Register
A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques
12.8k views
4 votes
A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO).

Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?

A. Conducting tabletop exercises to evaluate system risk
B. Contracting a third-party auditor after the project is finished
C. Performing pre- and post-implementation penetration tests
D. Running frequent vulnerability scans during the project

User Delehef
by
8.4k points

1 Answer

6 votes

Final answer:

The best strategy to track the reduction of an ICS's attack surface and validate the security engineer's plan to the CISO is through performing pre- and post-implementation penetration tests, as they offer concrete, comparative insight into security improvements.

Step-by-step explanation:

The question is about a manufacturing company's security engineer proposing techniques to reduce the attack surface of an Industrial Control System (ICS). The goal is to find the best strategy to track reductions and show that the engineer's plan is successful during each phase to the Chief Information Security Officer (CISO).

To accurately track and demonstrate the effectiveness of security enhancements to the CISO, performing pre- and post-implementation penetration tests would be the most comprehensive approach. This technique allows for a clear before-and-after comparison, demonstrating how vulnerabilities have been closed and security controls strengthened. Tabletop exercises are valuable for assessing theoretical risks, but they do not provide tangible evidence of improvements. Contracting a third-party auditor post-project is useful for an unbiased evaluation, but it may not track progressive improvements over time. Regular vulnerability scans are also important, but penetration testing is a more effective means to uncover deeper security issues that scans may overlook.

User Paul Cager
by
7.7k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.1m questions

11.8m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!