Certified Chief Information Security Officer (CCISO) — Question 145

From an information security perspective, information that no longer supports the main purpose of the business should be:

Answer options

• A. protected under the information classification policy
• B. analyzed under the data ownership policy
• C. assessed by a business impact analysis.
• D. analyzed under the retention policy.

Correct answer: D

Explanation

The correct answer is D because the retention policy specifically addresses how long data should be kept and when it can be disposed of. Options A, B, and C do not pertain directly to managing the lifecycle of information that is no longer needed, making them less relevant in this context.