I want to add my 5c: I noticed there's a mild mistake in the video - it seems as if due dilligence is just before due care in the timeline, which is not always the case. If we hypothetically had an exposed live electric wire, putting a fence around it would be due care. And periodically monitoring that the fence isn't breached/hasn't become conductive/hasn't become eroded would be due dilligence. You may notice that in this example, due care is before due dilligence I personally think of due dilligence as "business as usual when things go well", and due care as "doing everything reasonable in the event of things going bad fast"
Damn. I'd bet that any company in the world who was absolutley totally irresponsible at following it's own company guidelines & rules as well as proper procedures would be totally afraid out of their wits of you. That was a wonderful presentaion and explanation. Thanks for sharing.
hi Mike, after this video, I think that setting up a firewall, a WAF means doing due diligence exercises, and maintaining/operating the firewalls, inspecting their logs means doing due care tasks. Please correct me if I'm wrong. Thank you!
In simple words Due Care = DC= Do correct, and Due Diligence= DD= Do detect. and as per CISSP CBK 6th edition page 22" reviewing security log output for suspicious activity and conducting penetration tests to determine if firewall rules are sufficiently restrictive is due dilgence" hence reviewing logs comes under due diligence.
After reading the comments below from 5-6 months ago, I think the questions about due care and due diligence should be removed from exam because of contradictory information and contents in ISC2 CBK and OSG guides. I still don't know if running vulnerability scans is due care or due diligence.
I am sorry here Mike. you had made this concept bit difficult and in fact more confusing. The explanation provided in CISSP CBK 6th edition page 22 is " Due Care : reasonable care to protect the interests of your organization, and Due Diligence : ongoing execution and monitoring of due care" and this is simply opposite what you explain here or described in your book i.e. CISSP OSG 9th Edition. This has caused a lot confusion and every time we respond wrong of there is any question related with this concept. I must say we must stick with CBK, as this would be right approach to answer correctly in the exam, whatever the actual answer is, since the same concept is endorsed at ISC2 website of flash cards.
have always struggled to know the difference between due care and due diligence, this video nailed it for me, thanks Mike
Explained like a pro with passion. Thank you. This will assist me with my PWC assignment.
Thank you Mike Chapple for making everything simple !
It's a perfectly clear definition and explanation of due care and due diligence with different real-life examples. It's really brilliant. Thanks.
This is a much better explanation than some of the other UA-camrs
I have searched so long for a good explanation! That's it! Thanks
I want to add my 5c: I noticed there's a mild mistake in the video - it seems as if due dilligence is just before due care in the timeline, which is not always the case. If we hypothetically had an exposed live electric wire, putting a fence around it would be due care. And periodically monitoring that the fence isn't breached/hasn't become conductive/hasn't become eroded would be due dilligence. You may notice that in this example, due care is before due dilligence
I personally think of due dilligence as "business as usual when things go well", and due care as "doing everything reasonable in the event of things going bad fast"
Damn. I'd bet that any company in the world who was absolutley totally irresponsible at following it's own company guidelines & rules as well as proper procedures would be totally afraid out of their wits of you. That was a wonderful presentaion and explanation. Thanks for sharing.
Always helpful to listen these videos!
hi Mike, after this video, I think that setting up a firewall, a WAF means doing due diligence exercises, and maintaining/operating the firewalls, inspecting their logs means doing due care tasks.
Please correct me if I'm wrong.
Thank you!
In simple words Due Care = DC= Do correct, and Due Diligence= DD= Do detect.
and as per CISSP CBK 6th edition page 22" reviewing security log output for suspicious activity and conducting penetration tests to
determine if firewall rules are sufficiently restrictive is due dilgence" hence reviewing logs comes under due diligence.
After reading the comments below from 5-6 months ago, I think the questions about due care and due diligence should be removed from exam because of contradictory information and contents in ISC2 CBK and OSG guides. I still don't know if running vulnerability scans is due care or due diligence.
I’ve seen contradictory explanations also
Thank u so much
Finally got it. Thanks
so, running a VA scan is due diligence? n fixing vulnerability part is due care?
in simple words Due Care = DC= Do correct, and Due Diligence= DD= Do detect.
so by this your approach is right to consider above concept.
I am sorry here Mike.
you had made this concept bit difficult and in fact more confusing.
The explanation provided in CISSP CBK 6th edition page 22 is " Due Care : reasonable care to protect the interests of your organization, and Due Diligence : ongoing execution and monitoring of due care"
and this is simply opposite what you explain here or described in your book i.e. CISSP OSG 9th Edition.
This has caused a lot confusion and every time we respond wrong of there is any question related with this concept.
I must say we must stick with CBK, as this would be right approach to answer correctly in the exam, whatever the actual answer is, since the same concept is endorsed at ISC2 website of flash cards.
Due Care = Do correct
Due Diligence = Do Detect