SNIA supports new ISO/IEC 27040:2015 standard

SNIA has announced its support and participation in the development of the ISO/IEC 27040:2015, the first international standard covering the broad topic of storage security.

  • 9 years ago Posted in

SNIA’s Security Technical Work Group (TWG), working through the U.S. National Body, served as a key storage industry contributor during the standard’s development. The TWG’s subject matter experts submitted and published works to help ISO/IEC JTC 1/SC 27 deliver a usable standard. The Security TWG has now shifted its focus to complimentary materials that will further enhance adoption of the new standard.


SNIA’s Security Technical Work Group has developed an Index for the ISO/IEC 27040:2015 standard, which is perfectly aligned with the published standard and can be used to quickly locate terms and concepts throughout the standard.


While often overlooked, storage security is relevant to anyone involved in owning, operating or using data storage devices, media or networks. Published in January 2015, the ISO/IEC 27040:2015 Information technology - Security techniques - Storage security standard provides detailed technical guidance how organizations can define an appropriate level of risk mitigation by employing a well proven and consistent approach to the planning, design, documentation and implementation of storage security.


“As data breaches persist, organizations are scrambling to find additional ways to protect their systems and data,” said Eric Hibbard, Chair of the SNIA TWG and ISO Editor for ISO/IEC 27040:2015. “Storage security is often overlooked and may be pressed into service as a last line of defense. ISO/IEC 27040:2015 provides the details that can help accomplish this.”


Considered a “guidance” standard, the ISO/IEC 27040:2015 is expected to increase visibility of storage security, drawing the attention of security and audit communities and expanding the expectations for storage professionals. The standard was designed to be easily implemented and includes materials that can assist a phased approach of implementing storage security controls.


SNIA’s Involvements in Security Standards
In addition to ISO/IEC, SNIA collaborates with a number of other external security industry organizations such as the American National Standards Institute (ANSI), International Committee for Information Technology Standards (INCITS), American Bar Association (ABA), Cloud Security Alliance, (CSA), Distributed Management Task Force (DMTF), Internet Engineering Task Force (IEFT), Organization for the Advancement of Structured Information Standards (OASIS) and Information Systems Audit and Control Association (ISACA) to develop a core body of knowledge for storage professionals to leverage.

Exos X20 and IronWolf Pro 20TB CMR-based HDDs help organizations maximize the value of data.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Infinidat has achieved significant milestones in an aggressive expansion of its channel...
Collaboration will safeguard HPC storage systems and customer data with Panasas hardware-based...
Peraton, a leading mission capability integrator and transformative enterprise IT provider, has...
Helping customers plan for software failure, data loss and downtime.
Cloud Computing and Disaster Recovery specialist, virtualDCS has been named as the first UK-based...
SharePlex 10.1.2 enables customers to move data in near real-time to MySQL and PostgreSQL.