While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:

While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:

• All sensitive data must be classified

• All sensitive data must be purged on a quarterly basis

• Certificates of disposal must remain on file for at least three years This framework control is MOST likely classified as:
A . prescriptive
B . risk-based
C . preventive
D . corrective

View Answer

Answer: A