Due Diligence and Due Care

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Due diligence and due care.
00:00
In this lesson, we're going to talk about
00:00
two very important concepts
00:00
>> that have legal implications.
00:00
>> You really want to be thinking about them
00:00
through the lens of,
00:00
are you providing adequate and appropriate security
00:00
in the cloud environments?
00:00
In this lesson, we're going
00:00
>> to talk about the difference
00:00
>> between due diligence and due care,
00:00
the importance of each in terms of cloud security and
00:00
the consequences for failing to
00:00
abide due diligence and due care.
00:00
Let's start with due diligence.
00:00
Due diligence is really the act
00:00
of gathering necessary information.
00:00
You really
00:00
demonstrate the best amount of decision-making.
00:00
You're making an informed decision
00:00
about the policies that you are setting,
00:00
the controls you're implementing
00:00
within your environments.
00:00
This really also implies that there's
00:00
continual scrutiny that due diligence requires
00:00
that your organization is continually
00:00
trying to scrutinize its own practices to ensure
00:00
that they are always meeting or exceeding
00:00
their requirements to protect
00:00
assets and your stakeholders.
00:00
This also is involved
00:00
when evaluating vendors and partners.
00:00
Now, due care is the individual flip side of this.
00:00
Due care pertains to acting
00:00
reasonably and responsibility of doing the right thing.
00:00
It's a legal term that determines
00:00
the standard for performance that can be expected.
00:00
Due care implies that you're really
00:00
setting a minimum standard and that
00:00
you're meeting it within your organization.
00:00
Lack of due care is considered a
00:00
form of negligence which can have legal penalties,
00:00
especially when it comes to the violation of regulations.
00:00
If you're not adhering to those minimum requirements.
00:00
When you think of due care, I think the quote below,
00:00
'Do the right thing 'really comes up.
00:00
Just to reiterate, due diligence is
00:00
really the process of making
00:00
sure that you are making good-quality decisions.
00:00
That you're continually scrutinizing
00:00
your practices to ensure that
00:00
they meet or exceed the expectations of your industry.
00:00
Then due care is ensuring that you
00:00
are following up and acting
00:00
on anything at a reasonable standard.
00:00
In the cloud, due diligence really refers to
00:00
the importance of making sure that you have
00:00
appropriate policies and procedures,
00:00
that you're evaluating risks
00:00
associated with your vendors and partners.
00:00
Then due care is really exercise of
00:00
the operational level when you're appropriately
00:00
following up on violations
00:00
or unusual activity within your environments.
00:00
Quiz question. Your friend, a cloud engineer,
00:00
says they need to access
00:00
a database to review changes that have been made.
00:00
The database contains sensitive information.
00:00
If you provide access without asking
00:00
your friend's manager to submit
00:00
an access request with a justification,
00:00
you have violated which of the following?
00:00
Due care, due diligence or neither?
00:00
If you said due care, you're correct.
00:00
I created this question
00:00
because oftentimes when you work with people,
00:00
a certain level of trust is developed.
00:00
However, in the context of maintaining
00:00
security controls in cloud environments,
00:00
you really need to ensure that you're
00:00
exercising due care when investigating the justification,
00:00
ensuring that any requests,
00:00
especially those that could eventually
00:00
change or alter information,
00:00
are subjected to your change manager process
00:00
and meet the standard of
00:00
at least privilege that there is truly
00:00
a warranted business justification for
00:00
granting this access in the context of the question.
00:00
In summary, we talked about
00:00
the importance of due diligence,
00:00
the importance of due care,
00:00
and the application of each in the cloud.
00:00
I'll see you in the next lesson.
Up Next