看到一个有意思的
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://52752.blog.51cto.com/42752/85489
Due Care and Due Diligence
Due care and due diligence are terms used throughout this book. Due diligence is the act of investigating and understanding the risks the company faces.
A company practices due care by developing and implementing security policies, procedures, and standards.
Due care shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible threats.
So, due diligence is understanding the current threats and risks, and due care is implementing countermeasures to provide protection from those threats.
If a company does not practice due care and due diligence pertaining to the security of its assets, it can be legally charged with negligence and held accountable for any ramifications of that negligence.
The following are some tricks to remember the difference between these two concepts.
Due Diligence = Do Detect.
Due diligence maps with Do Detect. It is the steps you take to identify the risks using best practices, published standards, and other tools.
Due Care = Do Correct.
This is what you do to correct the threat identified or to minimize it to an acceptable level of risk.
1、Due care 正确的去做某种事情 (Due care=Do Correct)
2、Due diligence 做正确的事情(Due diligence=Do Detect)
博文
没有评论:
发表评论