Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    Due Care & Diligence Concepts

    Uploaded by

    alok
    Due care refers to taking immediate action to correct a problem or implement controls, while due diligence involves a longer-term investigation into the root cause of an issue and ensuring the right processes are in place. Examples provided show that due care involves directly applying policies, patches, and other controls, whereas due diligence encompasses creating and verifying the framework for due care activities. Due diligence must precede due care to inform decision making.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Due Care & Diligence Concepts

    Uploaded by

    alok
    24 views2 pages
    Due care refers to taking immediate action to correct a problem or implement controls, while due diligence involves a longer-term investigation into the root cause of an issue and ensuring the right processes are in place. Examples provided show that due care involves directly applying policies, patches, and other controls, whereas due diligence encompasses creating and verifying the framework for due care activities. Due diligence must precede due care to inform decision making.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Due care refers to taking immediate action to correct a problem or implement controls, while due diligence involves a longer-term investigation into the root cause of an issue and ensuring the right processes are in place. Examples provided show that due care involves directly applying policies, patches, and other controls, whereas due diligence encompasses creating and verifying the framework for due care activities. Due diligence must precede due care to inform decision making.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    24 views2 pages

    Due Care & Diligence Concepts

    Uploaded by

    alok
    Due care refers to taking immediate action to correct a problem or implement controls, while due diligence involves a longer-term investigation into the root cause of an issue and ensuring the right processes are in place. Examples provided show that due care involves directly applying policies, patches, and other controls, whereas due diligence encompasses creating and verifying the framework for due care activities. Due diligence must precede due care to inform decision making.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Due Care & Diligence Concepts

     Due care is about correcting something immediately. The first letter of the two words
    even help to remember this, DC = do correct.
     Due diligence takes longer than just fixing something immediately, it is more the
    investigation as to why that something had to be corrected in the first place. It is about
    detecting the reason behind either an incident, event, or breach etc. etc. The first two
    letters help to remember this, DD, do detect.
     Due care is a way to implement something right away in order to perform mitigation
    procedures.
     Due diligence is making sure the right thing was done correctly, and if it is necessary to
    do it again or if further research is required.
     Due care is doing the right thing, the prudent man rule.
     Due diligence is making sure the steps to do the right thing are correct and within risk
    parameters, the experienced man rule.
     In order to perform due care, the organization must first perform due diligence. Due
    diligence comes before due care and is a management process used to gather facts before
    making a decision.
     The implementation of controls is due care, and verification of those controls being
    implemented is due diligence.
     Due diligence is knowing and due care is doing.
     Due care is an action which should most likely be taken, due diligence can be an action
    that may not be necessary but is the best thing to do for long-term goals.
     The word "care" is a shorter word than "diligence", so due care is the short-term action,
    and due diligence is the long-term action.
     Due care (bottom to top) starts from the bottom of security governance like security
    operations, and due diligence starts from the top (top to bottom) like senior management
    Real-World Examples
     Using a condom is due care, taking the steps to decide whether to use the condom is due
    diligence.
     Issuing policies, standards, baselines, and procedures are part of due diligence. Applying
    these types of documents is due care.
     Installing patches to mitigate the latest CVE is due care, understanding the reason for the
    CVE and making sure it has been fully understood is due diligence.
     Performing an annual security audit is due diligence, but taking the corrective action
    from the results of an audit is due care.
     Monitoring the network for malicious activity is due care, while implementing a policy
    from senior management for such activity is due diligence.
     Due care is making sure you provide security training and practice sound security
    practices at your company. Examples of which include putting up posters that say you
    must lock your computer, or making sure employees know where to find documents for
    proper security procedures, or locking your drawers. Due diligence is setting up the
    proper framework, like ISO 27001 and having audits to make sure all those little steps
    you're making sure to do in due care, is done properly. Due diligence is the broader form
    of due care.
     Due care is bringing back online a web server which went down in the middle of
    business hours. Due diligence is finding out why the web server went down and making
    sure controls are put into place to make sure it doesn't happen again in the same manner.
     An outdated BYOD policy is a violation of due diligence, encrypting devices which
    belong to the employee holding company information is due care.
     Conducting a penetration test is due diligence, and implementing the controls to mitigate
    the risks found as a result is due care.
     Research of the network security infrastructure of your organization is due diligence,
    while installing and configuring firewalls, routers, servers, switches, and access points is
    due care.
     When engaging with third-party vendors or suppliers, researching and understanding
    legal responsibilities, formulation of integrating two environments, conducting SLA
    negotiations, or ensuring a transition of power, is due diligence. Executing the
    engagement with the third-party vendor or supplier is due care.
     Installing anti-virus software before deploying a device is due care, ensuring anti-virus
    software is up-to-date and monitoring in real-time is due diligence.
     Configuring an IPSec VPN, access-control list, network address translation policies on a
    firewall is due care. A proper change management process to track and account for those
    changes is due diligence.
     Putting up sandbags in preparation for a hurricane is due care. Tracking the weather and
    seeing the trajectory of a hurricane would be due diligence.
     Visiting a doctor when you're sick and taking medication is due care. Maintaining a
    healthy eating habit and a proper exercise regimen is due diligence.

    You might also like