CL130: Cloud Information Security according to ISO/IEC 27017/27018

Training: Security - Cloud - Virtualization

ISMS managers, cloud architects, and information security officers receive a practical introduction to the secure adoption and use of cloud services in accordance with ISO/IEC 27017/27018. The course covers methods for integrating cloud services into an ISMS, as well as concepts for secure cloud architectures and implementations. It also addresses advanced requirements such as BSI™ C5, applied in practice in the context of information security and compliance.

Presence training Presence training

Start: 2025-12-08 | 10:00 am

End: 2025-12-10 | 05:00 pm

Location: Nürnberg

Price: 2.100,00 € plus VAT.

Presence training Presence training

Start: 2026-01-26 | 10:00 am

End: 2026-01-28 | 05:00 pm

Location: Nürnberg

Price: 2.100,00 € plus VAT.

Presence training Presence training

Start: 2026-05-11 | 10:00 am

End: 2026-05-13 | 05:00 pm

Location: Nürnberg

Price: 2.100,00 € plus VAT.

Presence training Presence training

Start: 2026-09-14 | 10:00 am

End: 2026-09-16 | 05:00 pm

Location: Nürnberg

Price: 2.100,00 € plus VAT.

Online training Online training

Start: 2026-12-07 | 10:00 am

End: 2026-12-09 | 05:00 pm

Location: Online

Price: 2.100,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Motivation and fundamentals
    • Cloud computing fundamentals
      • Concepts
      • Reference architecture
      • Shared responsibility model
    • Cloud security
      • Threats and attack vectors
      • Security concepts
    • Cloud security services
      • Azure
      • Google™ Cloud Platform (GCP)
      • AWS™

  • Important standards/norms, certificates and best practices
    • Standards and norms
      • ISO/IEC 27001
      • ISO/IEC 27017/18
      • BSI™ C5
      • NIST SP 800-xx
      • NIST cyber security framework
      • CIS
      • ...
    • Personal certifications
      • CSA CCSK
      • ISC2™ CCSP
    • Product certifications
      • Azure security engineer
      • Google™ cloud security engineer
      • AWS™ certified security

  • Organizational requirements and recommendations for cloud security
    • Management (ISMS, security controls, DR, BCM)
      • Implementation planning
      • Implementation rollout
      • Implementation review and adjustment
    • Risk management and analysis
    • Cloud onboarding process
    • Reporting
    • Auditing and compliance
    • Strategic tool usage
      • Azure: Compliance manager
      • Google™ Cloud: Security command center
      • AWS™: AWS™ security hub

  • Technical requirements and operational cloud security operations
    • Typical cloud and multi-cloud architecture
    • Data security and architecture
    • Zero trust
    • Design and operations of secure cloud applications
    • Identity and access management
    • Cloud security monitoring (monitoring, incidents, forensics)
    • Tactical and operational tool usage

  • Discussion and summary

Objectives:

We provide you with comprehensive knowledge for the planning, implementation, monitoring, and improvement of Cloud Information Security in the context of recognized Cloud Security Frameworks. In this intensive training, participants acquire in-depth knowledge of the necessary steps for compliant and secure cloud operations.

For the secure and compliant introduction of cloud services, the following topics are covered:

  • Appropriate frameworks, norms, and standards.
  • Security architecture and policies for cloud infrastructures and their criteria to ensure that data and resources are adequately protected.
  • The Shared Responsibility Model in relation to security.
  • New security models in the cloud such as Zero Trust and their possible implementation.
  • Identity and access management to ensure that only authorized users can access cloud resources.
  • Data and application security: encryption concepts and securing the various service models.
  • A pragmatic overview of possible solution approaches with different providers (Azure, Google™ Cloud, Amazon Web Services).


Two standards in the ISO 27000 series have specifically focused on this topic:

  • ISO/IEC 27017 addresses both the use of cloud solutions and the provision of cloud services.
  • ISO/IEC 27018 relates to the protection of personal data in public cloud solutions.


Guiding questions:

  1. What opportunities do the security frameworks and concepts offer for companies that want to use cloud services as well as for companies that offer cloud services?
  2. How can cloud security be expanded or addressed within the framework of an ISMS with ISO/IEC 27017/18?
  3. What implementation possibilities (design principles) can be used in the context of a security architecture?

Furthermore, the course CL130 provides a good basis for further advanced courses, such as:

  1. SC135 Internal Auditor
  2. SC150 ISMS Auditor/Lead Auditor (IRCA™ A17608)

Target audience:

  • Information Security Officers
  • CISOs
  • Compliance Officers
  • Cyber Security Architects
  • Cloud Competence Center
  • Data Protection Officers

Prerequisites:

To understand the course content and learning pace in the course CL130 Cloud Information Security according to ISO/IEC 27017/27018, the following knowledge is necessary or advantageous:

Function and structure of an ISMS according to ISO/IEC 27001.

Alternatively, attend the workshops SC120 ISMS Implementation according to ISO 27001:2022 and CL120 Cloud Compliance – Standards, Security Requirements, Solution Approaches.

Description:

Digitalization is advancing relentlessly, both in the private sector and in government agencies. To unlock the full potential of digitalization, there is no way around the cloud. But how can an adequate level of security be achieved when using the cloud?

While the course CL120 Cloud Compliance – Standards, Security Requirements, Solutions focuses on aspects that must be considered before using cloud services (such as regulatory and legal requirements regarding contract design, information security, and data protection), the workshop CL130 Cloud Information Security according to ISO/IEC 27017/27018 builds on this and is dedicated to the secure introduction and use of cloud services, i.e., the concrete implementation of these requirements. Topics already covered, such as BSI™-C5, are deepened and concretized in a practical manner.

Participants will receive in this three-day workshop a solid overview of the possibilities of handling cloud services within an ISMS and guidance on secure cloud architecture and implementation.

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.100,00 € plus VAT.

(including lunch & drinks)

Exam (Optional):

100,00 € plus VAT.

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.