What are you looking for ?
Infinidat
Articles_top

Publication ISO/IEC 27040:2024 Standard Information Technology – Security Techniques – Storage Security

Provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing well-proven and consistent approach to planning, design, documentation, and implementation of storage security.

ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) had published the ISO/IEC 27040:2024 international standard concerning storage security relevant to anyone involved in owning, operating, or using data storage devices, media, and networks.

Abstract from ISO/IEC:
This document provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media, and after end of use or end of life.

Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage products and services, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information or storage security, storage operation, or who are responsible for an organization’s overall security programme and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security.

This document provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other international standards and technical reports that address existing practices and techniques that can be applied to storage security.

Publication type

International Standard

Publication date

2024-01-26

Edition

2.0

Available language(s)

English

TC/SC

ISO/IEC JTC 1/SC 27 – Information security, cybersecurity and privacy protectionrss

ICS

35.030 – IT Security

Pages

85

File size

3,008KB

Articles_bottom
AIC
ATTO
OPEN-E