California State University Security Life Cycle Model Multiple Choice Questions

Question Description

Q1.

The Security Life Cycle Model is a process that helps in maintaining an acceptable level of security in industrial controls systems and networks. The model begins with deterrence and ends with correction. In your own words, describe this process while incorporating an example (e.g., of how to deter XX and how to prevent XX and so on through the cycle). Your reply should be a minimum of 1 paragraph. A paragraph is 3 sentences minimum and 5 sentences maximum. It is OK if you go beyond 1 paragraph.

Q2.

NIST 800-82 is a guide to Industrial Control Systems (ICS) Security, which SCADA falls under. Select one control, identify whether the control falls under Management, Operational or Technical Controls and explain what this control helps mitigate in a SCADA system? Provide an example of this control in a real world situation (for example you can refer to one of the case-studies and explain how XX control could have mitigated Y). Your reply should be a minimum of 1 paragraph. A paragraph is 3 sentences minimum and 5 sentences maximum. It is OK if you go beyond 1 paragraph.

N.B incase you would like to use case study as example let me know to provide you

Q3

1.Security events are those events generated by security and infrastructure products (e.g., firewalls and network routers).

True

2. A false negative is when a real threat fails to create an alert.

3. System logs are useful for:

4. The problem with Configuration Management within ICS is that a large portion of the critical configuration information is retained in embedded devices often running proprietary or closed operating systems using non-standard communication protocols.

5. Relevant security inforamtion comes from various places such as the network, assets and hosts which all provide for:

6. Common standards and regulations for ICS include:

7. Unlike other standards, Common Criteria and Federal Inforamtion Processing Standards aim to:

8. Security products are also subject to regulatory requirements.

9. Which NIST publication provides guidance on security controls for federal information systems?

10. Understanding how regulatory standards and regulations can impact the security of a network or system will help at all stages of industrial network security planning and implimentation.