[mostrar_banners_trafico]

Iso | Iec 27040 Pdf

ISO/IEC 27040 provides guidance for securing a variety of storage architectures, including Direct Attached Storage (DAS), Storage Area Networks (SAN), Network Attached Storage (NAS), and cloud/object-based storage. Its main control categories are:

Providing specific technical guidance that expands upon the general security controls found in ISO/IEC 27002 .

: Implementing logical or physical separation between production environments and backup storage. iso iec 27040 pdf

In practice, an organization certified to ISO/IEC 27001 would use ISO/IEC 27040 to build and audit its storage-specific controls, ensuring that its high-level policies are effectively implemented at a technical, granular level.

aligning hardware infrastructure with enterprise ISO/IEC 27001 ISMS policies . ISO/IEC 27040 provides guidance for securing a variety

The inaugural version focused heavily on traditional storage architecture. It addressed physical security, Direct-Attached Storage (DAS), Storage Area Networks (SAN) using Fibre Channel, Network-Attached Storage (NAS), and early implementations of tape backup encryption. 2. ISO/IEC 27040:2024 (Second Edition)

A recommended implementation roadmap includes: In practice, an organization certified to ISO/IEC 27001

Technological controls form the largest and most technically detailed section of the standard, specifying concrete configurations for storage environments. It covers foundational storage security topics such as:

| Clause | Title | Core Content | |--------|-------|---------------| | | Storage security concepts | Security objectives, threat modeling for storage systems. | | 6 | Storage security controls | Detailed list of technical and administrative controls (access control, monitoring, encryption). | | 7 | Storage architecture security | Securing network components (switches, directors), zoning, LUN masking. | | 8 | Storage management security | Administrative roles, separation of duties, logging and alerting. | | 9 | Storage media security | Lifecycle management – from provisioning to sanitization. |

© 2026 Z-Library - Livres à télécharger en PDF, ePUB et Audio ·
Go to up