You are currently viewing CISSP – Liability, due diligence and negligence.

CISSP – Liability, due diligence and negligence.

  • Liability:
    • If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care. Who is held accountable, who is to blame, who should pay?
  • Due Diligence and Due Care:
    • Due Diligence – The research to build the IT Security architecture of your organization. Best practices and common protection mechanisms. Research of new systems before implementing.
    • Due Care – Prudent Person Rule – What would a Prudent Person do in this situation?
    • Implementing the IT Security architecture, keep systems patched. If compromised: fix the issue, notify effected users (Follow the Security Policies to the letter).
  • Negligence (and Gross Negligence) is the opposite of Due Care.
    • If a system under your control is compromised and you can prove you did your Due Care you are most likely not liable.
    • If a system under your control is compromised and you did NOT perform Due Care you are most likely liable.

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.