Concept 8
Difference Between Due Care and Due Diligence
Separating security action from risk investigation and research.
Due Care:
- Taking security actions
- Protecting systems
- “Doing”
Due Diligence:
- Investigating risks
- Researching before decisions
- “Checking”
Simple Example
Due diligence = researching a security company before hiring them.
Due care = actually using the security company properly afterward.