IEC62443: IC34M EXAM QUESTIONS AND ANSWERS
WITH COMPLETE SOLUTIONS GRADED A++ LATEST
UPDATE
What topics are included in the Design and Implement Phase?
Cybersecurity Requirements Specification
Design and Engineering of Cybersecurity Countermeasures
Design and Development of Other Means of Risk Reduction
Installation, Commissioning and Validation of Cybersecurity Countermeasures
What standard covers Cybersecurity Requirements Specification?
ISA 62443-3-2
What standard covers Design and Engineering of Cybersecurity
Countermeasures?
ISA 62443-3-3
What phase is covered in ISA 62443-2-1?
Maintain Phase
What topics are covered in ISA 62443-2-1?
Cybersecurity Maintenance, Monitoring and Management of Change
Cyber Incident Response and Recovery
Cybersecurity Management System: Policies, Procedures, Training and Awareness
,(continuous processes)
Periodic Cybersecurity Audits
Risk Profile
A deliverable from a risk assessment
It shows the risk associated with each zone (unmitigated and mitigated). Similar to a
"heat map" showing the zones with the greatest risk
SL 0
No requirements or security protection necessary
SL 1
Protection against casual or coincidental violation
SL 2
Protection against intentional violation with low resources, generic skill, and low
motivation
SL 3
Protection against intentional violation with moderate resources, IACS specific skills,
and moderate motivation
SL 4
Protection against intentional violation with extended resources, IACS specific skills,
and high motivation
What standard defines the 3 security level types?
ISA 62443-3-3
What is the SL-T dependent upon?
,The CRRF (Cyber Risk Reduction Factor)
CRRF
Unmitigated Risk / Tolerable Risk. Measure of the degree of risk reduction required to
achieve a tolerable risk
SL-T
Target Security Level
Must be provided for EACH zone or conduit
It is the DESIRED LEVEL of security for a particular IACS, zone or conduit
What standard(s) provides guidance on the programmatic aspects of the design
process?
ISA 62443-2-1
What standard(s) define system-level security requirements?
ISA 62443-3-3
What standard(s) define component-level technical security requirements?
ISA 62443-4-2
Name three characteristics of a Target Security Level (SL-T)?
SL-T is required for each security zone or conduit
SL-T is dependent upon Cyber Risk Reduction Factor (CRRF)
Relationship between CRRF and SL-T is based upon organizations risk matrix and risk
tolerance
What are the four T's of Managing Risk?
Tolerate
Transfer
, Terminate
Treat
What are the 5 D's of Treating Risk?
Deter
Detect
Delay
Deny
Defeat
What are the steps to developing a Security Strategy?
Identify zones
Review risk assessment results
Establish SL-T
Identify physical and cyber access points
Develop 5D physical & cyber security strategy for each access point
What are four components of Conceptual Cybersecurity Design specification?
Document new or upgraded security countermeasures to achieve with SL-T
Scope of work
Conceptual system architecture
Budgetary and schedule estimates
Which Security Level (SL) type is the highest security level obtainable by the
zone, conduit or component?
SL-C: Capability security level
WITH COMPLETE SOLUTIONS GRADED A++ LATEST
UPDATE
What topics are included in the Design and Implement Phase?
Cybersecurity Requirements Specification
Design and Engineering of Cybersecurity Countermeasures
Design and Development of Other Means of Risk Reduction
Installation, Commissioning and Validation of Cybersecurity Countermeasures
What standard covers Cybersecurity Requirements Specification?
ISA 62443-3-2
What standard covers Design and Engineering of Cybersecurity
Countermeasures?
ISA 62443-3-3
What phase is covered in ISA 62443-2-1?
Maintain Phase
What topics are covered in ISA 62443-2-1?
Cybersecurity Maintenance, Monitoring and Management of Change
Cyber Incident Response and Recovery
Cybersecurity Management System: Policies, Procedures, Training and Awareness
,(continuous processes)
Periodic Cybersecurity Audits
Risk Profile
A deliverable from a risk assessment
It shows the risk associated with each zone (unmitigated and mitigated). Similar to a
"heat map" showing the zones with the greatest risk
SL 0
No requirements or security protection necessary
SL 1
Protection against casual or coincidental violation
SL 2
Protection against intentional violation with low resources, generic skill, and low
motivation
SL 3
Protection against intentional violation with moderate resources, IACS specific skills,
and moderate motivation
SL 4
Protection against intentional violation with extended resources, IACS specific skills,
and high motivation
What standard defines the 3 security level types?
ISA 62443-3-3
What is the SL-T dependent upon?
,The CRRF (Cyber Risk Reduction Factor)
CRRF
Unmitigated Risk / Tolerable Risk. Measure of the degree of risk reduction required to
achieve a tolerable risk
SL-T
Target Security Level
Must be provided for EACH zone or conduit
It is the DESIRED LEVEL of security for a particular IACS, zone or conduit
What standard(s) provides guidance on the programmatic aspects of the design
process?
ISA 62443-2-1
What standard(s) define system-level security requirements?
ISA 62443-3-3
What standard(s) define component-level technical security requirements?
ISA 62443-4-2
Name three characteristics of a Target Security Level (SL-T)?
SL-T is required for each security zone or conduit
SL-T is dependent upon Cyber Risk Reduction Factor (CRRF)
Relationship between CRRF and SL-T is based upon organizations risk matrix and risk
tolerance
What are the four T's of Managing Risk?
Tolerate
Transfer
, Terminate
Treat
What are the 5 D's of Treating Risk?
Deter
Detect
Delay
Deny
Defeat
What are the steps to developing a Security Strategy?
Identify zones
Review risk assessment results
Establish SL-T
Identify physical and cyber access points
Develop 5D physical & cyber security strategy for each access point
What are four components of Conceptual Cybersecurity Design specification?
Document new or upgraded security countermeasures to achieve with SL-T
Scope of work
Conceptual system architecture
Budgetary and schedule estimates
Which Security Level (SL) type is the highest security level obtainable by the
zone, conduit or component?
SL-C: Capability security level
