Due Care and Due Diligence - CISSP - Security and Risk Management

Описание: ------------------------------------------------------------------------------------------------------
Security and Risk Management: Due Care and Due Diligence
------------------------------------------------------------------------------------------------------

**I Am NOT An Expert! **

As a method of studying for the CISSP, I am attempting to briefly explain the concepts I am learning in an an effort to help me, and perhaps fellow students.

For an overview of my plan have a look here:    • CISSP - Learning Through Teaching - Introd...  

Please take everything with a grain of salt.If I'm missing something or focusing on the wrong aspect of a concept or term, please post your comment to let me know.
------------------------------------------------------------------------------------------------------------

Due Care and Due Diligence - Notes:

Due Care: Means you are doing what a reasonable person would do. Another name for it is the “prudent man” rule . . .
Reminds me of George Bush, which reminds me of Dana Carvey (“Not Gonna Do It.”)
Means you don’t use your computer mouse as a hammer or don’t let the black hat hacker borrow your password which was set to 12345 in the first place.

Due Diligence:
Step up from Due Care.
Confirms that due care is being followed.
Manager’s responsibility to verify that due care is being followed.
In the current example, means that you make the employees understand that the access card is their responsibility and they must have it on them at all time.

Gross Negligence:
Opposite of Due Care.
If you use the password 12345 to protect a hospital’s PHI info, you are grossly negligent!