**”ISO/IEC 27040:2024 – Protecting the Future of Data: The New Frontier of Security in Storage”**

Dicembre 10, 2024 E-MAGAZINE ENG, News ENG
**"ISO/IEC 27040:2024 - Proteggere il Futuro dei Dati: La Nuova Frontiera della Sicurezza nell'Archiviazione"**

# The ISO/IEC 27040:2024 Standard and Data Storage Security

Data storage is an essential part of information management in the modern context, which is increasingly characterized by cybersecurity threats and the need to protect the confidentiality, integrity, and availability of data. With the implementation of the ISO/IEC 27040:2024 standard, organizations now have a valuable tool to manage the security of storage technologies more effectively.

## Why is Storage Security Crucial?

Data is the lifeblood of any organization, and its lifecycle includes phases of creation, usage, storage, and disposal. Storage is not a secondary process; rather, it is vital that appropriate security measures are adopted during this phase. The ISO/IEC 27040:2024 standard aims to guide organizations toward the optimal use of electronic storage technologies, also considering the specific risks associated with backups and applications.

## The Risks of Data Storage

One of the main objectives of the standard is to shed light on the cybersecurity risks related to storage. These include the confidentiality of information, the integrity of data, and the availability of storage systems. The proposed controls aim to prevent data breaches and ensure that data is always accessible and protected from malicious attacks or accidental destruction.

### Common Risks Identified

– **Data Breaches**: Unauthorized access can compromise the confidentiality of information.
– **Data Corruption or Destruction**: Internal factors or external events can damage data, reducing the reliability of systems.
– **Loss of Access to Data**: Unexpected situations may render archived data inaccessible.
– **Regulatory Non-Compliance**: Failure to adhere to legal or regulatory requirements can lead to severe penalties.

## Security Controls Recommended by the Standard

The ISO/IEC 27040:2024 does not just list the risks but also provides a series of practical recommendations to mitigate those risks. Approximately 30% of the recommendations are classified as “requirements,” while the remaining 70% fall into the category of “guidelines.”

Here are some examples of proposed controls:

– **Data Encryption at Rest**: Encryption helps protect stored data, minimizing the impact in case of unauthorized access.
– **Authentication and Authorization**: A robust authentication system must be implemented to ensure that only authorized personnel can access the data.
– **Change Detection Mechanisms**: Techniques such as hashing and checksums can identify unauthorized changes to stored data.
– **Physical Access Control**: Physical measures must be adopted to protect storage devices from unauthorized access.
– **Secure Data Deletion**: Specific procedures must be implemented to ensure that data no longer needed is securely deleted, preventing unauthorized recovery.

## Structure of the Standard

The ISO/IEC 27040:2024 follows a clear and detailed structure. The second chapter introduces technical definitions, including terms such as “sanitization,” “availability,” and “encryption,” which help standardize the language within organizations adopting this standard.

The document provides an introductory overview of storage, then focuses on risk analysis and includes 220 distinct recommendations for storage security. The clear distinction between requirements and guidelines enables organizations to understand what is mandatory and what can be considered best practice.

## Integration of the Standard into Management Systems

To…

Share Button