Terminology and Regulations & Standars (ISA/IEC 62443-1-1) Flashcards

1
Q

ISA/IEC 62443 Series Groups

A
  • General
  • Policies & Procedures
  • System
  • Component
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Difference between Standars and Technical Reports

A

Standars are normative in nature, they have shall and must statements.

Technical reports are informative in nature. Are published to provide recommendatios for implementing aproach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The meaning of

IED
DCS
MES
EMS
PLC
HMI

A

IED: Intelligent Electronic Device
DCS: Distributed Control System
MES: Manufacturing Execution System
EMS: Energy Management System
PLC: Programable Logic Controller
HMI: Human-Machine Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Acronyms

RTU
HVAC
SCADA
IACS
SIS
ICS

A

RTU: Remote Terminal Unit
HVAC: Heating, Ventilation, and air-conditioning
SCADA: Sypervisory Control and Data Acquisition
IACS: Industrial Automation and Control System(s)
SIS: Safety Instrumented System
ICS: Industrial Control System(s)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

STANDARS are mandatory or voluntary?

A

Regulations being mandatory, standars, compliance and conformance to them is voluntary. It’s consensus driven.

There is no requirement on anyone to use them unless….
* If agreed to in a contract …
* Penalty, either civil or criminal, for not complying with them
* Due Diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What kind of content do the Standars have?

A
  • Normative: are those parts that shall be complied with in order to demonstrate compliance with the standard.
  • Infromative: provide clarification or additional informational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does Frameworks provide?

A

Provides a common taxonomy and mechanism for organizations.
* Describe current cybersecurity posture
* Describe target state for cybersecurity
* Indentify and prioritize oportunities for improvement within the context of a continuous and repeatable process
* Assess progress toward the target state
* Communicate among internal and external stakeholders about cybersecurity risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Regulations

A

Specifies legally enforceable requirementes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Standars

A

Voluntary codes for witch there are no legal obligations to comply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Normative

A

Elements that shall be complied with in order to demostrate compliance with the standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Informative

A

Elements provide clarification or additional information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SDO

A

A Standard Development Organization such as ISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly