Identification should include
- identifying vulnerabilities and risks
- testing access points to the product
- using input/output validations
- applying the confidentiality, integrity, and availability (CIA) triad as appropriate (e.g., authentication/encryption)
- identifying methods of remediation.
Process/Skill Questions:
- How are the cybersecurity principles applicable to Industrial Control Systems (ICS) and IoT?
- What is the potential for product misuse?