As technology advances and organizations increase their use of cloud services, the requirement to have more specific cloud security controls in place is critical.
While using a cloud service can often increase information security risks, many of the ISO/IEC 27001 controls highlight responsibilities for either a cloud service customer, or the cloud service provider. ISO/IEC 27017 is a code of practice, which provides guidance on these controls and helps you focus on the more specific risks associated with cloud services as a customer or provider.
Alongside your ISO/IEC 27001 ISMS, ISO/IEC 27017 helps manage the confidentiality, integrity and availability of your business information or information entrusted to you by others.
This course helps you clearly identify who is responsible to manage the different security risks and ensure the appropriate cloud security controls are in place so you can maintain a resilient ISMS.
How will I benefit?
This course will help you:
- Identify key benefits associated with using ISO/IEC 27017 for cloud services, alongside an effective ISMS
- Consider the risks associated with using cloud services
- Ensure that your management system considers appropriate cloud-related controls that enable improved organizational security as technology evolves
- Provide products and services that consistently meet customer needs and enhance confidence
Who should attend?
Anyone who plans, implements, maintains, supervises or assesses information security controls, as part of an information security management system, as either a customer or provider of cloud services.
Pre-requisites: You should have a good knowledge of ISO/IEC 27002:2013 and ISO/IEC 27001:2013, as well as the key principles of an ISMS.
Many delegates on this course will have already attended our Information Security Management System (ISMS) Requirements of ISO 27001:2013 or Information Security Management System (ISMS) Implementing ISO/IEC 27001:2013 course.
We recommend an understanding of the different types of cloud services (e.g. IaaS, PaaS, SaaS, etc.), as well as the cloud deployment models (Private, Public, Hybrid, etc.).
What will I learn?
You will learn about:
- Concepts specific to the cloud
- Typical information security risks in cloud services
- ISO/IEC 27017:2015 introduction, scope and structure
- Applicable terms and definitions
- The benefits of implementing ISO/IEC 27017:2015
- A typical ISO/IEC 27017:2015 implementation framework
- How the key concepts and requirements of ISO/IEC 27001:2013 work when implementing ISO/IEC 27017:2015
- Exploring and selecting ISO/IEC 27017:2015 controls relevant to your risk assessment, through practical scenarios
- Specific guidance for cloud service customers and cloud service providers
What's included?
On completion, you’ll be awarded an internationally recognized BSI Training Academy certificate.
Contact us
If you have any enquiries, let us know how can we help you.
Call: +91 80815 80815
Email us: info.in@bsigroup.com
Notes:
- This training content will be delivered via BSI’s Connected Learning Live Platform as a virtual classroom with the BSI tutor. This will provide the delegate with the flexibility of attending it from the convenience of home or office, without travelling to BSI facility. A stable internet connection, headset with USB connection, a quiet and suitable work area. In advance of the training a ‘testing room’ will be provided for delegates to confirm their hardware works and that they can fully participate in the training.
- Examination will be conducted online via an e-assessment platform 'Questionmark'. Invigilation will be done through delegate’s webcam and microphone.
Please Note: This training fee is applicable only for residents of India and the Indian subcontinent.