Improving Security Position in Operational Technology and Information Technology Integration
Question
An organization is in the process of integrating its operational technology and information technology areas.
As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.
The following observations have been identified: 1
The ICS supplier has specified that any software installed will result in lack of support.
2
There is no documented trust boundary defined between the SCADA and corporate networks.
3
Operational technology staff have to manage the SCADA equipment via the engineering workstation.
4
There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The given scenario highlights the need for an organization to integrate its operational technology (OT) and information technology (IT) areas, and the organization wants to see some cultural changes like more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.
However, the following observations pose a challenge to the organization's security posture:
- The ICS supplier has specified that any software installed will result in a lack of support.
- There is no documented trust boundary defined between the SCADA and corporate networks.
- Operational technology staff has to manage the SCADA equipment via the engineering workstation.
- There is a lack of understanding of what is within the SCADA network.
Out of the given options, the capability that would BEST improve the security position of the organization is D. IDS, NAC, and log monitoring.
Explanation:
IDS (Intrusion Detection System) can monitor the network and detect any unauthorized access attempts, malicious activities, or potential security breaches. IDS can raise alerts or generate logs based on suspicious activities, allowing security personnel to investigate and respond quickly.
NAC (Network Access Control) can ensure that only authorized devices and users can access the network. It can verify the device's security posture before allowing access to the network and can also ensure that the device is compliant with the organization's security policies.
Log monitoring can help the organization detect any anomalies in the system logs, which could indicate a security breach or a misconfiguration. Log monitoring can also help in incident response by providing the necessary information for investigation and remediation.
Therefore, these capabilities can help the organization to detect and prevent security breaches, enforce access control policies, and respond effectively to security incidents.
