IEC International ISO Standard IS0/IEC 27040 Second edition Information technology - Security 2024-01 techniques Storage security Technologie de I'information - Techniques de sécurité - Sécurité de stockage Reference number ISO/IEC 27040:2024(en) @ ISO/IEC 2024 IS0/IEC 27040:2024(en) COPYRIGHT PROTECTED DOCUMENT @ IS0/IEC 2024 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 · Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Email:
[email protected] Website: www.iso.org Published in Switzerland @ IS0/IEC 2024 - All rights reserved ii IS0/IEC 27040:2024(en) Contents Page Foreword. 1 Scope 1 2 Normative references 3 Terms and definitions. 3.1 General 3.2 Terms relating to storage technology 3.3 Terms relating to sanitization. 3 3.4 Terms relating to availability... 5 3.5 Terms relating to security and cryptography 5 3.6 Terms relating to archives and repositories. 6 3.7 Miscellaneous terms. 8 Symbols and abbreviated terms. 8 4 5 Structure of this document. 11 5.1 General. 11 5.2 Controls. .11 Overview and concepts 11 6 6.1 General. .11 6.2 Storage concepts. 12 6.3 Introduction to storage security 13 6.4 Storage security risks. 15 Background. 6.4.1 15 6.4.2 Data breaches. .16 6.4.3 Data corruption or destruction. .16 6.4.4 Temporary or permanent loss of access/availability 17 6.4.5 Failure to meet statutory, regulatory, or legal requirements .17 7 Organizational controls for storage 18 7.1 .18 General. 7.2 Align storage and policy .18 7.3 Business continuity management .18 7.4 Compliance. .19 8 People controls for storage .20 9 Physical controls for storage 21 9.1 .21 General 9.2 Physically secure storage. .21 .21 9.3 Protect physical interfaces to storage 9.4 Isolation of storage systems. 22 Technological controls for storage. .22 10 10.1 22 General. 10.2 Design and implementation of storage security. 22 10.2.1 22 General 10.2.2 Storage security design principles 23 Storage system quality attributes 25 10.2.3 10.2.4 Retention, preservation, and disposal of data 27 10.3 Storage systems security 28 System hardening 28 10.3.1 Security auditing, accounting, and monitoring 28 10.3.2 10.3.3 Storage vulnerability management 31 10.4 31 Storage management. .31 10.4.1 Background 10.4.2 Authentication and authorization. .32 10.4.3 Secure the management interfaces 34 @ IS0/IEC 2024 - All rights reserved iii
ISO IEC 27040 2024
文档预览
中文文档
92 页
50 下载
1000 浏览
0 评论
309 收藏
3.0分
温馨提示:本文档共92页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 人生无常 于 2025-05-11 16:21:44上传分享