CISSP PRACTICE QUESTIONS – 20191220

You are sitting for the CISSP exam. An agreement is displayed on the screen requiring that you, as an exam taker, cannot share any content of the exam with others. After reviewing it, you click “I agree” and proceed to start the exam. Which of the following best describes your behavior?
A. Accountability
B. Digital signature
C. Due care
D. Due diligence


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Perspectives on the topic of Due care/Due diligence diversify. This post stands for my perspective only. Your perspective, opinion, or comment are always welcome. Please feel free to contact me through wentzwu /at/ gmail.com.

My suggested answer is D. Due diligence.

Special thanks go to Chaudhary Darvin for your valuable time discussing with me, exchanging perspectives, and giving me insightful feedback and suggestions.

Accountability and Digital Signature

You are accountable for your decisions, especially those you have signed. If you blindly click “I agree” without reviewing the agreement, you are still held accountable. The digital signature is one of the means that binds your accountability. Neither the digital signature nor the accountability demonstrates your due diligence on reviewing the agreement.

Due Diligence

Due diligence is about precautions and compliance. It is exercised across the PDCA cycle. It is primarily a preventive control that requires:

  1. doing your homework before making any decisions and
  2. ensuring the implementation of the decisions is effective, efficient, and compliant.

Definitions

  • Reasonable steps taken by a person to avoid committing a tort or offence. (Google Dictionary)
  • Process through which organizations proactively identify, assess, prevent, mitigate and account for how they address their actual and potential adverse impacts as an integral part of decision-making and risk management. (ISO 20400:2017)
  • Due diligence is the investigation or exercise of care that a reasonable business or person is expected to take before entering into an agreement or contract with another party, or an act with a certain standard of care. (Wikipedia)
  • The performance of those actions that are generally regarded as prudent, responsible and necessary to conduct a thorough and objective investigation, review and/or analysis. (ISACA)

Due Care

  • The level of care expected from a reasonable person of similar competency under similar conditions. (ISACA)
  • Due (Google Dictionary)
    • expected at or planned for at a certain time.
    • of the proper quality or extent.
  • “Care” is serious attention or consideration applied to doing something correctly or to avoid damage or risk. (Google Dictionary)

In the Exercise of Due Care

You are expected to do your work with serious attention or consideration. In other words, you have to exercise your due care. However, to what extent can you demonstrate you have exercised enough due care?

At the minimum, you must be compliant with the policies, standards, and procedures. You have to justify the level of care that meets the judge’s expectation upon the prudent man (reasonable person) who lives on the judge’s mind.

Due care is mostly, but not limited to, exercised in the “Do” phase of the PDCA cycle.  Due care is both corrective and recovery control.

Court Cases

Due diligence typically appears in the laws and regulations that impose compliance requirements, while Due care commonly cited in court cases.

  • You exercise due diligence by taking preventive or proactive actions to avoid violating laws or regulations.
  • The chances are that you appear in the court to justify you’ve exercised due care to prevent bad things from happening to appeal for liability reduction or not guilty –  due care is a recovery control in some sense.

Due care is exercised when you are doing duties but justified when you appear in the court to appeal for not guilty or liability reduction.

  • In contrast, the evidence does not support a finding beyond a reasonable doubt that Doane knew or should have known, in the exercise of due care, that she was hunting in the Elkhorn unit with a Missouri unit permit, in violation of state law. (Court Case 8:08CR372)
  • Although Baum clearly does not agree with the Magistrate Judge’s decision, the evidence presented at trial was sufficient to find him guilty of operating a motor vehicle without due care. Accordingly, Baum’s conviction and penalty are AFFIRMED. (Court Case: 5:12CR319)

References

  1. Standard of care
  2. Duty of care
  3. Trier of fact
  4. What is Due Diligence and How do You Perform it?
  5. Court Case 1:08-cv-1319-JMS-DML (Duty of care)

Leave a Reply