正确做事和做正确的事※Due care 和Due diligence

Due Care and Due Diligence
Due care and due diligence are terms used throughout this book. Due diligence is
the act of investigating and understanding the risks the company faces. A company
practices due care by developing and implementing security policies, procedures,
and standards. Due care shows that a company has taken responsibility for
the activities that take place within the corporation and has taken the necessary
steps to help protect the company, its resources, and employees from possible
threats. So, due diligence is understanding the current threats and risks, and due
care is implementing countermeasures to provide protection from those threats.
If a company does not practice due care and due diligence pertaining to the security
of its assets, it can be legally charged with negligence and held accountable
for any ramifications of that negligence.
The following are some tricks to remember the difference between these two
concepts. Due Diligence = Do Detect. Due diligence maps with Do Detect. It is
the steps you take to identify the risks using best practices, published standards,
and other tools. Due Care = Do Correct. This is what you do to correct the threat
identified or to minimize it to an acceptable level of risk.
1、Due care 正确的去做某种事情 （Due care＝Do Correct）
2、Due diligence 做正确的事情（Due diligence＝Do Detect）