Due Diligence and Due Care in Security Governance cover art

Due Diligence and Due Care in Security Governance

Due Diligence and Due Care in Security Governance

Listen for free

View show details

About this listen

The dicussion in this podcast provides an exhaustive analysis of Due Diligence (DD) and Due Care (DC), presenting them as the dual legal and operational pillars of robust security governance, particularly in the context of the CISSP certification. Due Diligence is defined as the strategic, investigative, and planning phase, focusing on foresight, risk assessment, and establishing security policies; it is about knowing what should be done. Conversely, Due Care is the continuous, operational execution of those policies, involving habitual activities like patching and log review, which constitutes actually doing the right thing. The discussion explains that failing to demonstrate either DD or DC can expose an organisation and its executives to findings of ordinary or gross negligence, with DD failure often leading to higher liability. Finally, the mandates that organisations must integrate these concepts into a continuous improvement cycle (like PDCA) and use industry frameworks to provide auditable evidence for a legal defence against claims of security failure.
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.