Due Care – Prudent person rule – What would a prudent person do in this situation? Implementing the IT Security architecture, keep systems patched. If compromised: fix the issue, notify affected users (Follow the Security Policies to the letter).