The continual effort of making sure that the correct policies, procedures and standards are in place
and being followed is described as what?

A.
Due care

B.
Due concern

C.
Due diligence

D.
Due practice

Explanation:
“Due care means that a company did all that it could have reasonable done to try and prevent
security breaches, and also took the necessary steps to ensure that if a security breach did take
place, the damages were reduced because of the controls or countermeasures that existed. Due care
means that a company practiced common sense and prudent management practices with
responsible actions. Due diligence meants that the company properly investigated all of their
possible weaknesses and vulnerabilities before carrying out any due care practices. The following list
describes some of the actions required to show that due care is being properly practiced in a
corporation: Adequate physical and logical access controls Adequate telecommunication security,
which could require encryption Proper information, application, and hardware backups Disaster
recovery and business continuity plans Periodic review, drills, tests, and improvement in disaster
recovery and business continuity plans Properly informing employees of expected behavior and
ramifications of not following these expectations Developing a security policy, standards,
procedures, and guidelines Performing security awareness training Running updated antivirus
software Periodically performing penetration test from outside and inside the network
Implementing dial-back or preset dialing features on remote access applications Abiding by and
updating external service level agreements (SLAs) Ensuring that downstream security responsibilities
are being met Implementing measure that ensure software piracy is not taking place Ensuring that
proper auditing and reviewing of those audit logs are taking place Conducting background checks on
potential employees” Pg. 616 Shon Harris: CISSP Certification All-in-One Exam Guide