This International Standard provides detailed technical guidance on how organizations can implement appropriate risk mitigation by applying a proven and consistent approach to planning, designing, documenting and implementing data storage security. Storage security refers, on the one hand, to the protection (security) of information at its storage location and to the security of the information when transmitted via the communication interfaces in connection with storage. Storage security concerns the security of devices and media, the security of management activities related to those devices and media, the security of applications and services, and the security for the end user during the life of those devices and media and after their useful life. Storage security is important to anyone who owns, operates, or uses data storage devices, disks, and storage networks. In addition to executives and administrators who have specific responsibilities for information security, storage security, or storage operations, or who are responsible for developing an organization's overall security program and security policy, this does not include senior executives, purchasers of storage products and services, and others technical managers or users. It is also important to anyone involved in the planning, design, and implementation of architectural aspects of storage network security. This International Standard provides an overview of storage security concepts and their associated definitions. It provides guidance on the threat, design and control aspects associated with typical storage scenarios and areas of storage technologies. It also refers to other International Standards and Technical Reports that address existing practices and techniques that can be applied for storage security purposes.