1 Scope
This International Standard provides detailed technical guidance on how organizations
can define an appropriate level of risk mitigation by employing a well-proven and
consistent approach to the planning, design, documentation, and implementation of
data storage security. Storage security applies to the protection (security) of information where it is stored and
to the security of the information being transferred across the communication links
associated with storage . Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users
during the lifetime of devices and media and after end of use.
Storage security is relevant to anyone involved in owning, operating, or using data storagedevices,
media, and networks. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers
and administrators who have specific responsibilities for information security or
storage security, storage operation, or who are responsible for an organization’s overall security program
and security policy development. It is also relevant to anyone involved in the planning,
design, and implementation of the architectural aspects of storage network security.
This International Standard provides an ov...