Preparing for an Assessment Flashcards
Security Lifecycle
Assess Phase
- High-Level Cyber Risk Assessment
- Allocation of IACS Assets to Security Zones or Conduits
- Detailed Cyber Risk Assessment
ISA 62443-3-2
Cyber Incident Response & Recovery which security life does it fall under?
Maintain Phase
Design and Engineering of Cybersecurity Countermeasures.
Which stage of the security lifecycle does this correspond to?
Develop & Implement Phase
Detailed Cyber Risk Assesment
which phase of the security lifecycle does this correspond to?
Assess Phase
Scope Assessment Phase
Scope determines the parameters of what is included in the assessment and how it is performed
- Identify Requirements
- Specify Devices
- Select Collection Method
- Document
Scope the System. Goals
Key Components of Scope
- System Archictecture Diagrams
- Network Diagrams
- Asset Inventory
- Criticality Assessment
ISA 62443 Refrence Model
Asset Inventory contents
Asset Inventory - Software Contents
Assessment Critically?
Assessment of the criticality, of an IACS asset, is the measure of the negative impact, should information be unavailable, unreliable, or compromised.
The AIC Method offers a way to insure consequences are considered:
Consider Availability:
How severe is the consequence if this asset is unable to perform its intended function?
Consider Integrity:
How severe are the consequences if the information this asset processes or stores was compromised?
Consdier Confidentiality
How severe are the consequences if the information this asset processes or stores were to be breached?
Which document details how the network is physically and logically constructed?
Network Diagram
What is the criticality assessment of an IACS asset called?
Cyber Security Criticality Assessment
Which level in ISA 62443 Reference Model include Business Planning and Logistics?
Level 4
