Due Diligence and Due Care in Security Governance

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/16/10/f1/1610f1ba-94f9-ff90-fcf5-295f56cad680/mza_14832663211430209641.jpg/600x600bb.jpg

InfoSec Bites

HelloInfoSec

117 episodes

6 days ago

Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec

Technology

RSS

All content for InfoSec Bites is the property of HelloInfoSec and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/44370068/44370068-1759518151719-d4e3902684b4b.jpg

Due Diligence and Due Care in Security Governance

InfoSec Bites

29 minutes 33 seconds

2 weeks ago

Due Diligence and Due Care in Security Governance

The dicussion in this podcast provides an exhaustive analysis of Due Diligence (DD) and Due Care (DC), presenting them as the dual legal and operational pillars of robust security governance, particularly in the context of the CISSP certification. Due Diligence is defined as the strategic, investigative, and planning phase, focusing on foresight, risk assessment, and establishing security policies; it is about knowing what should be done. Conversely, Due Care is the continuous, operational execution of those policies, involving habitual activities like patching and log review, which constitutes actually doing the right thing. The discussion explains that failing to demonstrate either DD or DC can expose an organisation and its executives to findings of ordinary or gross negligence, with DD failure often leading to higher liability. Finally, the mandates that organisations must integrate these concepts into a continuous improvement cycle (like PDCA) and use industry frameworks to provide auditable evidence for a legal defence against claims of security failure.