当前位置:首页 > 报告详情

存储安全年度回顾.pdf

上传人: a****d 编号:184989 2024-10-07 12页 713.25KB

1、1|2024 SNIA.All Rights Reserved.Storage Security Year in ReviewEric Hibbard,CISSP,FIP,CISASamsung Semiconductor,Inc.2|2024 SNIA.All Rights Reserved.Threat SummaryRansomware with data exfiltration(hybrid attacks)Supply chain attacks(service providers)Cyber attacks Critical infrastructure(nation state

2、 actors)Healthcare Banking&finance or government(organized crime)Data breaches(new malware,vulnerabilities,etc.)AI is emerging as a new tool for attackers3|2024 SNIA.All Rights Reserved.Standards and Industry Players4|2024 SNIA.All Rights Reserved.ISO/IEC 27040:2024-01(Storage security)Comprehensive

3、 coverage of storage security Includes both requirements and guidance(includes auditor checklists)Covers organizational,people,physical,and technological controls Defers to IEEE Std 2883 for media-specific sanitization(old Annex A removed);verification and cryptographic erase clarified Many new cont

4、rols(e.g.,IPMI,NVMe-oF,storage systems security,data archives and repositories,and cyber-attack recoveries)ISO/IEC 27002:2022 references to ISO/IEC 27040 for backup security and media sanitization,resulting in increased visibility of storage security5|2024 SNIA.All Rights Reserved.IEEE Security in S

5、torage(SISWG)Building upon IEEE 2883-2022(Storage Sanitization)Draft P2883.1 Recommended Practice for Use of Storage Sanitization Methods Draft P2883.2 Recommended Practice for Virtualized and Cloud Storage Sanitization Draft P3406 Standard for a Purge and Destruct Sanitization Framework P1667 Stand

6、ard for Discovery,Authentication,and Authorization in Host Attachments of Storage Devices(Revision)Revision of IEEE 1619(XTS-AES)Draft P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices Working with NIST for a future update of NIST SP 800-38E6|2024 SNIA.All Rights

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文为存储安全领域的年度回顾,由Eric Hibbard撰写,讨论了过去一年中存储安全的威胁概览和标准发展情况。威胁总结包括:混合勒索软件攻击、供应链攻击、网络攻击、关键基础设施攻击、医疗保健、银行业务及政府机构攻击、数据泄露以及AI作为攻击工具的兴起。 在标准发展方面,ISO/IEC 27040:2024-01提供了存储安全的全面覆盖,包含要求和指导,并覆盖了组织、人员、物理和技术的控制。IEEE在存储安全方面也做出了贡献,包括IEEE 2883的更新和P1667标准的修订。TCG工作组发布了关于存储安全的一些重要文档和规范,如TCG Key Per I/O和TCG Opal SSC。OCP发布了关于数据中心NVMe SSD的安全要求更新,而SNIA发布了关于存储加密和密钥管理的技术论文。 总结来看,文章强调了存储安全的威胁不断演变,安全要求增加,以及各种组织和机构在提升存储安全标准方面所做的努力。
哪些新型攻击手段值得关注?" 如何为组织提供全面的安全保障?" 未来存储安全将如何应对量子计算威胁?"
客服
商务合作
小程序
服务号
折叠