discussion unit 3 #1

1

Due care is engaging in just, proper, and sufficient care*.  It focuses on whether or not someone's actions contributed any harm or violated the law.  In cybersecurity it means protecting an organization's reputational, financial, and legal best interests, and taking action against anything working against upholding these.

Due diligence is not fixing something immediately, but rather figuring out why something was not done correctly**.  Its focus is understanding the context of a situation and whether or not an action was taken in a reasonable way.  If not, due diligence is used to determine what a reasonable person would do and determine a proper solution to be taken with due care.

*Fasulo, Phoebe (2021) Due Care vs. Due Diligence. Retrieved from:  https://securityscorecard.com/blog/due-care-vs-due-diligence

**(2021) Due Care vs. Due Diligence Retrieved from https://www.studynotesandtheory.com/single-post/due-care-vs-due-diligence

2

As Infosec (2019) mentions due care and due diligence are not 2 interchangeable terms. Regulatory compliance is conforming to certain rules, standards, policies, or specifications. There have been many times when companied didn't do their due diligence and cost them a lot of money. Due diligence is the care that a person exercises to avoid harm to other people or their property. An example of a company not exercising due care is when HP purchased the company Autonomy. HP was sued by shareholders for missing red flags that Autonomy had provided inaccurate income statements. Another due diligence mishap was when Quaker purchased Snapple.    

Infosec. (2019, July 5). Due care vs. due diligence and the CISSP. Infosec. https://resources.infosecinstitute.com/certification/due-care-vs-due-diligence-cissp/

Stephenson, D. (2019, November 26). Top 10 due diligence disasters. Firmex Resources. Retrieved October 12, 2021, from https://www.firmex.com/resources/uncategorized/top-10-due-diligence-disasters/.