ISA IC33 Flashcards

Question

Why conducting Cybersecurity Vulnerability Assessment

Answer 1

The CVA defines, identify, and classify the vulnerability in the Industrial Control System and it is network component,.

Answer 2

Cybersecurity Vulnerability Assessment

Answer 3

Evaluate the configuration, Implementation, Management, and Operation.

Answer 4

Identify security deficiencies

Answer 5

- High Level - GAP Assessment - least invasive - Passive Assessment - Active Assessment - Penetration Test - Most Invasive

Answer 6

- Cost of the Assessment - Benefit gained from the Assessment.

Answer 7

meant for reviewing the system and compare it to the industrial standards and regulations.

Answer 8

- Interviews with key personnel - Questionnaires - Walk though - Examine of Sample Configurations and Drawings.

Answer 9

- Reviewing configuration - Collecting logs, data, - Capture traffic from network - Analysis of actual traffic. - Reviewing ARP tables.

Answer 10

running tools which are more invasive to the system. tools such as Nessus, Advance IP scanner, NMAP, Shodan, and others.

Answer 11

is the most intrusive to the system. PEN TEST start with active scanners then it exploit known vulnerabilities in the system,. - The JOB of the PEN TEST is to Validate the effectiveness of the countermeasures.

Answer 12

VA only assess and collect data, identify weakness, and report. PEN test exploit Vuln and try to gain access using complex tools.

Answer 13

- Identify benchmark standards. - Gather information from system by performing interviews, site visit and documentation - Compare the Benchmark standard with the performance - compart 1 and 2. - Document and report the results.

Answer 14

- CSET tool - Custom Databases - Custom Spreadsheets

Answer 15

- Repeatable and Systematic approach to assess the network - Evaluate against the security standards and regulation. - Identify potential Vuln in the system - Provide and offer guidelines

Answer 16

- Its component focus and not system focus - it cannot provide detailed risk assessment to deigns. - it is not meant to substitute the in depth analysis. - it is not risk analysis tool for system. - date should be treated securely.

Answer 17

- NERC-CIP - NIST Special publications. - NIST SP800-82 - DoD Instruction 8500 - NIST Cyber Security Framework - CNNSI 1253 - FIPS 199 - CFATS RBPS - NRC-RG

Answer 18

- Form a Team - Add Assessment Information - - Select Mode and Standard - Determine Security Level - Build a Network Diagram - Answer Questions - Analyze the Results.

Answer 19

GAP Assessment

Answer 20

- Pre Assessment - Kick off meeting - Walk through - Passive Data collection - Network Scanning - Active - Vulnerability Scanning - Active - Analysis - Reporting

Answer 21

- scope of the project - Find assessment team -`Select standard - set time and logistics - Review Documents - PPE requirement

Answer 22

asking and collecting all documents required to help with assessment

Answer 23

- identify personnel - timelines - contract needs - pre assessment requirement

Answer 24

- Visual inspection of the system - Physical Security Review - Review design document against actual installation. - Observe Operating Environment - Interview operational Personnel.

Answer 25

- Windows System information - Log files - Firewall, switches, routers configuration. - Network packet capture

Answer 26

capture traffic in all ports or same VLAN of the switch

Answer 27

Remote Switch Port Analyzer - it is used with bigger network to allow for traffic to be sent. if a lot of messages running then some packets or frames will be lost.

Answer 28

- identify what devices talk to - identify protocols in the network - detect unexpected or unusual traffic. - recognize messages with clear text - troubleshooting

Answer 29

- Port Scanning - Vulnerability Scanning - Pentation Testing

Answer 30

always make sure you have the proper approval for it.

Answer 31

this behavior means the network is vulnerable.

Answer 32

is a computer program designed to assess computers, computer systems, and applications.

Answer 33

- Nessus - Open Vas - Nexpose - Quslysy

Answer 34

is the most invasive method to evaluate the network. it will exploits known vulnerabilities and unknown ones as well.

Answer 35

- Kali Linux - Metasploit - Canvas

Answer 36

Packet Capture

Answer 37

Port Mirroring

Answer 38

Sniffing the Ethernet

Answer 39

Network Vulnerability Scanning tool

Answer 40

Understanding risk is important to determine how to assess risk

Answer 41

- Identify critical assets. - Determine realistic Threat - Identify existing Vulnerabilities - Understand the consequences of compromise - asses the effectiveness of the current countermeasures.

Answer 42

- Evaluate existing countermeasures. - Recommend additional countermeasures. - Recommend changes to policies and procedures. - priortize recommendation - evaluate effectiveness and evaluate risk

Answer 43

- help to determine what needs to be addressed first - help with understanding the threats and vlunrabilities - provide information to reduce risk by introducing segmentation, hardening - help with proritize the resources and activities. - help to evaluate the countermeasure based on their cost/complexity.

Answer 44

cost vs the security level as per the organiziation.

Answer 45

IEC62443-2-1

Answer 46

IEC62443-3-2

Answer 47

- Identify system under consideration SuC section 4.1 - Conduct high-level risk assessment section 4.2. - partition the SuC into zones and conduits 4.3

Answer 48

- high-level diagrams - inventory list review

Answer 49

- updated high level diagram and update inventory list.

Answer 50

it is meant to perform high level assessment for the SuC. the result include the worst case unmitigated risk that the SuC is brining to the organization.

Answer 51

- performing exersie to understand the worst case scenario in term of financial and HSE. - the scope should include the entire system under assessment. - the team with the knowledge should develop the worst case scenario. - any process hazard and process should be reviewed to identify potential consequences. - the results of the high level design should then be rated using the CONSEQUENCE SCALE..

Answer 52

High, Medium, and Low

Answer 53

- Business Continuity Plan - Information Security - Process Safety - Environment safety.

Answer 54

define zones and conduits. this can be done based on the highlevel risk assessment. zones should be based on same function. same level, same security requirment.

Answer 55

those are two different systems with different requirements. they should always be divided.

Answer 56

Safety instrument systems are different from basic control systems. those two should not be interfered and put in the same zone.

Answer 57

- usbs, maintenance machines, portable processing equipment's. .

Answer 58

should always be in one zone or more but not in the control system zones. this is because those devices are part of bigger network behind them.

Answer 59

connect in one zone which is different from the rest of the network.

Answer 60

- illustration of the different zones in the network - clearly shows how each zone is separated in the network - assets contained with those zones and conduits should be marked too.

Answer 61

- SuC description - operation environment assumption - threat landscape - mandatory security function. - tolerable risk - regulatory requirement .

Answer 62

- schedule a facilitator - someone can lead and have confidence in running cyber security assessment. - Team and establishing team - the team should include, the facilitator, control engineer, network engineers. process, process safety, SMEs. - prepare workshop material - this include network diagrams, previous assessment, data flow diagrams, inventory list, process flow,

Answer 63

as per the standard it is defined under section 5- the standard explain the input which is the requirement for each zone and conduit. the middle is the requirement and the output is the results. the list is 5.1 identify threat 5.2 identify vulnerabilities 5.3 determine consequences and impact. 5.4 determine likelihood. 5.5 calculate unmitigated cyber security risk 5.6 determine security level target. 5.7 consider exaiting countermeasures, 5.8 reevaluate likelihood and impact 5.9 calculate residual risk 5.10 all risk mitigated or below tolerable risk. 5.11 apply additional cybersecurity measure. 5.12 document results

Answer 64

here we should list all the threats that could effect the assets. we should include - threat description., - description of the threat skills. - description of possible threat vector. - identifying possible effected systems.

Answer 65

threat source could be - person or group. they normally created a software or hardware threat. it could also be environmental such as flood. the list should be comprehensive. and the threat should be classified and listed.

Answer 66

- unauthorized internal personnel - authorized internal personnel - unauthorized external personnel - hacker. - authorized 3rd party. - malware, equipment, equipment.

Answer 67

Is the means the threat source may utilize to compromise zone or conduit. this only describe what the attack is in general for documentation purposes. for example we talk about spoofing in general, tampering and what they mean in general.

Answer 68

Vulnerability is the weakness or the flow in a system design .

Answer 69

- policy and procedural - architecture and design - configuration and maintenance. - physical - software - communication and network

Answer 70

basically each threat and VULN found in section 5.1 and 5.2 should be evaluated to determine the consequences and impact. everything should be documented, for example when a person is injured then we need to know what is the conesquence who got effected and how much the fine.

Answer 71

create statement of the worst case consequence if threat would have happened. then assign impact rating as per consequence. normally worst case scenario is when no countermeasure in place.

Answer 72

likelihood is based on section 5.2 which is evaluating the vulnerability. the likelihood is either defined using frequency or probability.

Answer 73

- target attractiveness - attack surface.

Answer 74

- capability of threat vector - known vulnrability - motive/intent of threat.

Answer 75

most of the time is qualitative ( no numbers) it uses low, medium, or high. another

Answer 76

we will always need the UTL - unmitigated threat Likelihood for each threat. this is important. the UTL means that likelihood of threat leading to final consequence.

Answer 77

this calculation is normally done using RISK MATRIX that establish the relationship between the likelihood and impact. By providing the likelihood and impact measures we can easily determine and calculate the unmitigated cybersecurity risk

Answer 78

this needs to be done for each zone and conduit. the SLT in general is related to the CRRF and it is the unmitigated risk/tolerable risk.

Answer 79

in this level we evaluate the level of existing countermeasure to reduce the likelihood or attack.

Answer 80

- it is the combination of mitigate likelihood and impact measure.

Answer 81

it should be less than the tolerable risk. the company can decided to either transfer it, accept it, or reduce it.

Answer 82

this step is used to take care of any residual risk that it exceeds the tolerable risk. you can use IEC62443-3-3 which have option to how risk is and countermeasure are treated.

Answer 83

- documenting the results and participants for the assessment. - date should be identified on when the assessment was conducted. -

Answer 84

- documents are meant to verify, audit, and prove the finding of the assessment. documents should be under control scheme, they also needs to tracked, verified, updated and amended as per the requirement.

Answer 85

- Gap assessment reports. - Vulnerability assessment reports. - Risk Assessment Reports. - Zone and Conduit diagrams. Cybersecurity Requirement Specifications CRS.

Answer 86

High level document with all the findings. THIS DOCUMENT INCLUDES THE SL-T

Answer 87

- Discovered cyber assets. - policy and procedure VULN - Arch and Design Vuln - physical VULN - Software VULN. - Communication and network vuln

Answer 88

it general it provide risk profile. risk profile include - document finding such as high risk threats, high risk vulnerability and detailed assessment worksheet.

Answer 89

one of the requirement is to divide the network into zones and conduits.

Answer 90

this document include general security requirement based upon company policy, standard and regulations. - NOTE- CRS INCLUDE DEFINATIONS OF ZONES AND CONDUITS, ACCESS CONTROL REQUIREMENT,

Answer 91

- system arch - definition of zone and conduits. - network segment requirement - access control requirement - physical requirement - detection requirement

ISA IC33 Flashcards

(116 cards)