[Verse 1] The board room's quiet, decisions hang in air A CISO warns of risks that need repair But budgets tight and timelines always press Would reasonable leaders choose to address? The prudent person standard asks one thing What would a wise executive bring? [Chorus] Due care means act, due diligence means check Protect the assets, verify what's left The prudent person test will judge your way Would someone else have acted different today? Know or should have known, that's the legal line Due care and diligence by design [Verse 2] Postponed upgrades become the attacker's door Risk identified but shelved forevermore No paper trail to show the choice was made When breach hits hard, there's no defense to trade Board members can't oversee what they don't know Cyber competence must grow [Chorus] Due care means act, due diligence means check Protect the assets, verify what's left The prudent person test will judge your way Would someone else have acted different today? Know or should have known, that's the legal line Due care and diligence by design [Bridge] SOC controls demand you monitor and respond Risk assessments without action break the bond CMMC requires plans of action clear Document acceptance when risks you don't clear HIPAA asks for analysis complete Due care and diligence make compliance sweet [Verse 3] When CISOs cry for resources they lack And leadership won't acknowledge what they track The gap documented shows what should be known Inadequate resources leave you alone Against the standard that the courts will apply Did reasonable care pass by? [Chorus] Due care means act, due diligence means check Protect the assets, verify what's left The prudent person test will judge your way Would someone else have acted different today? Know or should have known, that's the legal line Due care and diligence by design [Outro] The prudent person lives in every choice Let reasoned judgment be your guiding voice Due care protects, due diligence confirms From governance failures, wisdom learns
← 3 Designing the Role for Success | Governance Principle: Formal Risk Acceptance →