7. Establishing an IACS Security Program

Question 1

List 6 Activities that are part of developing a CSMS

Answer 1

1. Initiate CSMS Program
2. High Level Risk Assessment
3. Detailed Risk Assessment
4. Establish Policy, organization and awareness
5. Select and implement countermeasures
6. Maintain the CSMS

Question 2

List 4 tasks that occur within “Initiate a CSMS”.

Answer 2

1. Obtain leadership commitment, support and funding
2. Develop a business rationale
3. Develop the CSMS Scope
4. Involve Stakeholders

Question 3

List 5 tasks that occur within “High level risk assessment”

Answer 3

1. Define the methodology for identifying risks
2. Identify risks
3. Define the methodology for assessing the priority of risks
4. Assess the priority of risks
5. Document the results and rationale

Question 4

List 4 tasks that occur within “Detailed risk assessment”

Answer 4

1. Inventory IACS systems, networks and devices
2. Screen and prioritize
3. Identify detailed vulnerabilities
4. Identify and prioritize associated risks

Question 5

List 5 tasks that occur within “Establish Policy, Organization & awareness”

Answer 5

1. Create policies and procedures
2. Implement policies and procedures
3. Communicate policies
4. Develop training activities
5. Assign organisational responsibilities

Question 6

List 5 tasks that occur within “Select and implement countermeasures”

Answer 6

1. Establish the risk tolerance
2. Select common countermeasures
3. a) Select countermeasures - common countermeasures are a starting point to this
4. Implement countermeasures
5. Develop new or modify existing systems