ISA 62443 Cybersecurity Fundamentals Exam
IC32 | QUESTIONS AND ANSWERS
Save
What does ISA-62443 1-1 Cover? Basic Concepts and models related to
cybersecurity. The difference between IT and IACS,
Defense-in-Depth and Security zones and conduits.
The difference between IT and IACS IACS Cybersecurity has to address issues of health,
safety and environment (HSE).
IT - Confidentiality - Integrity - Availability.
IACS - Availability - Integrity - Confidentiality.
With IACS there are lives on the line -
downtime/rebooting not acceptable.
COTS Commercial off the shelf
Defence in Depth Layered Security (order doesn't matter this is
example):
Physical Security
Policies and Procedures
Zones & Conduits
Malware Prevention
Access Controls
Monitoring & Detection
Patching
Risk equation Risk = Threat x Vulnerability x Consequence
,5 Risk Responses 1. Design the risk out
2. Reduce the risk
3. Accept the risk
4.Transfer or share the risk
5.Redesign ineffective controls
, What requires continuous IACS
operation, may not tolerate
rebooting and may require
certification after any changes
What is Shodan? Online service which has done a full port scan of
the entire IPv4 Internet
What is a regulation? Mandatory rules to follow
What is a standard? Standards are voluntary codes for which there are
no legal obligations to comply. Possibility of
getting sued if negligent
Normative standard? Normative elements are indicated by the use of the
words "shall" or "must"
Informative standard? The informative
elements provide clarification or additional
information like guidelines
What is ISA99? Committee that makes standards across industries
What are the 4 work product 1. General
organization (Groups) of the ISA 2. Policies & Procedures
62443 standards? 3.System
4. Component
Are TRs normative or informative? Informative
ISA-62443-1-1 Concepts and Models
IC32 | QUESTIONS AND ANSWERS
Save
What does ISA-62443 1-1 Cover? Basic Concepts and models related to
cybersecurity. The difference between IT and IACS,
Defense-in-Depth and Security zones and conduits.
The difference between IT and IACS IACS Cybersecurity has to address issues of health,
safety and environment (HSE).
IT - Confidentiality - Integrity - Availability.
IACS - Availability - Integrity - Confidentiality.
With IACS there are lives on the line -
downtime/rebooting not acceptable.
COTS Commercial off the shelf
Defence in Depth Layered Security (order doesn't matter this is
example):
Physical Security
Policies and Procedures
Zones & Conduits
Malware Prevention
Access Controls
Monitoring & Detection
Patching
Risk equation Risk = Threat x Vulnerability x Consequence
,5 Risk Responses 1. Design the risk out
2. Reduce the risk
3. Accept the risk
4.Transfer or share the risk
5.Redesign ineffective controls
, What requires continuous IACS
operation, may not tolerate
rebooting and may require
certification after any changes
What is Shodan? Online service which has done a full port scan of
the entire IPv4 Internet
What is a regulation? Mandatory rules to follow
What is a standard? Standards are voluntary codes for which there are
no legal obligations to comply. Possibility of
getting sued if negligent
Normative standard? Normative elements are indicated by the use of the
words "shall" or "must"
Informative standard? The informative
elements provide clarification or additional
information like guidelines
What is ISA99? Committee that makes standards across industries
What are the 4 work product 1. General
organization (Groups) of the ISA 2. Policies & Procedures
62443 standards? 3.System
4. Component
Are TRs normative or informative? Informative
ISA-62443-1-1 Concepts and Models
