ISACA applauds move to common disk encryption standard

Rolling Meadows, IL, USA, Febraury 2009 — ISACA, has applauded moves by the data storage industry to develop a common encryption standard for use on hard drives.

According to Vernon Poole, CISM Head of Business Consultancy for Sapphire and Member of ISACA’s Information Security Management Committee, the development of the standard by the Trusted ComputingGroup - whose membership includes Fujitsu, Hitachi, IBM, Samsung,Seagate, Toshiba and Western - centres around three non-proprietary specifications.

"The Opal Security Subsystem Class Specification is designed for PC clients, the Enterprise Security Subsystem Class Specification is for datacentre storage, while the Storage Interface Interactions Specification focuses on the interactions between these storage devices and underlying SCSI/ATA protocols," he said.

"These three specifications come together to form a security framework that the data storage industry can use on their drives, and so allow notebook, as well as desktop, PC users to encrypt their data on-the- fly as it is written to the drive," he added.

As data is required, he went on to say, it can be decrypted directly into the computer's memory, so lessening the risk that the data will fall into the wrong hands.

"The fact that the industry has developed these specifications under the auspices of the Trusted Computing Group, is extremely positive for all aspects of the IT security industry, since it will allow companies to upgrade their computers and have a baseline on which to build an enforceable set of IT security policies," he said.

"Research from the Privacy Rights Clearinghouse ( shows that, in recent years, more than 252 million records containing sensitive data have been compromised due to security breaches in the US alone. The use of encrypted hard drives would have greatly reduced this figure," he added.

For more on the Opal Security standard:

For more on ISACA:

With more than 86,000 constituents in more than 160 countries, ISACA ( is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.

Neil Stinchcombe,
Eskenzi PR