CISM Certified Information Security Manager – Question1164
Of the following, retention of business records should be PRIMARILY based on: A. periodic vulnerability assessment. B. regulatory and legal requirements. C. device storage capacity and longevity. D. past litigation.
Correct Answer: B
Explanation:
Explanation:
Retention of business records is a business requirement that must consider regulatory and legal requirements based on geographic location and industry. Options A and C are important elements for making the decision, but the primary driver is the legal and regulatory requirements that need to be followed by all companies. Record retention may take into consideration past litigation, but it should not be the primary decision factor.
Please disable your adblocker or whitelist this site!