Preparing for a Storage Security Audit

Author(s)/Presenter(s):
Library Content Type:
Publish Date: 
Monday, April 16, 2007
Event Name: 
Focus Areas:
Abstract: 

The thought of 'being audited' often evokes fear. Actions taken on storedinformation, storage infrastructure security and the practices of storageprofessionals are all subject to internal and external audit. Recently, thespecialized nature of IS auditing has extended to include the storageinfrastructure, however, auditors with specialized storage skills andknowledge are a limited resource. Auditors are required to be technicallycompetent in the storage area while being aware of the many standards andlegal requirements, in addition to security guidelines. That makes them agreat asset to our work! As a result, a storage security auditor can providegreat benefit to the storage professional and their organization. Storageprofessionals maintain information security policies within and around thestorage infrastructure; some establish policies and practices,independently, or in concert with others. When we set a security or storagepolicy, we do so based on our understanding of the requirements, ourpersonal experience and budget constraints. However, is our due diligenceenough? This is where the auditor can provide external validation andrecommendations (authentication, control, encryption, etc.) in midst oftheir role as professional skeptic and risk manager. In this session, wepresent a client case scenario, review the Storage Security Audit Processand then follow the process in a case study. Our goal: to prepare you for astorage security audit. In addition, we believe that you will have adifferent perspective on the security of storage infrastructures that youdesign today.

Learning Objectives

Describe the Storage Security Audit Process
Secure Information Assets in the Storage Systems
Apply storage security and governance best practices