Identification should include the concept that
- security awareness related to social engineering threats is a critical part of ICS incident prevention
- preventions and protections against cyberattack change as the targets, vulnerabilities, and threats change
- each vulnerability will have its own unique set of preventions and protections, and should include, but not be limited to
- network protection as the initial line of defense (e.g., authentication, virus protection software, anti-spyware, anti-adware, firewalls, intrusion prevention)
- operating systems and applications as critical to reducing vulnerabilities and identification of systems maintenance measures that assist in system protection (e.g., system updates and audits)
- secure coding practices in database information and programming as critical to preventing injection vulnerabilities, in which an application sends untrusted data to an interpreter
- user training to make users aware of potential threats resulting from their actions.
Process/Skill Questions:
- Why might a company restrict user access to the network resources necessary for their business functions?
- What are examples of practices and controls regarding the protection of networks and information?
- What is social engineering, and how can it be used to compromise otherwise secure systems?
- What are examples of threat sources?
- What are the categories of potential vulnerabilities and predisposing conditions commonly found within ICS systems?