While preparing for an audit of information security controls in the environment, an analyst outlines a framework contro
Posted: Sat Jul 23, 2022 7:39 pm
While preparing for an audit of information security controls in the environment, an analyst outlines a framework control that has the following requirements:
✑ All sensitive data must be classified.
✑ All sensitive data must be purged on a quarterly basis.
✑ Certificates of disposal must remain on file for at least three years.
This framework control is MOST likely classified as:
A. prescriptive
B. risk-based
C. preventive
D. corrective
✑ All sensitive data must be classified.
✑ All sensitive data must be purged on a quarterly basis.
✑ Certificates of disposal must remain on file for at least three years.
This framework control is MOST likely classified as:
A. prescriptive
B. risk-based
C. preventive
D. corrective