Introduction
Security is a condition that exists only when an organization or industry has managed down the severity of its risks at a point in time (SNIA, 2016). The focus of this paper is to offer effective guidance on the importance of using ISO-IEC 27040 in assuring state of the art security for storage assets in industries.
Types of Risks
Risks are managed by applying mitigations. As more remedies are applied to risk factors, the risk's severity will decrease making that risk harmless. The tolerance for risks in organizations varies in severity. There are a number of risk types i.e. adversarial risk and impersonal risk (Park et al., 2011). The latter usually tend to have mature risk and are thus better understood.
Management of Risks With ISO/IEC 27040
Through ISO there has been a lot of thought put behind classifying risks and forming the best approaches to nullify their impacts. Vulnerabilities and exploits in systems like software defects usually create great avenues for threats (Clark & Isherwood, 2004). When exploited, these weaknesses result in events like possible breaches into the organization's information flow though attack vector. or the path through which an attacker gains access to a system
ISO/IEC 27040 offers are a number of related classes of threats that affect storage and its supporting infrastructure. These include attacks from Denial of Service (DoS) and Distributed Denial of Service (DDoS), accidental loss or theft of an organization's media, the introduction of malware into systems and improper sanitization after the end of the use of systems (Clark & Isherwood, 2004). There is a myriad of solutions recommended by ISO/IEC 27040 among them users having unique identifiers such as Administrator for users who are to perform administrative tasks (SNIA, 2016). In a bid to protect the management interfaces that are physical in nature, ISO/IEC 27040 recommends steps like disabling and disconnecting serial management ports when they are not in use and segregating LAN interfaces that are used for management traffic from the ones used for other LAN traffic.
Conclusion
To conclude, the need to protect assets is among every organization's priority. With a world moving towards a digital era, the pool of risk that was present to organizations and industries have doubled. With tools presented from projects such as ISO, a way can be found to ensure an organization's assets remain safe and free of contamination from the outside world.
References
Clark, W., & Isherwood, W. (2004). Distributed generation: remote power systems with advanced storage technologies. Energy Policy, 32(14), 1573-1589.
Park, K. S., Park, Y. P., & Park, N. C. (2011). Prospect of recording technologies for higher storage performance. IEEE Transactions on magnetics, 47(3), 539-545.
SNIA. (2016). Storage Security: An overview as applied to storage management [Ebook] (1st ed., pp. 2-28). Retrieved 8 May 2020, from https://www.snia-j.org/cmm/images/wh/e-overview.pdf.
Cite this page
Achieving Optimal Security: Using ISO-IEC 27040 in Industries - Essay Sample. (2023, Jul 19). Retrieved from https://proessays.net/essays/achieving-optimal-security-using-iso-iec-27040-in-industries-essay-sample
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Competitor Service Area Analysis
- UPS's Information Systems Essay Example
- Elements of an Organizational Model of Health Care Performance, Quality Assessment, and Management
- Do Competitive Environments Lead to the Rise and Spread of Unethical Behavior? Parallels From Enron
- Healthcare Leadership in Terms of Quality and Safety Activities Essay Example
- Marketing Program Launch in China: Critical Whitening Strategy - Essay Sample
- Starbucks: Brand Positioning - Report Sample