Which of the following phases of a software development life cycle normally addresses Due Care and Due
Diligence?

A.
Implementation

B.
System feasibility

C.
Product design

D.
Software plans and requirements

Explanation:
Information security best practice is a consensus of the best way to protect the confidentiality, integrity, and
availability of assets. Following best practices is a way to demonstrate due care and due diligence.
Due Care and Due Diligence should therefore be a part of the Software plans and requirements phase.
Note: Due care is doing what a reasonable person would do. It is sometimes called the “prudent man” rule. The
term derives from “duty of care. Due diligence is the management of due care. Expecting your staff to keep
their systems patched means you expect them to exercise due care. Verifying that your staff has patched their
systems is an example of due diligence.
Incorrect Answers:
A: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the
implementation phase.
B: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the System
feasibility phase.
C: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the design
phase.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 161