version 4.1, ensuring that learners are well-prepared with the most up-to-date knowledge for government and private sector applications.
Read more...

Certificate of Cloud Security Knowledge (CCSK) Plus (CSA authorized)

 21 Hours
The CCSK Plus course builds upon the foundational class by offering expanded content and a comprehensive set of hands-on activities designed to reinforce classroom learning. Students participate in a scenario that involves securely transitioning a fictional organization to the cloud, providing them with practical experience in performing tasks that are essential in real-world environments. The CCSK Plus Course includes all modules from the CCSK Foundation course, along with additional material. This is an authorized Cloud Security Alliance (CSA) course, and NobleProg serves as an official CSA Training Partner. Delivered by CSA Authorized CCSK Instructors, this course ensures that participants receive: - Official CSA CCSK Plus course certificates - Official CCSK Foundation Student Handbooks - One CCSK exam voucher and one re-attempt exam voucher The course covers the most current version of the CCSK exam, which is currently version 4.1, ensuring that it aligns with the latest standards for government and industry.
Read more...

Certified Cloud Security Professional

 35 Hours
The Certified Cloud Security Professional (CCSP) credential is a globally recognized certification developed through the collaborative expertise of two leading organizations in information systems and cloud computing security, (ISC)² and the Cloud Security Alliance (CSA). The CCSP credential is particularly relevant for government and other sectors that require robust cloud security measures in a global context. This is crucial given the complex legal, regulatory, and compliance challenges associated with the multi-jurisdictional storage of personally identifiable information (PII). For those who qualify, the CCSP exam assesses their proficiency across six domains of the (ISC)² Common Body of Knowledge (CBK), which include: - Architectural Concepts & Design Requirements - Cloud Data Security - Cloud Platform & Infrastructure Security - Cloud Application Security - Operations - Legal & Compliance These domains ensure that professionals are well-equipped to address the multifaceted security needs in cloud environments, aligning with the stringent requirements for government and other public sector workflows.
Read more...

Application Security in the Cloud

 21 Hours

Cloud adoption changes how applications are built, deployed, and operated — shifting responsibility between vendor and customer while introducing cloud-native platforms (containers, serverless, managed services) that require adapted security controls. Security must therefore address infrastructure hardening, identity and access management, data protection, secure development practices, and cloud-specific threat vectors.

This instructor-led, live training (online or onsite) is aimed at intermediate-level developers, security engineers, and IT managers who wish to gain practical, hands-on skills to secure cloud applications and their supporting infrastructure, while learning repeatable controls and assessment techniques that map to current industry frameworks and cloud provider guidance for government.

By the end of this training, participants will be able to:

  • Explain the cloud shared-responsibility model and apply it to application security decisions.
  • Harden cloud infrastructure (IaaS), secure platform services (PaaS) and evaluate SaaS configurations.
  • Apply secure coding and OWASP-based mitigation patterns to cloud-hosted applications.
  • Integrate security tooling into CI/CD pipelines (SAST/DAST/DAST/IAST/RASP) and adopt shift-left practices.

Format of the Course

  • Interactive lecture and discussion tied to live demos.
  • Hands-on labs using cloud consoles, containers, serverless functions, and CI/CD pipelines.
  • Practical exercises: secure configuration, vulnerability scanning, attack simulation, and remediation planning.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.
Read more...

Cloud Security Essentials

 21 Hours
This course is designed to equip participants with the skills necessary to implement appropriate security controls in the cloud, often utilizing automation to ensure compliance. We will start by exploring one of the most critical aspects of cloud security: Identity and Access Management (IAM). Following this, we will delve into securing cloud environments through a combination of discussions and practical, hands-on exercises that cover several key topics. These exercises are aimed at defending various cloud workloads operating in different Cloud Service Provider (CSP) models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Functions as a Service (FaaS). This comprehensive approach ensures that participants are well-prepared to enhance security for government and other critical sectors.
Read more...

OpenStack Security

 14 Hours
The course provides practical knowledge on OpenStack and private cloud security, tailored specifically for government agencies. It begins with an introduction to the system, followed by in-depth, hands-on training on security measures for private clouds and securing OpenStack installations. Throughout the course, each core OpenStack module is thoroughly covered, enabling participants to build virtual identity, image, network, compute, and storage resources while discussing pertinent security issues. Each participant receives their own training environment featuring a complete OpenStack installation based on selected cloud architecture (e.g., storage, networking). The training can be highly customized to meet the specific needs of government clients. ### Customization Options The course can be structured to fit within a 2-day timeframe, focusing on core aspects relevant to the client's requirements. Alternatively, it can be extended to include additional topics such as administrative tasks, design considerations, networking, and troubleshooting issues related to OpenStack deployments for government use.
Read more...

Related Categories

Cloud Security
Cloud Security