Achieving Optimal Security: Using ISO-IEC 27040 in Industries - Essay Sample

Introduction

Security is a condition that exists only when an organization or industry has managed down the severity of its risks at a point in time (SNIA, 2016). The focus of this paper is to offer effective guidance on the importance of using ISO-IEC 27040 in assuring state of the art security for storage assets in industries.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Types of Risks

Risks are managed by applying mitigations. As more remedies are applied to risk factors, the risk's severity will decrease making that risk harmless. The tolerance for risks in organizations varies in severity. There are a number of risk types i.e. adversarial risk and impersonal risk (Park et al., 2011). The latter usually tend to have mature risk and are thus better understood.

Management of Risks With ISO/IEC 27040

Through ISO there has been a lot of thought put behind classifying risks and forming the best approaches to nullify their impacts. Vulnerabilities and exploits in systems like software defects usually create great avenues for threats (Clark & Isherwood, 2004). When exploited, these weaknesses result in events like possible breaches into the organization's information flow though attack vector. or the path through which an attacker gains access to a system

ISO/IEC 27040 offers are a number of related classes of threats that affect storage and its supporting infrastructure. These include attacks from Denial of Service (DoS) and Distributed Denial of Service (DDoS), accidental loss or theft of an organization's media, the introduction of malware into systems and improper sanitization after the end of the use of systems (Clark & Isherwood, 2004). There is a myriad of solutions recommended by ISO/IEC 27040 among them users having unique identifiers such as Administrator for users who are to perform administrative tasks (SNIA, 2016). In a bid to protect the management interfaces that are physical in nature, ISO/IEC 27040 recommends steps like disabling and disconnecting serial management ports when they are not in use and segregating LAN interfaces that are used for management traffic from the ones used for other LAN traffic.

Conclusion

To conclude, the need to protect assets is among every organization's priority. With a world moving towards a digital era, the pool of risk that was present to organizations and industries have doubled. With tools presented from projects such as ISO, a way can be found to ensure an organization's assets remain safe and free of contamination from the outside world.

References

Clark, W., & Isherwood, W. (2004). Distributed generation: remote power systems with advanced storage technologies. Energy Policy, 32(14), 1573-1589.

Park, K. S., Park, Y. P., & Park, N. C. (2011). Prospect of recording technologies for higher storage performance. IEEE Transactions on magnetics, 47(3), 539-545.

SNIA. (2016). Storage Security: An overview as applied to storage management [Ebook] (1st ed., pp. 2-28). Retrieved 8 May 2020, from https://www.snia-j.org/cmm/images/wh/e-overview.pdf.