SNIA Supports ISO/IEC 27040:2015 Standard
For storage security
This is a Press Release edited by StorageNewsletter.com on March 11, 2015 at 3:12 pmThe Storage Networking Industry Association (SNIA) announced its support and participation in the development of the ISO/IEC 27040:2015, the international standard covering the broad topic of storage security.
SNIA’s Security Technical Work Group (TWG), working through the U.S. National Body, served as a key storage industry contributor during the standard’s development. The TWG’s subject matter experts submitted and published works to help ISO/IEC JTC1/SC27 deliver a usable standard. The Security TWG has shifted its focus to complimentary materials that will further enhance adoption of the new standard.
SNIA’s Security Technical Work Group has developed an Index for the ISO/IEC 27040:2015 standard, which is aligned with the published standard and can be used to quickly locate terms and concepts throughout the standard.
While often overlooked, storage security is relevant to anyone involved in owning, operating or using storage devices, media or networks. Published in January 2015, the ISO/IEC 27040:2015 Information technology – Security techniques – Storage security standard provides detailed technical guidance how organizations can define an appropriate level of risk mitigation by employing a well proven and consistent approach to the planning, design, documentation and implementation of storage security.
“As data breaches persist, organizations are scrambling to find additional ways to protect their systems and data,” said Eric Hibbard, chair, ISO editor for ISO/IEC 27040:2015, SNIA TWG. “Storage security is often overlooked and may be pressed into service as a last line of defense. ISO/IEC 27040:2015 provides the details that can help accomplish this.“
Considered a ‘guidance’ standard, the ISO/IEC 27040:2015 is expected to increase visibility of storage security, drawing the attention of security and audit communities and expanding the expectations for storage professionals. The standard was designed to be easily implemented and includes materials that can assist a phased approach of implementing storage security controls.
SNIA’s involvements in security standards
In addition to ISO/IEC, SNIA collaborates with a number of other external security industry organizations such as the American National Standards Institute (ANSI), International Committee for Information Technology Standards (INCITS), American Bar Association (ABA), cloud Security Alliance, (CSA), Distributed Management Task Force (DMTF), Internet Engineering Task Force (IEFT), Organization for the Advancement of Structured Information Standards (OASIS) and Information Systems Audit and Control Association (ISACA) to develop a core body of knowledge for storage professionals to leverage.
SNIA Security Technical Work Group
The Security Technical Work Group (TWG) consists of storage security subject matter experts, from the SNIA membership, who collaborate to develop technical solutions to secure storage networks and protect data for installations from the departmental level to the multi-national enterprise. It also provides architectures and frameworks for the establishment of information security capabilities within the storage networking industry and guidance on the application of information assurance to storage systems/ecosystems as well as on matters of compliance as it relates to data protection and security. The focus of the Security TWG is directed toward both long-term and holistic security solutions.