Due care is a legal term and concept used to help determine liability
in a court of law. If someone is practicing due care, they are acting responsibly
and will have a lower probability of being found negligent and liable if something
bad takes place.
in a court of law. If someone is practicing due care, they are acting responsibly
and will have a lower probability of being found negligent and liable if something
bad takes place.
Due care is implementing countermeasures to provide protection from those threats. A company practices due care by developing and implementing security policies, procedures, and standards. Due care shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible threats.
Due diligence is performing reasonable examination and research before committing to a course of action. Basically, "look before you leap." In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be "haphazard" or "not doing your homework."
Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence."
Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence."
下面这一道CCCure上的模拟题对应这个理解:
Which of the following would violate the Due Care concept?
A. Security policy being outdated
B. Data owners not laying out the foundation of data protection
C. Network administrator not taking mandatory two-week vacation as planned
D. Latest security patches for servers only being installed once a week
A. Security policy being outdated
B. Data owners not laying out the foundation of data protection
C. Network administrator not taking mandatory two-week vacation as planned
D. Latest security patches for servers only being installed once a week
根据理解:
A - Due Diligence:制定Security Policy是Due Care,但没有更新就是Due Diligence
B - Due Care: 必须要保护数据安全,这个是Due Care, 如果你制定了要保护数据安全,但没有做,就是Due Diligence.
C - Due Diligence:要求定期的休假是Due Care,但没有去休假就是Due Diligence
D - Due Diligence:要求打Patch是Due Care;而每周打一次,不能保证时刻保持系统为最新,违反了Due Diligence.
B - Due Care: 必须要保护数据安全,这个是Due Care, 如果你制定了要保护数据安全,但没有做,就是Due Diligence.
C - Due Diligence:要求定期的休假是Due Care,但没有去休假就是Due Diligence
D - Due Diligence:要求打Patch是Due Care;而每周打一次,不能保证时刻保持系统为最新,违反了Due Diligence.
Due Care是指公司应该做的,试图保护安全漏洞的努力;指一个公司执行的常规的审慎管理及负责任的行为。
Due Diligence是指公司以有秩序的方式进行这些行为,而不是只做一次,然后让它们等着过时,变得无用。
