As a best practice, how long should an organization retain log data for the purpose of incidence response? I haven't been able to find any legal requirements. Is six months long enough? Are there are any industry guidelines we should use?