ISO/IEC 27040:2015
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Information technology — Security techniques — Storage security
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
01-26-2024
English, French
01-05-2015
ISO/IEC 27040:2015 provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection (security) of information where it is stored and to the security of the information being transferred across the communication links associated with storage. Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users during the lifetime of devices and media and after end of use.
Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security.
ISO/IEC 27040:2015 provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.
Committee |
ISO/IEC JTC 1/SC 27
|
DocumentType |
Standard
|
Pages |
111
|
PublisherName |
International Organization for Standardization
|
Status |
Superseded
|
SupersededBy | |
UnderRevision |
Standards | Relationship |
DIN EN ISO/IEC 27040:2016-04 (Draft) | Identical |
INCITS/ISO/IEC 27040 : 2017 | Identical |
NF EN ISO/IEC 27040 : 2017 | Identical |
NBN EN ISO/IEC 27040 : 2016 | Identical |
I.S. EN ISO/IEC 27040:2016 | Identical |
PN EN ISO/IEC 27040 : 2016 | Identical |
SN EN ISO/IEC 27040:2016 | Identical |
UNI CEI EN ISO/IEC 27040 : 2017 | Identical |
UNE-EN ISO/IEC 27040:2016 | Identical |
BS EN ISO/IEC 27040:2016 | Identical |
CEI UNI EN ISO/IEC 27040 : 1ED 2017 | Identical |
EN ISO/IEC 27040:2016 | Identical |
PNE-FprEN ISO/IEC 27040 | Identical |
NS ISO/IEC 27040 : 2015 | Identical |
NEN ISO/IEC 27040 : 2015 | Identical |
BS ISO/IEC 19944:2017 | Information technology. Cloud computing. Cloud services and devices: Data flow, data categories and data use |
18/30346433 DC : 0 | BS ISO/IEC 19086-4 - INFORMATION TECHNOLOGY - CLOUD COMPUTING SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 4: SECURITY AND PRIVACY |
BS ISO/IEC 19086-1:2016 | Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts |
CSA ISO/IEC 27050-1 : 2018 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1: OVERVIEW AND CONCEPTS |
BS ISO/IEC 27033-1:2015 | Information technology. Security techniques. Network security Overview and concepts |
ISO/IEC 27017:2015 | Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
CAN/CSA-ISO/IEC 27033-1:16 | Information technology - Security techniques - Network security - Part 1: Overview and concepts (Adopted ISO/IEC 27033-1:2015, second edition, 2015-08-15) |
ISO/IEC 19944:2017 | Information technology Cloud computing Cloud services and devices: Data flow, data categories and data use |
ISO/IEC 19086-1:2016 | Information technology Cloud computing Service level agreement (SLA) framework Part 1: Overview and concepts |
CSA ISO/IEC 27018 : 2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) IN PUBLIC CLOUDS ACTING AS PII PROCESSORS |
BS ISO/IEC 27043 : 2015 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - INCIDENT INVESTIGATION PRINCIPLES AND PROCESSES |
BS ISO/IEC 17826:2012 | Information technology. Cloud Data Management Interface (CDMI) |
TR 103 304 : 1.1.1 | CYBER; PERSONALLY IDENTIFIABLE INFORMATION (PII) PROTECTION IN MOBILE AND CLOUD SERVICES |
I.S. EN ISO/IEC 27043:2016 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES INCIDENT INVESTIGATION PRINCIPLES AND PROCESSES (ISO/IEC 27043:2015) |
ISO/IEC 27050-3:2017 | Information technology Security techniques Electronic discovery Part 3: Code of practice for electronic discovery |
ISO/IEC 27043:2015 | Information technology Security techniques Incident investigation principles and processes |
14/30278505 DC : 0 | BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY PART 1: OVERVIEW AND CONCEPTS |
16/30337310 DC : 0 | BS ISO/IEC 27050-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 3: CODE OF PRACTICE FOR ELECTRONIC DISCOVERY |
CAN/CSA-ISO/IEC 27017:16 | Information technology Security techniques Code of practice for information security controls based on ISO/IEC 27002 for cloud services (Adopted ISO/IEC 27017:2015, first edition, 2015-12-15) |
ISO/IEC 17826:2016 | Information technology Cloud Data Management Interface (CDMI) |
EN ISO/IEC 27043:2016 | Information technology - Security techniques - Incident investigation principles and processes (ISO/IEC 27043:2015) |
16/30287629 DC : 0 | BS ISO/IEC 27050-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1 OVERVIEW AND CONCEPTS |
BS ISO/IEC 27018:2014 | Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
BS ISO/IEC 27017:2015 | Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services |
BS EN ISO/IEC 27043:2016 | Information technology. Security techniques. Incident investigation principles and processes |
16/30334095 DC : 0 | BS ISO/IEC 17826 - INFORMATION TECHNOLOGY - CLOUD DATA MANAGEMENT INTERFACE (CDMI) |
ISO/IEC 27033-1:2015 | Information technology Security techniques Network security Part 1: Overview and concepts |
16/30313038 DC : 0 | BS ISO/IEC 19944 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - CLOUD SERVICES AND DEVICES: DATA FLOW, DATA CATEGORIES AND DATA USE |
BS ISO/IEC 27050-3:2017 | Information technology. Security techniques. Electronic discovery Code of practice for electronic discovery |
DIN ISO/IEC 27018:2017-08 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) IN PUBLIC CLOUDS ACTING AS PII PROCESSORS (ISO/IEC 27018:2014) |
13/30260172 DC : 0 | BS ISO/IEC 27043 - INVESTIGATION TECHNOLOGY - SECURITY TECHNIQUES - INCIDENT INVESTIGATION PRINCIPLES AND PROCESSES |
ISO/IEC 27018:2014 | Information technology Security techniques Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors |
ISO/IEC 27050-1:2016 | Information technology Security techniques Electronic discovery Part 1: Overview and concepts |
CAN/CSA-ISO/IEC 19086-1:18 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts (Adopted ISO/IEC 19086-1:2016, first edition, 2016-09-15) |
CAN/CSA-ISO/IEC 17826:18 | Information technology — Cloud Data Management Interface (CDMI) (Adopted ISO/IEC 17826:2016, second edition, 2016-07-15) |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ANSI INCITS 400 : 2004 | INFORMATION TECHNOLOGY - SCSI OBJECT-BASED STORAGE DEVICE COMMANDS (OSD) |
ISO/IEC 27003:2017 | Information technology — Security techniques — Information security management systems — Guidance |
ISO/TR 10255:2009 | Document management applications Optical disk storage technology, management and standards |
ISO/IEC 27037:2012 | Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence |
ISO/IEC 27031:2011 | Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity |
ISO/IEC/IEEE 24765:2017 | Systems and software engineering — Vocabulary |
ISO/IEC 27033-1:2015 | Information technology Security techniques Network security Part 1: Overview and concepts |
ISO/IEC 19790:2012 | Information technology — Security techniques — Security requirements for cryptographic modules |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
ISO 16175-2:2011 | Information and documentation Principles and functional requirements for records in electronic office environments Part 2: Guidelines and functional requirements for digital records management systems |
ISO/TR 18492:2005 | Long-term preservation of electronic document-based information |
ANSI INCITS 482 : 2012 | INFORMATION TECHNOLOGY - ATA/ATAPI COMMAND SET - 2 (ACS-2) |
IEEE 1619-2007 | IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices |
ISO/IEC 17826:2016 | Information technology Cloud Data Management Interface (CDMI) |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO 16175-3:2010 | Information and documentation Principles and functional requirements for records in electronic office environments Part 3: Guidelines and functional requirements for records in business systems |
IEEE 1619.1-2007 | IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices |
ANSI INCITS 458 : 2011 | INFORMATION TECHNOLOGY - SCSI OBJECT-BASED STORAGE DEVICE COMMANDS - 2 (OSD-2) |
ANSI INCITS 496 : 2012 | INFORMATION TECHNOLOGY - FIBRE CHANNEL - SECURITY PROTOCOLS - 2 (FC-SP-2) |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ANSI INCITS 512 : 2015 | INFORMATION TECHNOLOGY - FIBRE CHANNEL - PHYSICAL INTERFACE-6 (FC-PI-6) |
ANSI INCITS 470 : 2011(R2016) | INFORMATION TECHNOLOGY - FIBRE CHANNEL - FRAMING AND SIGNALING - 3 (FC-FS-3) |
ISO/IEC 24775:2011 | Information technology Storage management |
ISO/IEC 24759:2017 | Information technology Security techniques Test requirements for cryptographic modules |
ISO/IEC 14776-372:2011 | Information technology Small Computer System Interface (SCSI) Part 372: SCSI Enclosure Services - 2 (SES-2) |
ISO/IEC 27033-3:2010 | Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues |
ISO/IEC 27033-2:2012 | Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security |
ISO/IEC 10116:2017 | Information technology — Security techniques — Modes of operation for an n-bit block cipher |
ISO/PAS 22399:2007 | Societal security - Guideline for incident preparedness and operational continuity management |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO 16175-1:2010 | Information and documentation Principles and functional requirements for records in electronic office environments Part 1: Overview and statement of principles |
ISO/IEC 17788:2014 | Information technology — Cloud computing — Overview and vocabulary |
ISO Guide 73:2009 | Risk management — Vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.