The continual effort of making sure that the correct policies, procedures and standards are in place
and being followed is described as what?
A.
Due care
B.
Due concern
C.
Due diligence
D.
Due practice
Explanation:
“Due care means that a company did all that it could have reasonable done to try
and prevent security breaches, and also took the necessary steps to ensure that if a security
breach did take place, the damages were reduced because of the controls or countermeasures
that existed. Due care means that a company practiced common sense and prudent management
practices with responsible actions. Due diligence meants that the company properly investigated
all of their possible weaknesses and vulnerabilities before carrying out any due care practices.
The following list describes some of the actions required to show that due care is being properly
practiced in a corporation:
Adequate physical and logical access controlsAdequate telecommunication security, which could require encryption
Proper information, application, and hardware backups
Disaster recovery and business continuity plans
Periodic review, drills, tests, and improvement in disaster recovery and business continuity plans
Properly informing employees of expected behavior and ramifications of not following these
expectations
Developing a security policy, standards, procedures, and guidelines
Performing security awareness training
Running updated antivirus software
Periodically performing penetration test from outside and inside the network
Implementing dial-back or preset dialing features on remote access applications
Abiding by and updating external service level agreements (SLAs)
Ensuring that downstream security responsibilities are being met
Implementing measure that ensure software piracy is not taking place
Ensuring that proper auditing and reviewing of those audit logs are taking place
Conducting background checks on potential employees”
Pg. 616 Shon Harris: CISSP Certification All-in-One Exam Guide