An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
The most significant concern for an industrial control system (ICS) using older unsupported technology is the greater risk of system exploitation. Unsupported systems do not receive updates or patches to address any newly discovered vulnerabilities, making them more susceptible to attacks. This can lead to unauthorized access, disruption of operations, and potential theft of sensitive information, thus posing a significant threat to the security and integrity of the ICS.
System exploitation is not the only risk, other risks can be system failure or misconfigurations. System exploitation can be compensated by isolating the system network or using IPS, but if system fails or misconfigured, it can`t be restored without a DRP. B. Disaster recovery plans (DRPs) are not in place.
disaster recovery plans (DRPs) not in place, is also a concern, but it is not the most significant concern in this scenario because it is possible to develop DRPs even if the technology is unsupported.
According to SANS Institute, consequences of modern ICS cyber-attacks on an even grander scale can include: • Large power grid blackouts in large cities and entire regions • Failure of critical manufacturing equipment • Massive business financial losses • Paralysis of smart city emergency infrastructure in large municipalities • Injury of plant workers • Serious environmental damage So, option D is the correct answer.
When a system is no longer supported, it means that there are no more updates or patches available to address any security vulnerabilities that may be discovered. This leaves the system open to exploitation by attackers, who can take advantage of the system's weaknesses to gain unauthorized access, disrupt operations, or steal sensitive information
Possibility of increased system exploitation could be the concern of the organisation mainly, lack of DRP is a concern for auditor which the auditor should report.
My answer is D - there is a greater risk of system exploitation. As technology becomes unsupported, it is more vulnerable to exploitation, since new vulnerabilities are not being addressed. This could lead to a system breach or other major issues.
Greetings to all, i bring you good news today. Those of you who are into IT and wanna venture into cybersecurity and having difficulties to study and how to go through are hereby advice to get directories from the global certification support center. They orientate you on how to get and pass certifications with lots of ease making you competent and master in the field. Reach them using the site globalcertcenter.org Good luck
D. There is a greater risk of system exploitation.
option C directly addresses the evolving nature of attack vectors for industrial control systems, which is crucial for understanding the specific security risks posed by outdated technology in the ICS environment.
D. There is a greater risk of system exploitation.