CEI UNI EN ISO/IEC 27040
Information technology - Security techniques - Storage security
|Publication Date:||1 June 2017|
|ICS Code (Information coding):||35.040|
|ICS Code (IT Security):||35.030|
This International Standards provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, desig, documentation, and implementation of data storage security. Storage security applies to the protection (security) of information where it is stored and to the security of the information being transferred across the communication links associated with storage. Storage security includes the security of devices and media, the security of management activities related to the devices and of devices and media and after end of use.
Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquires of storage product and service, and other non-technical managers or users, in addition to managers and administrators who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design and implementation of the architectural aspects of storage network security.
This International Standards provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.