{"id":458,"date":"2021-01-17T05:33:51","date_gmt":"2021-01-16T18:00:14","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0450\/"},"modified":"2021-01-17T05:44:16","modified_gmt":"2021-01-17T05:44:16","slug":"systems-security-certified-practitioner-sscp-question0450","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0450\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0450"},"content":{"rendered":"<div class=\"question\">Which of the following would NOT violate the Due Diligence concept? <br \/><strong><br \/>A.<\/strong> Security policy being outdated <br \/><strong>B.<\/strong> Data owners not laying out the foundation of data protection <br \/><strong>C.<\/strong> Network administrator not taking mandatory two-week vacation as planned <br \/><strong>D.<\/strong> Latest security patches for servers being installed as per the Patch Management process<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>D<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nTo be effective a patch management program must be in place (due diligence) and detailed procedures would specify how and when the patches are applied properly (Due Care). Remember, the question asked for NOT a violation of Due Diligence, in this case, applying patches demonstrates due care and the patch management process in place demonstrates due diligence.<br \/>\nDue diligence is the act of investigating and understanding the risks the company faces. A company practices by developing and implementing security policies, procedures, and standards. Detecting risks would be based on standards such as ISO 2700, Best Practices, and other published standards such as NIST standards for example.<br \/>\nDue Diligence is understanding the current threats and risks. Due diligence is practiced by activities that make sure that the protection mechanisms are continually maintained and operational where risks are constantly being evaluated and reviewed. The security policy being outdated would be an example of violating the due diligence concept.<br \/>\nDue Care is implementing countermeasures to provide protection from those threats. Due care is when the necessary steps to help protect the company and its resources from possible risks that have been identifed. If the information owner does not lay out the foundation of data protection (doing something about it) and ensure that the directives are being enforced (actually being done and kept at an acceptable level), this would violate the due care concept.<br \/>\nIf a company does not practice due care and due diligence pertaining to the security of its assets, it can be legally charged with negligence and held accountable for any ramifications of that negligence. Liability is usually established based on Due Diligence and Due Care or the lack of either.<br \/>\nA good way to remember this is using the first letter of both words within Due Diligence (DD) and Due Care (DC).<br \/>\nDue Diligence = Due Detect Steps you take to identify risks based on best practices and standards.<br \/>\nDue Care = Due Correct. Action you take to bring the risk level down to an acceptable level and maintaining that level over time.<br \/>\nThe Following answer were wrong:<br \/>\nSecurity policy being outdated: While having and enforcing a security policy is the right thing to do (due care), if it is outdated, you are not doing it the right way (due diligence). This questions violates due diligence and not due care.<br \/>\nData owners not laying out the foundation for data protection: Data owners are not recognizing the &#8220;right thing&#8221; to do. They don&#8217;t have a security policy.<br \/>\nNetwork administrator not taking mandatory two week vacation: The two week vacation is the &#8220;right thing&#8221; to do, but not taking the vacation violates due diligence (not doing the right thing the right way)<br \/>\nReference(s) used for this question Shon Harris, CISSP All In One, Version 5, Chapter 3, pg 110<\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Which of the following would NOT violate the Due Diligence concept? A. Security policy being outdated B. Data owners not laying out the foundation of data protection C. Network administrator not taking mandatory two-week vacation as planned D. Latest security patches for servers being installed as per the Patch Management process Show Answer Hide Answer [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,453,3],"class_list":["post-458","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0450","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=458"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/458\/revisions"}],"predecessor-version":[{"id":1534,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/458\/revisions\/1534"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}