Which aspect of security is addressed by ISO/IEC 27040?

ISO/IEC 27040 specifically addresses storage security, which is crucial for ensuring the confidentiality, integrity, and availability of data stored within an organization's information systems. This international standard provides guidelines for establishing a storage security framework and covers aspects such as data protection, secure storage methods, and the management of storage devices.

The focus on storage security encompasses the protection against unauthorized access, data breaches, and the secure handling of storage media, making it particularly relevant in today’s data-driven environment where sensitive information is often stored on various types of media. Organizations can follow the recommendations outlined in this standard to enhance their storage security posture and effectively manage risks associated with data storage.

In contrast, application security, network security, and wireless security, while also critical components of an overall security strategy, fall outside the specific purview of ISO/IEC 27040, as they address different layers and types of security measures pertaining to applications, communication networks, and wireless infrastructure, respectively.