What is log retention and what factors determine retention periods?

Log retention defines how long security logs are stored before deletion. Factors include regulatory requirements, such as PCI DSS mandating one year of log retention with three months immediately accessible; legal hold obligations that require preserving logs relevant to litigation; incident investigation needs, since attackers may maintain access for months before detection; storage costs and capacity constraints; and organizational security policies. Most security frameworks recommend retaining logs for at least one year. ---