ISA 62443 IC34 2 Conceptual Design Practice
Questions with Answers
Save
Terms in this set (63)
A thorough risk assessment should -Risk profile
deliver insights on system-wide, -Highest severity consequences
zone-specific, and conduit-specific -Threats / vulnerabilities leading to the highest risks
levels and generate: -Target Security Levels
-Recommendations
What is the output of a Risk Cybersecurity Requirement Specification (CRS)
Assessment called?
The CRS must include at least the SUC description
following: Zone and conduit drawings
Zone and conduit characteristics
Operating environment assumptions
Threat environment
Organizational security policies
Tolerable risk
Regulatory requirements
, What documents are required per •Name and/or unique identifier
zone/conduit? •Accountable organization(s)
•Definition of logical boundary
•Definition of physical boundary, if applicable
•Safety designation
•List of all logical access points
•List of all physical access points
•List of data flows associated with each access
point
•Connected zones or conduits
•List of assets and their classification, criticality and
business value
•SL-T
•Applicable security requirements
•Applicable security policies
•Assumptions and external dependencies
How can the 5D's be applied to By developing a physical and cybersecurity
IACS's? protection strategy for each zone & conduit
What should physical and -Risk assessment results
Cybersecurity protection strategy for -Target Security Level
each zone & conduit be based on? -Cybersecurity Requirements Specification
How many Security Levels (SLs) are 5
defined in the ISA/IEC 62443 series?
What Security Level is defined as SL 0
having no specific requirements or
security protection necessary?
What Security Level is defined as SL 1
protection against casual or
coincidental violation?
Questions with Answers
Save
Terms in this set (63)
A thorough risk assessment should -Risk profile
deliver insights on system-wide, -Highest severity consequences
zone-specific, and conduit-specific -Threats / vulnerabilities leading to the highest risks
levels and generate: -Target Security Levels
-Recommendations
What is the output of a Risk Cybersecurity Requirement Specification (CRS)
Assessment called?
The CRS must include at least the SUC description
following: Zone and conduit drawings
Zone and conduit characteristics
Operating environment assumptions
Threat environment
Organizational security policies
Tolerable risk
Regulatory requirements
, What documents are required per •Name and/or unique identifier
zone/conduit? •Accountable organization(s)
•Definition of logical boundary
•Definition of physical boundary, if applicable
•Safety designation
•List of all logical access points
•List of all physical access points
•List of data flows associated with each access
point
•Connected zones or conduits
•List of assets and their classification, criticality and
business value
•SL-T
•Applicable security requirements
•Applicable security policies
•Assumptions and external dependencies
How can the 5D's be applied to By developing a physical and cybersecurity
IACS's? protection strategy for each zone & conduit
What should physical and -Risk assessment results
Cybersecurity protection strategy for -Target Security Level
each zone & conduit be based on? -Cybersecurity Requirements Specification
How many Security Levels (SLs) are 5
defined in the ISA/IEC 62443 series?
What Security Level is defined as SL 0
having no specific requirements or
security protection necessary?
What Security Level is defined as SL 1
protection against casual or
coincidental violation?
