CISA Certified Information Systems Auditor – Question2742

A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:

A.
recovery.
B. retention.
C. rebuilding.
D. reuse.

Correct Answer: B

Explanation:

Explanation:
Besides being a good practice, laws and regulations may require that an organization keep information that has an impact on the financial statements. The prevalence of lawsuits in which e- mail communication is held in the same regard as the official form of classic ‘paper* makes the retention of corporate e-mail a necessity. All e-mail generated on an organization’s hardware is the property of the organization, and an e-mail policy should address the retention of messages, considering both known and unforeseen litigation. The policy should also address the destruction of e-mails after a specified time to protect the nature and confidentiality of the messages themselves. Addressing the retention issue in the e-mail policy would facilitate recovery, rebuilding and reuse.