Storage Security Data Protection Technical White Paper

Library Content Type:
Publish Date: 
Thursday, March 1, 2018
Focus Areas:

The SNIA Storage Security TWG released the Storage Security: Data Protection white paper to privide an overview of data protection and the associated guidance for the ISO/IEC 27040:2015 (Information technology - Security techniques - Storage security), which is a standard that provides detailed technical guidance on controls and methods for securing storage systems and ecosystems. Data protection is an essential element of storage security that can be nuanced, depending on industry requirements (e.g., storage, security, and privacy). This can be seen in the ISO/IEC 27040 (Storage security) standard, which while not directly addressing data protection, does identify relevant security controls. To raise awareness of data protection, this whitepaper highlights the relevant data protection guidance from ISO/IEC 27040 and then builds upon it, covering topics such as data classification, retention and preservation, data authenticity, and data disposition. As part of this expanded material, SNIA provides guidance and considerations that augment the existing storage security standard.