ISO/IEC 27017: 2015 Information Security Controls for Cloud Services

This course helps you clearly identify who is responsible to manage the different security risks and ensure the appropriate cloud security controls are in place, so you can maintain a resilient ISMS. ISO/IEC 27017 is a code of practice, which provides guidance on these controls and helps you focus on the more specific risks associated with cloud services as a customer or provider. Alongside your ISO/IEC 27001 ISMS, ISO/IEC 27017 helps manage the confidentiality, integrity, and availability of your business information or information entrusted to you by others.

You will learn

• Concepts specific to the cloud
• Typical information security risks in cloud services
• ISO/IEC 27017 introduction, scope, and structure
• Applicable terms and definitions
• The benefits of implementing ISO/IEC 27017
• A typical ISO/IEC 27017:2015 implementation framework
• How the key concepts and requirements of ISO/IEC 27001:2013 work when implementing ISO/IEC 27017
• Exploring and selecting ISO/IEC 27017 controls relevant to your risk assessment, through practical scenarios
• Specific guidance for cloud service customers and cloud service providers

Who should attend?

Anyone who plans, implements, maintains, supervises or assesses information security controls, as part of an information security management system, as either a customer or provider of cloud services.

Delivery options: in-class/public and in-house/in-company