When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?
When designing a Cyber-Physical System (CPS), a security practitioner's first consideration should be a risk assessment of the system. Conducting a risk assessment is critical because it identifies potential threats, vulnerabilities, and the impact of those threats. This foundational step is essential for making informed decisions regarding the implementation of security controls, including detection mechanisms, network topology, and system resiliency. Without a comprehensive risk assessment, it is impossible to determine the appropriate priorities and security measures effectively.
Talking about systems that could affect human life. Needs resiliency.
D is correct
Resiliency won't matter if you have done proper risk assessment.
..."haven't" done proper risk assessment.
Answer is correct
I vote for C While resiliency is an important consideration, it is not the first consideration that a security practitioner should make when designing a CPS. Before considering resiliency, it is important to conduct a risk assessment of the system to identify potential security risks and vulnerabilities. This information can then be used to determine the appropriate security controls and countermeasures needed to protect the system, including measures to enhance its resiliency.
C. Risk assessment of the system When designing a Cyber-Physical System (CPS) or any system, the first consideration for a security practitioner should be a risk assessment. By conducting a risk assessment, the practitioner can identify potential threats, vulnerabilities, and the potential impact of those threats. This assessment forms the foundation for all subsequent security decisions, including detection mechanisms, network topology considerations, and system resiliency measures. Understanding the risks allows for informed decisions about where to allocate resources and which security measures to prioritize.
Sooo many people jumping to D when C is all encompassing. Did everyone skip domain 1 or something? EVERYTHING always starts with risk
Cyber-physical systems refer to devices that offer a computational means to control something in the physical world. Examples of cyber-physical systems are embedded systems, and network-enabled devices is that of the Internet of Things (IoT) And for examples it include prosthetics to provide human augmentation or assistance, collision avoidance in vehicles, air traffic control coordination, precision in robot surgery, remote operation in hazardous conditions, and energy conservation in vehicles, equipment, mobile devices, and buildings.
I think this is B, you want to segment iot devices
CPS are often used in safety-critical applications where a failure could result in harm to people or damage to property. Therefore, ensuring the safety and reliability of these systems is of utmost importance.
A. The question is asking about a security professional's concerns during development of this system. Seems like " Detection of sophisticated attackers" is the only option that has to do directly with security. On this topic, I read books about how IoT devices are not secure at all, in fact when Dick Cheney had his pacemaker installed the wireless transmitter was removed so that he can't be injured by a hacker. Hackers have taken over baby monitors. Seems like with such a critical system that will control your life finding sophisticated attackers is the top priority.
I am changing my response to D: "We always need to begin with a risk assessment of a given environment or given device or a given application." https://cloudacademy.com/course/cissp-domain-3-security-architecture-engineering-module-6/assess-and-mitigate-vulnerabilities-embedded-devices-and-cyber-physical-systems/
Don't you mean C and not D in that case?
Resiliency of the system (Option D): Resiliency is important, but it's often addressed after conducting a risk assessment. The risk assessment informs decisions about how to design the system to be resilient against specific threats.
The answer is C: The first consideration when designing a cyber-physical system (CPS) security should be performing a risk assessment of the system, option C. Conducting a risk assessment provides the essential foundation to understand potential vulnerabilities, threats, and impacts to the CPS. This informs requirements and controls. While attacker detection, network topology, and resilience are important, they should stem from knowledge gained through the initial risk analysis. Without assessing risk first, the priorities and tradeoffs for subsequent activities like monitoring sophisticated attackers, designing secure network topology, and engineering resilient components cannot be contextualized properly. Therefore, a risk assessment provides the crucial first step that underpins effective cybersecurity design for CPS by identifying what needs protection and possible consequences.
C, C includes B. Risk management covers the resiliency design.
C. Risk assessment of the system Conducting a thorough risk assessment is a fundamental step in designing the security for any system, including CPS. Conducting a risk assessment covers all the other answer options which makes it the best answer.
Answer C) Risk assessment of the system A risk assessment will include all of the other answers. Wrong Answers: A. Detection of sophisticated attackers B. Topology of the network used for the system D. Resiliency of the system
Risk assessment will find as a risk the resiliency aspect
Correct Answer is indeed C. Doing the risk assessment you will find that we need resiliency.