HP StorageWorks 4000/6000/8000 .HP StorageWorks SAN Design Reference Guide, Pa - Page 402
Storage security compliance, Security technologies, Description, Attack class
View all HP StorageWorks 4000/6000/8000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 402 highlights
Attack class Close-in Description Attacks by an unauthorized user who is in close physical proximity to networks, systems, or facilities. The user may attempt to gather or modify information, or deny authorized users access to information. Insider Unauthorized attacks by an authorized user can be malicious or nonmalicious. Malicious attackers can: • Eavesdrop • Steal or damage data • Use data for fraudulent purposes • Deny authorized users access Nonmalicious attacks can result from: • Carelessness • Lack of knowledge • Circumventing security for nonmalicious purposes to perform tasks Distribution Attacks due to modifications to hardware or software made at the factory or during distribution. Distribution attacks can insert malicious code in a product, which can allow future unauthorized access to the system. Storage security compliance Compliance ensures that a storage system meets specific criteria established by law or regulation. Retention of electronic records is mandated by statutory and regulatory law. Data security regulations are enacted by international governments and U.S. federal and state governments. All storage systems must comply with local regulations. Table 194 lists some of the U.S. and international security regulations. Table 194 U.S. and international security regulations U.S. federal and state regulations International regulations • Sarbanes-Oxley (SOX) Act of 2002 • Gramm-Leach-Bliley Act (GLBA) of 1999 • Securities and Exchange Commission Act (SEC) rules 17a-3 and 17a-4 • Department of Energy (DOE) 10 CFR 600.153 Retention and access requirements for records • California Data Security Act (SB 1386/AB 1950) • New York Regulation 173 Standards for nl safeguarding customer information • European Union Data Protection Directive of 1995 • Canada: Personal Information Protection and nl Electronic Documents Act (PIPEDA) • Australia: Privacy Act 1988 • Japan: Personal Information Protection Act • UK: Data Protection Act 1998 • New Zealand: Privacy Act 1993 Security technologies This section describes security technologies for IP SAN, Fibre Channel SAN, and encryption. 402 Storage security