ISA 62443 IC34 2 CONCEPTUAL DESIGN EXAM
QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS GRADED A++ LATEST UPDATE
A thorough risk assessment should deliver insights on system-wide, zone-
specific, and conduit-specific levels and generate:
-Risk profile
-Highest severity consequences
-Threats / vulnerabilities leading to the highest risks
-Target Security Levels
-Recommendations
What is the output of a Risk Assessment called?
Cybersecurity Requirement Specification (CRS)
The CRS must include at least the following:
SUC description
Zone and conduit drawings
Zone and conduit characteristics
Operating environment assumptions
Threat environment
Organizational security policies
, Tolerable risk
Regulatory requirements
What documents are required per zone/conduit?
•Name and/or unique identifier
•Accountable organization(s)
•Definition of logical boundary
•Definition of physical boundary, if applicable
•Safety designation
•List of all logical access points
•List of all physical access points
•List of data flows associated with each access point
•Connected zones or conduits
•List of assets and their classification, criticality and business value
•SL-T
•Applicable security requirements
•Applicable security policies
•Assumptions and external dependencies
How can the 5D's be applied to IACS's?
By developing a physical and cybersecurity protection strategy for each zone & conduit
What should physical and Cybersecurity protection strategy for each zone &
conduit be based on?
QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS GRADED A++ LATEST UPDATE
A thorough risk assessment should deliver insights on system-wide, zone-
specific, and conduit-specific levels and generate:
-Risk profile
-Highest severity consequences
-Threats / vulnerabilities leading to the highest risks
-Target Security Levels
-Recommendations
What is the output of a Risk Assessment called?
Cybersecurity Requirement Specification (CRS)
The CRS must include at least the following:
SUC description
Zone and conduit drawings
Zone and conduit characteristics
Operating environment assumptions
Threat environment
Organizational security policies
, Tolerable risk
Regulatory requirements
What documents are required per zone/conduit?
•Name and/or unique identifier
•Accountable organization(s)
•Definition of logical boundary
•Definition of physical boundary, if applicable
•Safety designation
•List of all logical access points
•List of all physical access points
•List of data flows associated with each access point
•Connected zones or conduits
•List of assets and their classification, criticality and business value
•SL-T
•Applicable security requirements
•Applicable security policies
•Assumptions and external dependencies
How can the 5D's be applied to IACS's?
By developing a physical and cybersecurity protection strategy for each zone & conduit
What should physical and Cybersecurity protection strategy for each zone &
conduit be based on?
