Due Care vs Due Diligence (2024)

Table of Contents
FOUR OF THE BEST THINGS YOU CAN BUY TO PASS THE CISSP EXAM Due Care & Diligence Concepts Real-World Examples FAQs

FOUR OF THE BEST THINGS YOU CAN BUY TO PASS THE CISSP EXAM

Due Care vs Due Diligence (1)
Due Care vs Due Diligence (2)
Due Care vs Due Diligence (4)
Due Care vs Due Diligence (5)

One of the most common questions I get is:

"Luke, can you please explain the difference between due care and diligence with real-world examples?"

Yes, please see below.

Due Care & Diligence Concepts

  • Due care is about correcting something immediately. The first letter of the two words even help to remember this, DC = do correct.

  • Due diligence takes longer than just fixing something immediately, it is more the investigation as to why that something had to be corrected in the first place. It is about detecting the reason behind either an incident, event, or breach etc. etc. The first two letters help to remember this, DD, do detect.

  • Due care is a way to implement something right away in order to perform mitigation procedures.

  • Due diligence is making sure the right thing was done correctly, and if it is necessary to do it again or if further research is required.

  • Due care is doing the right thing, the prudent man rule.

  • Due diligence is making sure the steps to do the right thing are correct and within risk parameters, the experienced man rule.

  • In order to perform due care, the organization must first perform due diligence. Due diligence comes before due care and is a management process used to gather facts before making a decision.

  • The implementation of controls is due care, and verification of those controls being implemented is due diligence.

  • Due diligence is knowing and due care is doing.

  • Due care is an action which should most likely be taken, due diligence can be an action that may not be necessary but is the best thing to do for long-term goals.

  • The word "care" is a shorter word than "diligence", so due care is the short-term action, and due diligence is the long-term action.

  • Due care (bottom to top) starts from the bottom of security governance like security operations, and due diligence starts from the top (top to bottom) like senior management

Real-World Examples

  • Using a condom is due care, taking the steps to decide whether to use the condom is due diligence.

  • Issuing policies, standards, baselines, and procedures are part of due diligence. Applying these types of documents is due care.

  • Installing patches to mitigate the latest CVE is due care, understanding the reason for the CVE and making sure it has been fully understood is due diligence.

  • Performing an annual security audit is due diligence, but taking the corrective action from the results of an audit is due care.

  • Monitoring the network for malicious activity is due care, while implementing a policy from senior management for such activity is due diligence.

  • Due care is making sure you provide security training and practice sound security practices at your company. Examples of which include putting up posters that say you must lock your computer, or making sure employees know where to find documents for proper security procedures, or locking your drawers. Due diligence is setting up the proper framework, like ISO 27001 and having audits to make sure all those little steps you're making sure to do in due care, is done properly. Due diligence is the broader form of due care.

  • Due care is bringing back online a web server which went down in the middle of business hours. Due diligence is finding out why the web server went down and making sure controls are put into place to make sure it doesn't happen again in the same manner.

  • An outdated BYOD policy is a violation of due diligence, encrypting devices which belong to the employee holding company information is due care.

  • Conducting a penetration test is due diligence, and implementing the controls to mitigate the risks found as a result is due care.

  • Research of the network security infrastructure of your organization is due diligence, while installing and configuring firewalls, routers, servers, switches, and access points is due care.

  • When engaging with third-party vendors or suppliers, researching and understanding legal responsibilities, formulation of integrating two environments, conducting SLA negotiations, or ensuring a transition of power, is due diligence. Executing the engagement with the third-party vendor or supplier is due care.

  • Installing anti-virus software before deploying a device is due care, ensuring anti-virus software is up-to-date and monitoring in real-time is due diligence.

  • Configuring an IPSec VPN, access-control list, network address translation policies on a firewall is due care. A proper change management process to track and account for those changes is due diligence.

  • Putting up sandbags in preparation for a hurricane is due care. Tracking the weather and seeing the trajectory of a hurricane would be due diligence.

  • Visiting a doctor when you're sick and taking medication is due care. Maintaining a healthy eating habit and a proper exercise regimen is due diligence.

  • Studying your CISSP books, study resources, taking over 5,000 practice questions, reading NIST documents, watching videos, reading as much as you can about the CISSP Common Body of Knowledge, or becoming a member of this site, is practice proper due diligence. Taking your CISSP exam is due care, whether you pass it or not.

Cheers.

Tags:

  • Security and Risk Management
  • Popular Posts
Due Care vs Due Diligence (2024)

FAQs

Due Care vs Due Diligence? ›

In day-to-day life, due care refers to our habits, policies, and procedures that we use to keep us safe and out of trouble. Due diligence means that we take necessary precautions in a given situation. For example, we perform due diligence when investigating a potential problem that has been detected.

Read On
Which comes first due care or due diligence? ›

In order to perform due care, the organization must first perform due diligence. Due diligence comes before due care and is a management process used to gather facts before making a decision.

Discover More Details
What is the difference between due care and due diligence in auditing? ›

Due care involves implementing and maintaining appropriate policies, procedures, standards, and controls that align with the organization's risk appetite and regulatory requirements. Due diligence refers to the ongoing process of monitoring and reviewing the effectiveness of the due care measures.

Continue Reading
What is the difference between due diligence and reasonable care? ›

Due Care refers to the effort made by an ordinarily prudent or reasonable party to avoid harm to another, taking the circ*mstances into account. Due Diligence is a process of acquiring objective and reliable information, generally on a person or a company, prior to a specific event or decision.

See Details
What is the meaning of due care? ›

: the care that an ordinarily reasonable and prudent person would use under the same or similar circ*mstances. called also ordinary care, reasonable care.

Find Out More
What are the 3 P's of due diligence? ›

The 4 P's of due diligence are People, Performance, Philosophy, and Process. These key elements form the foundation of a thorough due diligence process, covering aspects related to the team involved, performance metrics, investment philosophy, and the overall process followed.

Tell Me More
What are the 3 examples of due diligence? ›

The due diligence in business circ*mstances refers to organizations practicing prudence by carefully assessing associated costs and risks prior to completing transactions. Examples include purchasing new property or equipment, implementing new business information systems, or integrating with another firm.

Show Me More
Is due care and due diligence the same? ›

While due care focuses on preventing security incidents through ongoing maintenance and good practices, due diligence is about the investigative actions taken to ensure external parties do not introduce new risks into the organization.

Explore More
What is an example of due care? ›

For example, if a driver is involved in a car accident, the court will consider whether the driver exercised due care while driving. If the driver was distracted or driving recklessly, they may be found to have breached their duty of due care and be held liable for any damages caused by the accident.

Continue Reading
How to demonstrate due care and diligence? ›

What documentation is needed to show due diligence?
  1. Worker orientation, education, and training.
  2. Workplace inspections, including corrective actions taken.
  3. Incident reports, including corrective actions taken.
  4. Audit reports, including evidence of implementing recommendations for improvement.

Show Me More

What are the two main types of due diligence? ›

Types of due diligence
  • Vendor due diligence: Investigating the current or potential risk of new or existing vendors.
  • Third-party due diligence: Third-party due diligence assesses the risk level of potential third-party partners, including any vendors (or fourth parties) in your potential partner's ecosystem.
Mar 22, 2023

Read The Full Story
What is the concept of due care? ›

Due care, also referred to as ordinary care and reasonable care, is the standard of care where a reasonable person would exercise in the same situation or under similar circ*mstances. This standard of care is used in a tort action to determine whether a person was negligent.

See Details
What is the difference between due care and due diligence quizlet? ›

Due diligence involves investigating the risks, whereas due care involves carrying out the necessary steps to mitigate these risks.

Get More Info Here
What is due care in auditing? ›

10 The exercise of due professional care allows the auditor to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud, or whether any material weaknesses exist as of the date of management's assessment.

Continue Reading
What is care and diligence? ›

What is meant by 'acting with care and diligence'? The duty to act with care and diligence requires public sector employees to pay serious attention to their work, treat work with care, and genuinely attempt to accomplish their tasks to a high standard.

View More
What is a synonym for due care? ›

synonyms: ordinary care, reasonable care.

View Details
What comes after due diligence? ›

Once the due diligence process is complete, the buyer will typically provide a report outlining any issues or concerns that were identified. If the parties are able to reach an agreement, they will move forward with the transaction.

See More
Are due diligence and due care the same? ›

While due care focuses on preventing security incidents through ongoing maintenance and good practices, due diligence is about the investigative actions taken to ensure external parties do not introduce new risks into the organization.

Learn More
Does due diligence come before or after offer? ›

After you accept an offer or letter of intent (LOI) on your business, the buyer will begin due diligence. Due diligence is the process of gathering and analyzing information to help the parties determine whether or not to proceed with a business transaction.

Discover More Details
What is the first stage of the due diligence process? ›

1. Prepare documents. During the due diligence process, potential bidders carefully scrutinize every aspect of the target company. To do this, they will methodically review all the documentation relating to each subject, from the business plan to real estate and cash flow - and everything in between.

Show Me More
Top Articles
What Is a Land Equity Loan? | LendingTree
How To Turn Bitcoin Into Cash | CoinStats
St Thomas Usvi Craigslist
No Hard Feelings Showtimes Near Metropolitan Fiesta 5 Theatre
Po Box 7250 Sioux Falls Sd
Star Sessions Imx
Wannaseemypixels
Polyhaven Hdri
Canelo Vs Ryder Directv
Corporate Homepage | Publix Super Markets
Culos Grandes Ricos
‘Accused: Guilty Or Innocent?’: A&E Delivering Up-Close Look At Lives Of Those Accused Of Brutal Crimes
Colts Snap Counts
Tcu Jaggaer
Craigslist Red Wing Mn
Marvon McCray Update: Did He Pass Away Or Is He Still Alive?
Tamilyogi Proxy
Big Lots Weekly Advertisem*nt
Food Universe Near Me Circular
SuperPay.Me Review 2023 | Legitimate and user-friendly
Boxer Puppies For Sale In Amish Country Ohio
Powerschool Mcvsd
Darrell Waltrip Off Road Center
Watertown Ford Quick Lane
My Reading Manga Gay
031515 828
Mosley Lane Candles
Rugged Gentleman Barber Shop Martinsburg Wv
What are the 7 Types of Communication with Examples
Ofw Pinoy Channel Su
Egg Crutch Glove Envelope
Fandango Pocatello
2487872771
Lichen - 1.17.0 - Gemsbok! Antler Windchimes! Shoji Screens!
Marie Peppers Chronic Care Management
Zero Sievert Coop
Eastern New Mexico News Obituaries
Nid Lcms
Chathuram Movie Download
Reilly Auto Parts Store Hours
20 Mr. Miyagi Inspirational Quotes For Wisdom
Frequently Asked Questions
The Bold and the Beautiful
Worland Wy Directions
What Time Do Papa John's Pizza Close
Sam's Club Fountain Valley Gas Prices
Spongebob Meme Pic
Ics 400 Test Answers 2022
Strange World Showtimes Near Century Federal Way
Unbiased Thrive Cat Food Review In 2024 - Cats.com
Latest Posts
What Is Jump Drive And What Is It Used for?
How much equity should I offer to investors?
Article information

Author: Madonna Wisozk

Last Updated:

Views: 6289

Rating: 4.8 / 5 (68 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Madonna Wisozk

Birthday: 2001-02-23

Address: 656 Gerhold Summit, Sidneyberg, FL 78179-2512

Phone: +6742282696652

Job: Customer Banking Liaison

Hobby: Flower arranging, Yo-yoing, Tai chi, Rowing, Macrame, Urban exploration, Knife making

Introduction: My name is Madonna Wisozk, I am a attractive, healthy, thoughtful, faithful, open, vivacious, zany person who loves writing and wants to share my knowledge and understanding with you.