CERTIFIED-IN-CYBERSECURITY · Question #487
CERTIFIED-IN-CYBERSECURITY Question #487: Real Exam Question with Answer & Explanation
The correct answer is B: To specify how long information and assets should be retained. A data retention policy is a set of guidelines that helps organizations manage their data and determine how long certain types of data should be kept. For example, a company might have a policy of retaining financial records for seven years to comply with tax laws, while retainin
Question
What best describes the PRIMARY objective of a data retention policy?
Options
- ATo preserve data indefinitely
- BTo specify how long information and assets should be retained
- CTo ensure that data is retained for at least five years
- DTo delineate areas outside the scope of time-based data management
Explanation
A data retention policy is a set of guidelines that helps organizations manage their data and determine how long certain types of data should be kept. For example, a company might have a policy of retaining financial records for seven years to comply with tax laws, while retaining employee e-mails for only two years to manage storage space and ensure privacy (see ISC2 Study Guide, Chapter 5, Module 1). The other options do not accurately describe the primary objective of a data retention policy. Retaining data indefinitely is not feasible or practical due to storage limitations and potential violations of privacy laws. Ensuring that data is retained for at least five years is too specific and does not apply to all types of data or all organizations. Data retention periods can vary widely depending on the type of data and the relevant legal and business requirements. Finally, delineating areas outside the scope of time-based data management is not the primary goal of a data retention policy.
Topics
Community Discussion
No community discussion yet for this question.