1 hour 4 minutes
in this lesson, we'll talk about data retention policy as it relates to enterprise security case management,
potential risks associated with data retention as well as storage requirements related to data retention.
How long does case data and evidence need to be retained
in terms of risk case data and evidence should be retained for as short a period as possible. However, some regulatory and legal requirements determined how long data must be retained in certain cases,
potentially one of the most significant risks in enterprise security case management is dead of attention,
or how, where and when to store case data and evidence.
It's in the best interests of any security team to have in place a policy which is communicated to all stakeholders, which details where data will be stored and when it will be deleted.
The longer case data and evidence are stored, the greater the level of risk assumed by the security team
if case data are stored for long periods of time. This Kenly two issues with the principle of Lee's privilege and violation off the CIA triad.
If an attacker gains unauthorised access to the system where the data are stored, they can only access. Whatever data has not yet been wiped in accordance with company policy.
Therefore, it makes sense to only keep data as long as required and no longer.
For example, if the data retention policy states that case data will be kept for 30 days after a case has been finalized and no longer the 30 days subsequently elapse, the data are wiped and then the attacker gains access.
They will be unable to perpetrate data exfiltration or cause data loss, at least of the data, which was the target off their attack.
Another issue with data retention is that storing case data and evidence can and often does take up significant amounts of storage space.
This level of data storage quickly becomes unwieldy,
especially when backups of taking into consideration.
Therefore, it is best to attempt to keep data retention to a minimum,
as there are various ways in which retaining data can very quickly become onerous and unjustifiably expensive.
One last thing to consider when it comes to data retention are the legal and regulatory requirements to which you may be subject.
Different jurisdictions will have different rules and requirements when it comes to the retention of data
especially when the data relate to a manner which may go before a court.
Keep this in mind when creating your data retention policy and consult a lawyer well, law enforcement official went in doubt.
Why is it best to keep data retention periods as short as possible or necessary
by maintaining shorter retention periods? That is less risk to the organization of data loss or leakage.
However, be sure to accurately determine when case data and evidence are coordinated before securely wiping.
In this lesson, we covered data retention policy as it relates to enterprise security case management,
the potential risks associated with data retention
and the storage requirements related to data retention.
Enterprise Security Case Management
In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.