Dec '24 • 📚 Study Material
Due Diligence & Due Care
Due Diligence
- Definition: The ongoing effort to systematically identify, evaluate, and mitigate risks while ensuring compliance with legal, regulatory, and ethical standards.
- Focus: Proactive and preventative measures.
Key Activities examples:
- Establishing and maintaining security policies and procedures.
- Conducting regular risk assessments.
- Ensuring vendor compliance and monitoring supply chain Risk Training employees on security and compliance requirements.
- Performing audits and reviews to identify vulnerabilities and inefficiencies.
Due diligence demonstrates that the organization has taken "proactive steps" to protect its assets and meet obligations. It’s about creating a strong security posture before issues arise.
Due Care
- Definition: Taking the right actions in response to specific situations to protect the organization and its stakeholders.
- Focus: "Reactive measures and responses".
Key Activities Examples:
- Applying security patches promptly when vulnerabilities are discovered. Responding to incidents with appropriate measures.
- Following the organization’s policies and procedures during a crisis. Making decisions that reflect responsibility and caution to avoid negligence.
Due care emphasizes responsible actions taken during or after a situation to minimize harm or risk.
Relationship Between Due Diligence and Due Care
Summary
- Due diligence is Proactive and preventative measures establishing and maintaining a foundation of good practices, policies, and controls.
- Due care is Reactive measures and responses applying those practices responsibly in day-to-day operations and specific incidents.
1
4 comments
Due Diligence & Due Care
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+17
3
+14
4
+14
5
+11
Powered by