A company was charged with negligence. The judge ruled that while the company produced evidence of good security policies, the company was still guilty of breach of privacy due to lack of enforcement of the security policies. Which of the following management principles was violated?
A.
Lack of due care
B.
Lack of due diligence
C.
Lack of management oversight
D.
Lack of standards
Explanation:
It is not enough to create good security policy. It is managements
responsibility to make sure the policy directives are carried out. Lack of standards
and lack of oversight may have contributed to the lack of policy enforcement.
“Another way of understanding these terms is to think of due care as doing the right thing and due diligence as evaluating the results of due care measures to ensure that they are performing as intended”
Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) (Kindle Locations 11983-11985). Taylor & Francis. Kindle Edition.
0
0
@ Admin: As per the explanation it matches the options “C” & “D”, but answer given right is “B”. Can you plz explain about this ?
0
0
The customer is having a strong policy and they have not cared to implement them. The Due Diligence is to identify risk and Due Care is having taken enough responsible actions to reduced identified risks to an acceptable level. They had management oversight. Hence they have created the policies but management did not pursed to implement those policies. So they have not taken due care. Management is responsible for complete implementation of security in an organisation. Its a top down approach.
0
0
i went with due care…is that right?
Please reply.
0
0
Dear Admin,
Answer should be A- Due Care
Due diligence is the act of investigating and understanding the risks the company faces.
A company practices due care by developing and implementing security policies, procedures,and standards.
Due care shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible threats. So, due diligence is understanding the current threats and risks, and due care is implementing countermeasures to provide protection from those threats.
If a company does not practice due care and due diligence pertaining to the security of its assets, it can be legally charged with negligence and held accountable for any ramifications of that negligence.
it is stated in the question that the company produced evidence of good security policies but it wasn’t probably implemented therefore it Due care wasn’t achieved correctly.
0
0
Fixed. Thanks all.
0
0