Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISA/IEC 62443 - IC37M - Cybersecurity Operations & Maintenance > IC37M01 - Risk Assessment and Design Phase Overview > Flashcards

IC37M01 - Risk Assessment and Design Phase Overview Flashcards

1
Q

Passive

A

This vulnerability assessment discovers networks devices using means including:

  • Reviewing drawings
  • System walk-through
  • Traffic analysis
  • ARP Tables

The goal is to discover vulnerabilities by understanding the system and processes and create or update documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

High Level
(Gap Assessment)

A

This assessment evaluates an organization’s existing operational and technical cybersecurity practices. It should provide a comparison of the system to industry regulations, standars and best practices, as well as feedback on performance relative to industry peers. It involves interviews, site-walks, examination of drawings and configurations, and a review of existing policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Penetration Test

A

The most invasive of cybersecurity vulnerability assessments and the only assessment type where you try to actively exploit the vulnerabilities found in the previous steps. It begins with an active cybersecurity vulnerability assessment that is conducted using the prospective of a potential attacker. It attemps to exploit known and unknown security vulnerabilities, so it can validate the effectiveness of security countermeasures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Active

A

This assessment is an invasive vulnerability assessment. It is used discover network devices using active scanning tools and techniques to develop an understanding of the system and may require the creation or update of documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Documents & Reports to Maintain

A
  • Gap Assessment Report
  • Vulnerability Assessment Report
  • Risk Assessment Report
  • Zone & Conduit Diagrams
  • Cybersecurity Requirements Specifications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The risk is known and accepted by the organization. The organization is willing to use this approach with this risk.

A

Tolerate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The risk is passed to a third party, for example an insurer or an outsource, to manage the risk. This does not eliminate the risk.

A

Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process, activity, tool, etc. is no longer used. By stopping the usage the risk is no longer relevant.

A

Terminate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Reduce the likelihood of the threat materializing or the resultant impact by introducing relevant controls and continuity strategies. Mitigating controls are put in place.

A

Treat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ISA/IEC 62443 - IC37M - Cybersecurity Operations & Maintenance (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions