I am sorry here Mike. you had made this concept bit difficult and in fact more confusing. The explanation provided in CISSP CBK 6th edition page 22 is " Due Care : reasonable care to protect the interests of your organization, and Due Diligence : ongoing execution and monitoring of due care" and this is simply opposite what you explain here or described in your book i.e. CISSP OSG 9th Edition. This has caused a lot confusion and every time we respond wrong of there is any question related with this concept. I must say we must stick with CBK, as this would be right approach to answer correctly in the exam, whatever the actual answer is, since the same concept is endorsed at ISC2 website of flash cards.

After reading the comments below from 5-6 months ago, I think the questions about due care and due diligence should be removed from exam because of contradictory information and contents in ISC2 CBK and OSG guides. I still don't know if running vulnerability scans is due care or due diligence.

have always struggled to know the difference between due care and due diligence, this video nailed it for me, thanks Mike

Thank u so much

Explained like a pro with passion. Thank you. This will assist me with my PWC assignment.

I want to add my 5c: I noticed there's a mild mistake in the video - it seems as if due dilligence is just before due care in the timeline, which is not always the case. If we hypothetically had an exposed live electric wire, putting a fence around it would be due care. And periodically monitoring that the fence isn't breached/hasn't become conductive/hasn't become eroded would be due dilligence. You may notice that in this example, due care is before due dilligence I personally think of due dilligence as "business as usual when things go well", and due care as "doing everything reasonable in the event of things going bad fast"

so, running a VA scan is due diligence? n fixing vulnerability part is due care?

hi Mike, after this video, I think that setting up a firewall, a WAF means doing due diligence exercises, and maintaining/operating the firewalls, inspecting their logs means doing due care tasks. Please correct me if I'm wrong. Thank you!

I have searched so long for a good explanation! That's it! Thanks

Thank you Mike Chapple for making everything simple !

It's a perfectly clear definition and explanation of due care and due diligence with different real-life examples. It's really brilliant. Thanks.

Damn. I'd bet that any company in the world who was absolutley totally irresponsible at following it's own company guidelines & rules as well as proper procedures would be totally afraid out of their wits of you. That was a wonderful presentaion and explanation. Thanks for sharing.

This is a much better explanation than some of the other KZbinrs

Always helpful to listen these videos!

Finally got it. Thanks