M6 - Critical Infas

Why is asset criticality scoring important in ICS environments?

It drives prioritization of protections under constrained conditions

What is a a key limitation of vulnerability scans in ICS risk assessment?

They interrupt real-time operations

What is a benefit of cybersecurity HAZOP methodology?

Identifying deviations in ICS processes caused by cyber threats

What is the first step in an ICS-specific risk assessment?

System characterization

What role does risk classification play in ICS assessments?

It groups threats based on severity and probability

What distinguishes cybersecurity HAZOPs from traditional HAZOPs?

Application of process deviation analysis to cyber risk

Which of the following is a part of a risk mitigation strategy?

Isolating high-impact assets in secure zones

Why is system characterization critical before identifying threats?

It identifies asset function, location, and criticality

What does a cyber-physical threat model emphasize?

Physical outcomes of digital attacks

Why is traditional IT risk assessment insufficient in ICS environments?

It doesn’t aaccount for physical consequences or uptime constraints