Keeping data safe - what's your back up?

New International Standard on data storage security

By Janice Blondeau

To securely store and protect data these days a whole lot more than a simple back up is needed. A new IEC (International Electrotechnical Commission) and ISO (the International Organization for Standardization) International Standard for data storage security ensures that an individual, a company or organization’s valuable information stays in safe hands.

Keeping one step ahead

An organization's data is often its most valuable asset, and keeping it stored safely and effectively is increasingly a commercial and legal imperative. However the process of managing it can be complex, especially how it is stored, how to access it securely and communicate it across a wide range of media and devices.

ISO/IEC 27040 on storage security

IEC and ISO's latest International Standard, ISO/IEC 27040:2015, Information technology - Security techniques - Storage security provides detailed technical guidance on how to effectively manage all aspects of data storage security, from the planning and design to the implementation and documentation.

It includes guidance on mitigating risks of data breaches and corruption and takes into account new technologies and the complexities of connectivity and supports the requirements of an Information Security Management System according to ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements.

ISO/IEC 27040 aims to:

  • help draw attention to risks
  • assist organizations in better securing their data when stored
  • provide a basis for auditing, designing and reviewing storage security controls.

Protecting and securing data

ISO/IEC 27040 is relevant to managers and administrators who have specific responsibilities for information security or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security.

ISO/IEC 27040:2015 was developed by ISO/IEC JTC 1/SC 27: IT security techniques.

Server room ISO/IEC 27040 provides detailed technical guidance on how to...
connectivity finger ...effectively manage all aspects of data storage security
safe_data ISO/IEC 27040 provides detailed technical guidance on how to...