About the course

As the use of cloud computing grows constantly, so does the need to ensure cloud security. Data breaches and other forms of attacks happen mainly as a result of poor security practices, complicated controls, and misconfigurations. This makes cloud security essential to the effective operation of cloud services.

Organisations adopting cloud technology must ensure that the level of security of their cloud systems meets their requirements and complies with the applicable laws and regulations.

This training course is designed to help participants acquire the knowledge and skills needed to support an organisation with this skill. It helps you with effectively planning, implementing, managing, monitoring, and maintaining a cloud security program based on ISO/IEC 27017 and ISO/IEC 27018. Training includes the following:

  • Cloud computing concepts and principles;
  • Cloud computing security risk management;
  • Cloud-specific controls;
  • Cloud security incident management; and
  • Cloud security testing.

Training done in collaboration with


Course Outlines

Course Agenda

Day 1: Introduction to ISO/IEC 27017 and ISO/IEC 27018, and the initiation of a cloud security program

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental cloud computing concepts and principles
  • Understanding the organisation’s cloud computing architecture
  • Information security roles and responsibilities related to cloud computing
  • Information security policy for cloud computing

Day 2: Cloud computing security risk management and cloud-specific controls

  • Cloud computing security risk management
  • Selection and design of cloud-specific controls
  • Implementation of cloud-specific controls (part 1)

Day 3: Documented information management and cloud security awareness and training

  • Implementation of cloud-specific controls (part 2)
  • Documented information management in the cloud
  • Cloud security awareness and training

Day 4: Cloud security incident management, testing, monitoring, and continual improvement

  • Cloud security incident management
  • Cloud security testing
  • Monitoring, measurement, analysis, and evaluation
  • Continual improvement
  • Closing of the training course

Day 5 Certification Exam (3-hours)

The exam complies with the PECB Examination and Certification Program (ECP) requirements. The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of cloud computing

Domain 2: Information security policy for cloud computing and documented information management

Domain 3: Cloud computing security risk management

Domain 4: Cloud-specific controls based on ISO/IEC 27017 and ISO/IEC 27018 and best practices

Domain 5: Cloud security awareness, training, roles, and responsibilities

Domain 6: Cloud security incident management

Domain 7: Cloud security testing, monitoring, and continual improvement

Course Details

Duration: Up to 6 months

Starts: Upon Registration

Ends: After Examination

You'll be signed up to our PECB platform KATE where you will have access to all training procedures.

  • Certification fees are included on the exam price
  • Participants will be provided with the training course material containing over 500 pages of explanatory information, examples,
    best practices, exercises, and quizzes.
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
  • In case of exam failure, you can retake the exam within 12 months for free

Learning Objectives

  • Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for the implementation and effective management of a cloud security program.
  • Acknowledge the correlation between ISO/IEC 27017, ISO/IEC 27018, and other standards and regulatory frameworks.
  • Gain the ability to interpret the guidelines of ISO/IEC 27017 and ISO/IEC 27018 in the specific context of an organisation.
  • Develop the necessary knowledge and competence to support an organisation in effectively planning, implementing, managing, monitoring, and maintaining a cloud security program.
  • Acquire the practical knowledge to advise an organisation in managing a cloud security program by following best practices.

Frequently Asked Questions

What are the prerequisites?

The main requirement for participating in this training course is having a fundamental understanding of ISO/IEC 27017 and ISO/IEC 27018 and a general knowledge of cloud computing concepts.

What is Cloud Security?

Cloud security is a set of strategies and practices used to secure cloud environments, applications, and data. Cloud security ensures the preservation of confidentiality, integrity, availability, and privacy of information hosted in a private, public, community, or hybrid cloud deployment model. It provides multiple levels of security controls in the cloud infrastructure that ensure data protection and business continuity.

Can I retake an exam?

In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date.

Which Audit Activities are Considered Valid Experience?

  1. Implementing a cloud security program
  2. Managing a cloud security program
  3. Managing documented information in the cloud
  4. Monitoring the cloud security performance
  5. Managing a cloud security team

Lead Cloud Security Manager – Self-Study


Master the implementation and management of the cloud security program based on ISO/IEC 27017 and ISO/IEC 27018

Self-Study Course: €1,000 + VAT