Data Retention

00:00

in this lesson, we'll talk about data retention policy as it relates to enterprise security case management,

00:05

potential risks associated with data retention as well as storage requirements related to data retention.

00:12

How long does case data and evidence need to be retained

00:18

in terms of risk case data and evidence should be retained for as short a period as possible. However, some regulatory and legal requirements determined how long data must be retained in certain cases,

00:30

potentially one of the most significant risks in enterprise security case management is dead of attention,

00:36

or how, where and when to store case data and evidence.

00:42

It's in the best interests of any security team to have in place a policy which is communicated to all stakeholders, which details where data will be stored and when it will be deleted.

00:52

The longer case data and evidence are stored, the greater the level of risk assumed by the security team

00:58

if case data are stored for long periods of time. This Kenly two issues with the principle of Lee's privilege and violation off the CIA triad.

01:07

If an attacker gains unauthorised access to the system where the data are stored, they can only access. Whatever data has not yet been wiped in accordance with company policy.

01:15

Therefore, it makes sense to only keep data as long as required and no longer.

01:21

For example, if the data retention policy states that case data will be kept for 30 days after a case has been finalized and no longer the 30 days subsequently elapse, the data are wiped and then the attacker gains access.

01:36

They will be unable to perpetrate data exfiltration or cause data loss, at least of the data, which was the target off their attack.

01:42

Another issue with data retention is that storing case data and evidence can and often does take up significant amounts of storage space.

01:52

This level of data storage quickly becomes unwieldy,

01:56

especially when backups of taking into consideration.

01:59

Therefore, it is best to attempt to keep data retention to a minimum,

02:01

as there are various ways in which retaining data can very quickly become onerous and unjustifiably expensive.

02:08

One last thing to consider when it comes to data retention are the legal and regulatory requirements to which you may be subject.

02:15

Different jurisdictions will have different rules and requirements when it comes to the retention of data

02:20

especially when the data relate to a manner which may go before a court.

02:23

Keep this in mind when creating your data retention policy and consult a lawyer well, law enforcement official went in doubt.

02:30

Why is it best to keep data retention periods as short as possible or necessary

02:38

by maintaining shorter retention periods? That is less risk to the organization of data loss or leakage.

02:44

However, be sure to accurately determine when case data and evidence are coordinated before securely wiping.

02:51

In this lesson, we covered data retention policy as it relates to enterprise security case management,

02:57

the potential risks associated with data retention