Due Diligence Vs Due Care: Key CISSP Concepts Explained

Understanding the difference between Due Diligence and Due Care is critical in cybersecurity, especially for CISSP certification and real-world risk management.

Due Diligence: Risk-Aware Decision Making

Due diligence involves assessing risks before taking action. It’s about gathering intelligence, evaluating threats, and making informed decisions.

Examples:

Conducting a vendor risk assessment before signing a contract.
Analyzing security compliance before deploying a new system.

CISSP Definition:

“Due diligence is the process of identifying risks and making informed decisions to mitigate them.”

Due Care: Responsible Execution

Due care focuses on post-decision actions—implementing safeguards, maintaining security controls, and ensuring compliance.

Examples:

Regularly patching systems to prevent vulnerabilities.
Conducting employee security training to reduce human error.

CISSP Definition:

“Due care is the ongoing effort to maintain security and uphold responsibilities.”

Memory Aid

Diligence → “Do Detect” (Investigate before acting).
Care → “Do Care” (Maintain security after acting).

You Should Know: Practical Implementation

1. Due Diligence in Linux (Risk Assessment)

Scan for vulnerabilities using OpenVAS:
```
sudo openvas-setup 
sudo gvm-start 
```
Check system compliance with Lynis:
```
sudo lynis audit system 
```

2. Due Care in Windows (Maintenance & Protection)

Automate patching with PowerShell:

Install-Module PSWindowsUpdate -Force 
Install-WindowsUpdate -AcceptAll -AutoReboot

Monitor logs for suspicious activity:

Get-EventLog -LogName Security -EntryType FailureAudit

3. Network Security (Ongoing Due Care)

Check firewall rules (Linux):
```
sudo iptables -L -n -v 
```

Test IDS/IPS alerts with Snort:

sudo snort -A console -q -c /etc/snort/snort.conf -i eth0

What Undercode Say

Due diligence and due care are foundational in cybersecurity. Failing in either can lead to breaches, compliance violations, or legal consequences.

Key Commands to Reinforce Security Posture:

Linux:

Check user permissions 
sudo ls -la /etc/shadow

Verify file integrity (Tripwire alternative) 
sudo aide --check

Windows:

Verify installed patches 
Get-HotFix | Sort-Object InstalledOn -Descending

Check for weak passwords 
net accounts

Expected Output:

A structured approach where due diligence prevents risks, and due care sustains security. Implement these principles in audits, policies, and daily operations.

URLs for Further Reading:

References:

Reported By: Biren Bastien – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post

Due Diligence: Risk-Aware Decision Making

Examples:

CISSP Definition:

Due Care: Responsible Execution

Examples:

CISSP Definition:

Memory Aid

You Should Know: Practical Implementation

1. Due Diligence in Linux (Risk Assessment)

2. Due Care in Windows (Maintenance & Protection)

3. Network Security (Ongoing Due Care)

What Undercode Say

Key Commands to Reinforce Security Posture:

Expected Output:

URLs for Further Reading:

References:

Join Our Cyber World:

Related Posts: