SECURITY PROFILES FOR ISA/IEC 62443 EXAM
QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS GRADED A++
How does IEC 62443 deal with security profiles?
Security profiles are used to establish specific 'targets' for systems and components to
reach based on requirements set out by the standards in the series: 1-5
There are no pre-defined ones, as it is up to the asset owner / organisation to create
their own profiles based on their need: contextualising the requirements
The main items the profiles define are the security features and participating parties,
following the reference architecture [e.g. for electric energy OT]
Summarise how cybersecurity profiles are made and their usage [BY, FOR, HOW]
ISA/IEC TR/TS 62443-1-5 has a scheme for drafting security profiles for the series
Cybersecurity profiles made basde on this scheme are published as part of the 62443-5
series.
Usage:
- BY: interested parties
, - FOR: making defined set of requirements to be used with the series
- HOW: either generic 62443 terminology, or industry-sector-specific
What is the relation between the 62443 standards and the security profiles?
The 62443 standards are used by security profiles [to define]
I.e. profiles refer to the standards documents
Applicable standards which can be referenced:
- 2-1
- 2-4
- 3-3
- 4-1
- 4-2
Included requirements are highlighted and justification necessary for those excluded
Explain how 62443 standards and security profiles differ [x5 v. X6 points]
62443 Standards:
- specifies:
- the security requirements
- terminologies
- roles
- concepts
- address multiple domains
QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS GRADED A++
How does IEC 62443 deal with security profiles?
Security profiles are used to establish specific 'targets' for systems and components to
reach based on requirements set out by the standards in the series: 1-5
There are no pre-defined ones, as it is up to the asset owner / organisation to create
their own profiles based on their need: contextualising the requirements
The main items the profiles define are the security features and participating parties,
following the reference architecture [e.g. for electric energy OT]
Summarise how cybersecurity profiles are made and their usage [BY, FOR, HOW]
ISA/IEC TR/TS 62443-1-5 has a scheme for drafting security profiles for the series
Cybersecurity profiles made basde on this scheme are published as part of the 62443-5
series.
Usage:
- BY: interested parties
, - FOR: making defined set of requirements to be used with the series
- HOW: either generic 62443 terminology, or industry-sector-specific
What is the relation between the 62443 standards and the security profiles?
The 62443 standards are used by security profiles [to define]
I.e. profiles refer to the standards documents
Applicable standards which can be referenced:
- 2-1
- 2-4
- 3-3
- 4-1
- 4-2
Included requirements are highlighted and justification necessary for those excluded
Explain how 62443 standards and security profiles differ [x5 v. X6 points]
62443 Standards:
- specifies:
- the security requirements
- terminologies
- roles
- concepts
- address multiple domains
