IEC 62443 – Risk EXAM ACTAUL QUESTIONS AND
ANSWERS WITH COMPLETE SOLUTIONS VERIFIED
LATEST UPDATE
Assess Phase - High Level Risk Assessment (-3-2)
- Allocation if IACS assets to zones and conduits
(-3-2)
- Detailed Risk Assessment (-3-2)
Develop & Implement Phase - Cybersecurity Requirements Specification (-3-
2)
- Design and engineering of countermeasures (-
3-3)
- Design and development of other means of
risk reduction
- Installation, commissioning and validation of
countermeasures
Maintain Phase - Cybersecurity Maintenance Monitoring and
management of change (-2-1)
, - Cyber incident response and recovery (-2-1)
Security lifecycle Assess
Develop and
implement
Maintain
Criticality Assessment / Business Impact Assessment - Assessment of criticality of
assets (input for risk assessment)
- Measure of the negative impact should
information be unavailable, unreliable or
compromised
- Communicated to employees and contractors
- Methodology for identifying worse case
scenarios
Process Hazard Analysis (PHA) A method of conducting a comprehensive
examination process to identify
potential cyber hazards and assess associated
risks. Used to priorities hazards, determine risk
levels and recommend control measures to
manage and mitigate those risks effectively
High-Level Risk Assessment A broad overview of potential risks without
delving into specific details or existing
ANSWERS WITH COMPLETE SOLUTIONS VERIFIED
LATEST UPDATE
Assess Phase - High Level Risk Assessment (-3-2)
- Allocation if IACS assets to zones and conduits
(-3-2)
- Detailed Risk Assessment (-3-2)
Develop & Implement Phase - Cybersecurity Requirements Specification (-3-
2)
- Design and engineering of countermeasures (-
3-3)
- Design and development of other means of
risk reduction
- Installation, commissioning and validation of
countermeasures
Maintain Phase - Cybersecurity Maintenance Monitoring and
management of change (-2-1)
, - Cyber incident response and recovery (-2-1)
Security lifecycle Assess
Develop and
implement
Maintain
Criticality Assessment / Business Impact Assessment - Assessment of criticality of
assets (input for risk assessment)
- Measure of the negative impact should
information be unavailable, unreliable or
compromised
- Communicated to employees and contractors
- Methodology for identifying worse case
scenarios
Process Hazard Analysis (PHA) A method of conducting a comprehensive
examination process to identify
potential cyber hazards and assess associated
risks. Used to priorities hazards, determine risk
levels and recommend control measures to
manage and mitigate those risks effectively
High-Level Risk Assessment A broad overview of potential risks without
delving into specific details or existing
