Skip to content
Please enter a keyword to search

  • EN ISO/IEC 27040:2016

    Current The latest, up-to-date edition.

    Information technology - Security techniques - Storage security (ISO/IEC 27040:2015)

    Available format(s): 

    Language(s): 

    Published date:  24-08-2016

    Publisher:  Comite Europeen de Normalisation

    Pure ENs are not available for sale, please purchase a suitable national adoption

    Sorry this product is not available in your region.

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    European foreword
    Foreword
    Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Symbols and abbreviated terms
    5 Overview and concepts
    6 Supporting controls
    7 Guidelines for the design and implementation
      of storage security
    Annex A (normative) - Media sanitization
    Annex B (informative) - Selecting appropriate
            storage security controls
    Annex C (informative) - Important security concepts
    Bibliography

    Abstract - (Show below) - (Hide below)

    ISO/IEC 27040:2015 provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection (security) of information where it is stored and to the security of the information being transferred across the communication links associated with storage. Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users during the lifetime of devices and media and after end of use.Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security.ISO/IEC 27040:2015 provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.

    General Product Information - (Show below) - (Hide below)

    Committee CEN/BT
    Document Type Standard
    Publisher Comite Europeen de Normalisation
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    ANSI INCITS 400 : 2004 INFORMATION TECHNOLOGY - SCSI OBJECT-BASED STORAGE DEVICE COMMANDS (OSD)
    ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance
    ISO/TR 10255:2009 Document management applications Optical disk storage technology, management and standards
    ISO/IEC 27037:2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence
    ISO/IEC 27031:2011 Information technology Security techniques Guidelines for information and communication technology readiness for business continuity
    ISO/IEC/IEEE 24765:2017 Systems and software engineering — Vocabulary
    ISO/IEC 27033-1:2015 Information technology Security techniques Network security Part 1: Overview and concepts
    ISO/IEC 19790:2012 Information technology Security techniques Security requirements for cryptographic modules
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
    ISO 16175-2:2011 Information and documentation Principles and functional requirements for records in electronic office environments Part 2: Guidelines and functional requirements for digital records management systems
    ISO/TR 18492:2005 Long-term preservation of electronic document-based information
    ANSI INCITS 482 : 2012 INFORMATION TECHNOLOGY - ATA/ATAPI COMMAND SET - 2 (ACS-2)
    IEEE 1619-2007 IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices
    ISO/IEC 17826:2016 Information technology Cloud Data Management Interface (CDMI)
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO 16175-3:2010 Information and documentation Principles and functional requirements for records in electronic office environments Part 3: Guidelines and functional requirements for records in business systems
    IEEE 1619.1-2007 IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices
    ANSI INCITS 458 : 2011 INFORMATION TECHNOLOGY - SCSI OBJECT-BASED STORAGE DEVICE COMMANDS - 2 (OSD-2)
    ANSI INCITS 496 : 2012 INFORMATION TECHNOLOGY - FIBRE CHANNEL - SECURITY PROTOCOLS - 2 (FC-SP-2)
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ANSI INCITS 512 : 2015 INFORMATION TECHNOLOGY - FIBRE CHANNEL - PHYSICAL INTERFACE-6 (FC-PI-6)
    ANSI INCITS 470 : 2011(R2016) INFORMATION TECHNOLOGY - FIBRE CHANNEL - FRAMING AND SIGNALING - 3 (FC-FS-3)
    ISO/IEC 24775:2011 Information technology Storage management
    ISO/IEC 24759:2017 Information technology Security techniques Test requirements for cryptographic modules
    ISO/IEC 14776-372:2011 Information technology Small Computer System Interface (SCSI) Part 372: SCSI Enclosure Services - 2 (SES-2)
    ISO/IEC 27033-3:2010 Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
    ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
    ISO/IEC 10116:2017 Information technology — Security techniques — Modes of operation for an n-bit block cipher
    ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    ISO 16175-1:2010 Information and documentation Principles and functional requirements for records in electronic office environments Part 1: Overview and statement of principles
    ISO/IEC 17788:2014 Information technology — Cloud computing — Overview and vocabulary
    ISO Guide 73:2009 Risk management — Vocabulary
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective