Exam Details
ISO/IEC 27017 Certified Professional is a globally recognized certification that covers implementing cloud-specific information security controls. ISO 27017 certification exam is designed for cloud service providers and cloud customers who already have an Information Security Management System (ISMS) aligned with ISO/IEC 27001.
This certification exam focuses on the framework for enhancing cloud security by evaluating the effective implementation of 37 controls from ISO/IEC 27002, which are selected based on a risk assessment. In addition, ISO/IEC 27017 introduces 7 additional controls tailored specifically to cloud environments.
Unique Cloud-Specific Controls Include:
- Defining roles and responsibilities for both cloud service providers and customers to ensure accountability in cloud operations and security.
- Establishing secure processes for data retrieval and purging when a customer contract ends.
- Ensuring logical separation of customer environments to protect data from unauthorized access or co-residency risks.
- Applying machine hardening practices to reduce security vulnerabilities in cloud systems based on business needs.
- Clarifying the operational responsibilities of cloud administrators to prevent misuse or misconfiguration.
- Enabling cloud customer monitoring capabilities for transparency and security oversight.
- Aligning security management for both physical and virtual infrastructures in cloud computing environments.
Exam Benefits
Enhanced cloud security posture, Clear roles and responsibilities, Improved risk management, Better compliance with regulations, Increased customer trust, Competitive market advantage, Secure data lifecycle management, Stronger cloud governance, Improved incident response readiness
Who Should Attend
Cloud Security Professionals, Information Security Managers and Officers (CISO, ISM, ISO), IT Managers and System Administrators, Cloud Service Providers (CSPs), Cloud Customers / End-Users managing cloud contracts, Compliance Officers and Auditors, Risk and Governance Professionals, Consultants in Cloud and Cybersecurity
Exam Syllabus
Cloud Service Models and Responsibilities, Cloud-specific Information Security Controls, Shared Responsibility Model in Cloud Security, Cloud Customer and Cloud Service Provider Roles, Information Security Policies for Cloud Services, Asset Management in Cloud Environments, Access Control and Identity Management in the Cloud, Cryptographic Controls and Key Management in Cloud, Cloud Infrastructure Security, Security Monitoring and Logging in the Cloud, Incident Management for Cloud Services, Compliance and Legal Considerations in Cloud Security, Risk Assessment and Treatment in the Cloud, Cloud Service Agreements and SLAs, Control Implementation Guidance (ISO/IEC 27017 Controls), Audit and Certification Considerations for Cloud, Integration with ISO/IEC 27001 ISMS
Exam Details
Exam Duration - 120 Min, Exam Pattern – MCQs, Number of Questions: 50, Passing Marks: 35, Exam Method – Online Open Book: No, Exam Pass Mark - 70% (35 out of 50) Exam Result - Immediate
Exam Rating
Exam Review
Write a Review
Explore Popular Exams
Related Exams
ISO/IEC 27035 Incident Manager
$199
$349
ISO 27032 Lead Cyber Security Manager
$299
$449
ISO/IEC 27001 Lead Implementer
$279
$449
ISO 27001:2022 Lead Auditor
$279
$449
Certified Ethical Hacking Professional
$299
$449
Certified Digital Forensics Analyst
$299
$449
Certified Penetration Tester
$299
$449
ISO/IEC 27017 Certified Professional
$199
$350