ISO 27017: Information Security Controls for Cloud Services

• Basic understanding of cloud computing
• Knowledge of general information security principles
• Familiarity with ISO 27001 or other cybersecurity frameworks

Audience

• Cloud security professionals
• IT security managers
• Compliance officers
• Cloud service providers

ISO/IEC 27017 is an international standard that provides guidelines for information security controls specific to cloud services. It builds upon ISO/IEC 27002 and enhances security measures tailored for cloud computing environments.

This instructor-led, live training (online or onsite) is aimed at intermediate-level IT and security professionals who wish to implement ISO 27017 controls to enhance cloud security and compliance.

By the end of this training, participants will be able to:

• Understand the principles and objectives of ISO 27017.
• Identify key security controls specific to cloud environments.
• Implement ISO 27017 controls within cloud service providers and cloud customers.
• Align cloud security strategies with ISO 27001 requirements.
• Ensure compliance with international cloud security best practices.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Introduction to ISO 27017

• Overview of ISO/IEC 27017
• Relation to ISO 27001 and ISO 27002
• Importance of cloud security governance

Cloud Security Risks and Threats

• Common security risks in cloud environments
• Cloud-based attack vectors
• Risk assessment methodologies for cloud services

Key Information Security Controls in ISO 27017

• Additional cloud-specific controls
• Shared security responsibilities between CSPs and customers
• Data protection and encryption in the cloud

Implementing Cloud Security Policies

• Defining security policies for cloud adoption
• Access control and identity management
• Security incident management in the cloud

Compliance and Regulatory Considerations

• Legal and regulatory implications of cloud security
• Mapping ISO 27017 to GDPR, HIPAA, and other regulations
• Cloud compliance audits and certification processes

Best Practices for Cloud Security

• Security monitoring and threat detection
• Implementing continuous improvement in cloud security
• Ensuring resilience and disaster recovery

Hands-On Implementation and Case Studies

• Applying ISO 27017 controls in real-world scenarios
• Reviewing cloud security case studies
• Interactive exercises on cloud security strategy

Summary and Next Steps