Unformatted text preview: means that
a company practiced common sense and prudent management and acted responsibly.
Due diligence means that the company properly investigated all of its possible weaknesses and vulnerabilities. ch10.indd 874 12/4/2009 11:39:09 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 875 Figure 10-1 One example of the consequences of corporate fraud in 2002 Before you can figure out how to properly protect yourself, you need to find out
what it is you are protecting yourself against. This is what due diligence is all about—researching and assessing the current level of vulnerabilities so the true risk level is understood. Only after these steps and assessments take place can effective controls and
safeguards be identified and implemented.
The same type of responsibility is starting to be expected of corporations pertaining
to computer crime and resource protection. Security is developed and implemented to
protect an organization’s valuable resources; thus, appropriate safeguards need to be in
place to protect the company’s mission by protecting its tangible and intangible resources, reputation, employees, customers, shareholders, and legal position. Security is
a means to an end and not an end within itself. It is not practiced just for the sake of
doing it. It should be practiced in such a way as to accomplish fully understood,
planned, and attainable goals.
Senior management has an obligation to protect the company from a long list of
activities that can negatively affect it, including protection from malicious code, natural
disasters, privacy violation, infractions of the law, and more.
The costs and benefits of security should be evaluated in monetary and nonmonetary terms to ensure that the cost of security does not outweigh the expected benefits.
Security should be proportional to potential loss estimates pertaining to the severity,
likelihood, and extent of potential damage. ch10.indd 875 12/4/2009 11:39:09 AM All-in...
View Full Document