Exam Cybersecurity Fundamentals Specialist topic 1 question 87 discussion

Answer is "B". Check page 157 - ISA62443-2-1: A common pitfall is to attempt to initiate a CSMS program without at least a high-level rationale that relates cyber security to the specific organization and its mission.

For CSMS common pitfall is lack of management support thus no resources allocated, answer is B. A = detailed risk assessment C = high-level risk assessment D = high-level risk assessment – Cybersecurity fatigue – Overwhelmed by number of issues – Avoid the “shiny object syndrome”

Correct answer is B. Answer D, "Immediate jump into detailed risk assessment" is a pitfall of "High-Level risk assessment"

We must select methodologies for identifying and prioritizing these risks and then execute those methodologies. We must identify them upfront and provide the structure for the rest of the risk assessment. We want to involve the stakeholders identified during the initiate step. The common pitfall here is to immediately jump into a detailed risk assessment. It's easy to do, especially with technical stakeholders. We have this shiny object syndrome that we tend to do, "Ooh, look at that. I'm going to go chase that for now. Ooh, look, I want to chase that for now." Avoid that shiny object syndrome, especially when you're doing the risk assessments. You get to see some cool things but you've got to stay focused and stay on track. IC32M page 190

Whats the correct answer? B or D?

See my previous answer.

62443-2-1_B.3 - "A common pitfall is to attempt to initiate a CSMS program without at least a high-level rationale that relates cyber security to the specific organization and its mission." D. is a Pitfall when performing assessments.

According to the ISA material, when initiating the CSMS program with initial/high level risk assessment the common pitfall is to immediately jump into detailed risk assessment