BS EN ISO/IEC 27040:2016提供了有关组织如何定义的详细技术指导 通过采用经过充分验证且一致的方法来降低风险，从而达到适当的风险缓解水平 数据存储安全的规划、设计、记录和实施。存储安全适用 对存储信息的保护（安全）和信息的安全 通过与存储相关的通信链路传输。存储安全包括 设备和媒体的安全，与设备和媒体相关的管理活动的安全 媒体、应用程序和服务的安全性，以及在生命周期内与最终用户相关的安全性 设备和媒体的使用和使用结束后。存储安全与任何参与拥有、操作或使用数据存储设备的人有关， 媒体和网络。这包括高级经理、存储产品和服务的收购人，以及 除具有特定权限的经理和管理员外，其他非技术经理或用户 负责信息安全或存储安全、存储操作或谁负责 用于组织的整体安全计划和安全策略制定。这也与 任何参与存储体系结构方面的规划、设计和实施的人员 网络安全。本国际标准概述了存储安全概念和相关定义。 它包括与典型存储场景相关的威胁、设计和控制方面的指导 以及存储技术领域。此外，它还提供了其他国际标准和标准的参考 介绍可应用于存储安全的现有做法和技术的技术报告。交叉引用:ITU-T Y.3500ISO/IEC 17788:2014ISO/IEC 27000ISO/IEC 27001:2013ISO/IEC 27005ISO指南73: 2009ISO 7498-2:1989ISO 16609:2004ISO/PAS 22399:2007ISO/IEC 10116:2006ISO/TR 10255:2009ISO/TR 18492:2005ISO 16175-1:2010ISO 16175-2:2011ISO 16175-3:2010ISO/IEC 11770ISO/IEC 17826:2012ISO/IEC 19790:2006ISO/IEC 24759:2008ISO/IEC 24775ISO/IEC 27003:2010ISO/IEC 27031:2011ISO/IEC 27033-2ISO/IEC 27033-2013ISO/IEC 2707ISO/IEEE2017ISO:2017ISO/IEEE2007:2007:20071619.2:2010IETF RFC 1813IETF RFC 3195IETF RFC 3530IETF RFC 3720IETF RFC 3723IETF RFC 3821IETF RFC 4303IETF RFC 4595IETF RFC 5246IETF RFC 5424IETF RFC 5425IETF RFC 5426IETF RFC 5663IETF RFC 5848IETF RFC 6012IETF RFC 607171IETF RFC 6587IETF RFC 7146ANSI INCITS 400:2004ANSI INCITS 458:2011ANSIS 461:201462:ANSI 201470 INCITSINCITS 482:2012 NSI INCITS 496:2012 NSI INCITS 512:2013列表FIPS 140-2列表FIPS 197NIST 800-38ANIST 800-38CNIST 800-38DNIST 800-38DNIST 800-38DNIST 800-38ENIST 800-38ENIST 800-38ENIST 800- 57NIST 800-67NIST 800-88ITU-T X.1601:2013ISO/IEC 27002:2013ISO/IEC 14776-372:2011ISO/IEC 11179-1:2004包含以下内容:勘误表，2016年9月

BS EN ISO/IEC 27040:2016 provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection (security) of information where it is stored and to the security of the information being transferred across the communication links associated with storage. Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users during the lifetime of devices and media and after end of use.Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security.This International Standard provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.Cross References:ITU-T Y.3500ISO/IEC 17788:2014ISO/IEC 27000ISO/IEC 27001:2013ISO/IEC 27005ISO Guide 73:2009ISO 7498-2:1989ISO 16609:2004ISO/PAS 22399:2007ISO/IEC 10116:2006ISO/TR 10255:2009ISO/TR 18492:2005ISO 16175-1:2010ISO 16175-2:2011ISO 16175-3:2010ISO/IEC 11770ISO/IEC 17826:2012ISO/IEC 19790:2006ISO/IEC 24759:2008ISO/IEC 24775ISO/IEC 27003:2010ISO/IEC 27031:2011ISO/IEC 27033-1:2009ISO/IEC 27033-2ISO/IEC 27033-3:2010ISO/IEC 27037:2012ISO/IEC/IEEE 24765:2010IEEE 1619:2007IEEE 1619.1:2007IEEE 1619.2:2010IETF RFC 1813IETF RFC 3195IETF RFC 3530IETF RFC 3720IETF RFC 3723IETF RFC 3821IETF RFC 4303IETF RFC 4595IETF RFC 5246IETF RFC 5424IETF RFC 5425IETF RFC 5426IETF RFC 5427IETF RFC 5661IETF RFC 5663IETF RFC 5848IETF RFC 6012IETF RFC 6071IETF RFC 6587IETF RFC 7146ANSI INCITS 400:2004ANSI INCITS 458:2011ANSI INCITS 461:2010ANSI INCITS 462:2010ANSI INCITS 463:2010ANSI INCITS 470:2011ANSI INCITS 482:2012ANSI INCITS 496:2012ANSI INCITS 512:2013NIST FIPS 140-2NIST FIPS 197NIST 800-38ANIST 800-38CNIST 800-38DNIST 800-38ENIST 800-57NIST 800-67NIST 800-88ITU-T X. 1601:2013ISO/IEC 27002:2013ISO/IEC 14776-372:2011ISO/IEC 11179-1:2004Incorporates the following:Corrigendum, September 2016