Due Care and Due Diligence: What’s the Difference? –

ByFreda D. Cuevas

Apr 12, 2022 #2021 Acura Rdx Technology Package, #2021 Acura Tlx Technology Package, #2022 Acura Mdx Technology Package, #Align Technology Stock, #Applied Racing Technology, #Artificial Intelligence Technology Solutions Inc, #Assisted Reproductive Technology, #Battery Technology Stocks, #Benjamin Franklin Institute Of Technology, #Chief Technology Officer, #Color Star Technology, #Craft Design Technology, #Definition Of Technology, #Definitive Technology Speakers, #Element Materials Technology, #Health Information Technology Salary, #Ice Mortgage Technology, #Information Technology Definition, #Information Technology Degree, #Information Technology Salary, #Interactive Response Technology, #International Game Technology, #La Crosse Technology Weather Station, #Lacrosse Technology Atomic Clock, #Luokung Technology Stock, #Marvell Technology Stock Price, #Maytag Commercial Technology Washer, #Microchip Technology Stock, #Micron Technology Stock Price, #Mrna Technology History, #Mrna Vaccine Technology, #Nyc College Of Technology, #Penn College Of Technology, #Recombinant Dna Technology, #Rlx Technology Stock, #Robert Half Technology, #Science And Technology, #Sharif University Of Technology, #Smart Home Technology, #Stevens Institute Of Technology Ranking, #Symphony Technology Group, #Technology In The Classroom, #Technology Readiness Level, #Technology Stores Near Me, #Thaddeus Stevens College Of Technology, #University Of Advancing Technology, #Vanguard Information Technology Etf, #Vanguard Technology Etf, #What Is 5g Technology, #Women In Technology


When you hear the terms Due care and Due diligence, you will think they are the same and can be interchangeable but in the information security world, they actually have two very different meanings. If you work in Information security, it is worth becoming familiar with the two terms and the difference between them as you will see they can shape your security program. In today’s business environment, prudence is mandatory. The importance of showing due care and due diligence is the only way to disprove negligence in an occurrence of loss. Senior management must have the ability to show due care and due diligence to reduce their culpability and liability when a loss occurs.

Due care is using reasonable care to protect the interests of an organization.

Due diligence is practising the activities that maintain the due care effort.

For example, due care is developing a formalized security structure containing a security policy, standards, baselines, guidelines, and procedures. Due diligence is the continued application of this security structure onto the IT infrastructure of an organization.

To better understand the two terms, let us break the two terms Due Care and Due Diligence – down a little further.

Difference between Due Care and Due Diligence

So both terms start with the word Due. You may have heard the phrase in reference to ‘giving something its due’. In this context, the word Due means you’re affording that item what it deserves. If we used this word in the Information security context we should always ensure that we afford to give the systems, people and data that we manage the amount of protection that they deserve.

Care – If you care about something you will do everything you possibly can to protect it, which means you will place careful thought into how you will care for it. In order to provide that level of care, you will have to set a level of rules and guidelines that is mandatory to keep it safe. If you care about the clients, personnel, data and systems you’re endeavouring to protect, then you take time to think about and create policies to protect them from harm, abuse, unauthorized access, accidental damage and destruction, etc. Using Due care and setting the rules and guidelines is only the start and will do you no good unless they are followed. This is where Due Diligence comes into play.

Diligence – The term Diligence is defined as – careful and persistent work or effort. The best way to describe the term Due diligence in the context of Information security is that it is simply the execution of due care. It’s the diligent careful and persistent work or effort placed into making sure that policies and procedures are utilized. When you exercise due care by enabling logging on a secure system, what good is it if you’re not diligent about reviewing those logs? Diligence is the persistent continual work required to make the initial care you put in valuable.

Both of these terms, due care and due diligence work hand in hand and rely on each other in the establishment and continued success of a strong security framework. Due care is useless without the effort to make it worthwhile through diligence. Policy without enforcement is yelling into the wind. But due diligence means nothing if you’ve not taken the time to establish the appropriate policy to protect what’s important to you.

In summary –

Due care is the thought put into securing your environment by creating policies and procedures to protect it. Due diligence is the effort you put into making sure those policies/procedures are enforced and utilized.

4 Best Practices For Cyber Security Due Diligence (bitsight.com)


Source link