学CISSP时的理解如下:
Due Care说的是,你应该去做的事情,像计划
Due Diligence说的是你要保证Due Care要做的那些事情一直在保持最新的状态,有点像审计,要保证Due Care在执行。
Due Diligence: continual effort of making sure that the correct polices, procedures and standards are in place and being followed
Due diligence involves investigating the risks, and due care involves carrying out the necessary steps to mitigate these risks.