CISM Certified Information Security Manager – Question0067 - CISM Certified Information Security Manager

The PRIMARY concern of an information security manager documenting a formal data retention policy would be:

A. generally accepted industry best practices.
B. business requirements.
C. legislative and regulatory requirements.
D. storage availability.

Correct Answer: B

Explanation:

Explanation:
The primary concern will be to comply with legislation and regulation but only if this is a genuine business requirement. Best practices may be a useful guide but not a primary concern. Legislative and regulatory requirements are only relevant if compliance is a business need. Storage is irrelevant since whatever is needed must be provided