Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NIST Framework Notes > ICS,OT and IT Notes > Flashcards

ICS,OT and IT Notes Flashcards

1
Q

Purdue Model Levels

A

4/5 - Enterprise, 3.5 - ICS DMZ, 3 - SCADA Operations, 2 - Control System area (HMI), 1- Controllers, PLCs, RTU, 0 - Physical Processes, Sensors, Switches, Relays, Pumps , Valves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

PLC (Programmable Logic Computer)

A

Connects the physical hardware to the real world, and runs logic code to read state or change the state of the engineering process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data Historian

A

contains data on the industrial control system environment (Changes and trends over time). Targeted for exfiltration of sensitive info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Engineering Workstation

A

EW has access to software to program and change PLCs and other field devices. targeted to get access to the code for PLCs and change the processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HMI (Human Machine Interface)

A

Visual interface between the physical process and the operators.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IT Email System (Not ICS)

A

used to pivot towards data historian. Typically shares a trust relationship with data historians.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 5 Critical ICS Assets

A

PLC, Data Historian, Engineering Workstation, HMI, and IT Email System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How to defend critical assets

A

Network Segmentation, Network Monitoring (IDS), Engineering Tasks (Check logic and RUN mode for field devices)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Network Security Monitoring Devices

A

Switches & Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PLC Protection

A

Put devices in “RUN” mode to prevent remote access changes. Check the hash of the project files for critical PLCs. Change Management at the PLC level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Historian Protection

A

Any data coming into data historian monitoring, exfiltration from data historian monitoring, Separate AD and domain environment from IT AD, & no trust relationships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Engineering Workstation Protection

A

Network monitoring, Data exfiltration (USB removable media), and network-specific commands from the device (Ports and remote access ports).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HMI Protection

A

Monitor network-specific traffic from HMI, Changes to the HMI, application logs, or alarm logs, Jump box in DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IT Email System Protection

A

Sandboxing for URL, Attachments, etc. IT Security and awareness of ICS, IT security provides data to ICS security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Asset Inventory

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

NIST Framework Notes (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions