From an information security perspective, information that no longer supports the main purpose of the business should be:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Option A is the type of analysis that will determine whether the organization is required to maintain the data for business, legal or regulatory reasons.
Keeping data that are no longer required unnecessarily consumes resources, and, in the case of sensitive personal information, can increase the risk of data compromise.
Options.
B.
C and D are attributes that should be considered in the destruction and retention policy.
A BIA could help determine that this information does not support the main objective of the business, but does not indicate the action to take.
Information that no longer supports the main purpose of the business should be analyzed under the retention policy.
A retention policy is a set of guidelines and procedures for retaining and disposing of records and information. The purpose of a retention policy is to ensure that information is retained only as long as it is needed to meet legal, regulatory, or business requirements, and that it is disposed of in a secure and appropriate manner when it is no longer needed.
In the context of information security, retaining information that is no longer necessary can increase the risk of data breaches and cyber attacks. Therefore, it is important to have a retention policy in place to ensure that information is retained only as long as it is necessary and is disposed of in a secure and appropriate manner.
The retention policy should specify the types of information that are subject to the policy, the retention periods for each type of information, and the methods for disposing of information when it is no longer needed. The policy should also include procedures for identifying and managing information that is no longer needed, such as conducting periodic reviews of stored information and disposing of information that is no longer needed or relevant to the business.
In summary, from an information security perspective, information that no longer supports the main purpose of the business should be analyzed under the retention policy to ensure that it is retained only as long as it is necessary and is disposed of in a secure and appropriate manner.