Get in Touch

Course Outline

DAY 1: ISO/IEC 27017 Fundamentals & Framework and Cloud Risk & Control

  • Module 1: Introduction to ISO/IEC 27017 – Overview, relationship with ISO/IEC 27001/27002, and standard objectives.
  • Module 2: Scope of ISO/IEC 27017 – Additional controls, cloud environments, and audit boundaries.
  • Module 3: ISO/IEC 27017 Certification Scheme – Certification model as an extension of ISO/IEC 27001.
  • Module 4: ISO/IEC 27017 Auditor Competency Model – Required competencies, cloud technical knowledge, and risk-based thinking.
  • Module 5: Cloud-Specific Risk Examples – VM management risks, multi-tenancy, isolation, and legal jurisdiction risks.
  • Module 6: Cloud Service Categories – Audit impact discussion for SaaS, PaaS, IaaS, NaaS, and DSaaS.
  • Module 7: ISO/IEC 27017 Specific Controls – Shared responsibilities, VM hardening, and cloud service monitoring.
  • Module 8: Control Mapping to Cloud Services – Mapping controls to IAM, Cloud Logging, Cloud KMS, and VPC.

DAY 2: Technical Audit Simulation & Regulatory Integration

  • Module 9: Audit Simulation Planning – Defining audit scope (GCP/Organization) and resource sampling.
  • Module 10: Cloud Control Audit Simulation (Hands-on) – Auditing Access Control, Resource Configuration, and Security Posture based on real evidence.
  • Module 11: Cloud Regulations & Compliance Requirements
    • Indonesia Cloud Regulations: Deep dive into POJK 11/2022 & PADK No. 1 Year 2026 regarding Information Technology Implementation by Commercial Banks.
    • Mapping: Aligning ISO/IEC 27017 controls directly to local banking compliance requirements.
  • Module 12: ISO/IEC 27017 Certification Audit Process – Audit techniques, methodology, and lifecycle.
  • Module 13: Integrated Audit Guidance – Comparison between ISO/IEC 27001, 27017, and 27018.
  • Module 14: Final Workshop – End-to-End Audit Simulation, preparing findings, and presenting results.

Requirements

Prerequisites
  • Familiarity with foundational information technology security principles.
  • Proficiency in information technology security protocols and cloud infrastructure platforms.
Intended Audience
  • Information technology security professionals within banking institutions.
  • Information technology security personnel at other financial services organizations.
This curriculum is designed for government and private sector stakeholders seeking to enhance cybersecurity governance.
 14 Hours

Number of participants


Price per participant

Testimonials (3)

Upcoming Courses

Related Categories