ISO floats storage security standard
ISO/IEC 27040:2015 is bedtime reading for storage admins
The International Standards Organisation reckons the world needs help securing its data, so has published a new storage security standard to cover it.
Because The Register isn't about to shell out 198 Swiss Francs to read the whole thing, we're constrained in our ability to tell you exactly what it contains, but we note that the ISO believes storage security has to cover data both at rest and when passing over networks.
As the home page of ISO/IEC 27040:2015 notes, sysadmins need to cover off security of devices and media, and their management systems, applications and services, users, and what to do with device and media at end-of-life (ie, 'is a hammer sufficient to render a disk unreadable?).
The standard is designed as a set of guidelines that “includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas”, the ISO says.
In an explanatory post, the ISO says the standard aims to help draw attention to storage security risks; help organisations secure their data; and provide a basis for the audit, design and review of security controls.
The standard will also help admins and organisations with legal compliance. ®