Exam CISSP topic 1 question 317 discussion

Talking about systems that could affect human life. Needs resiliency.

Correct Answer is indeed C. Doing the risk assessment you will find that we need resiliency.

Sooo many people jumping to D when C is all encompassing. Did everyone skip domain 1 or something? EVERYTHING always starts with risk

Risk assessment will find as a risk the resiliency aspect

Answer C) Risk assessment of the system A risk assessment will include all of the other answers. Wrong Answers: A. Detection of sophisticated attackers B. Topology of the network used for the system D. Resiliency of the system

C. Risk assessment of the system Conducting a thorough risk assessment is a fundamental step in designing the security for any system, including CPS. Conducting a risk assessment covers all the other answer options which makes it the best answer.

C, C includes B. Risk management covers the resiliency design.

The answer is C: The first consideration when designing a cyber-physical system (CPS) security should be performing a risk assessment of the system, option C. Conducting a risk assessment provides the essential foundation to understand potential vulnerabilities, threats, and impacts to the CPS. This informs requirements and controls. While attacker detection, network topology, and resilience are important, they should stem from knowledge gained through the initial risk analysis. Without assessing risk first, the priorities and tradeoffs for subsequent activities like monitoring sophisticated attackers, designing secure network topology, and engineering resilient components cannot be contextualized properly. Therefore, a risk assessment provides the crucial first step that underpins effective cybersecurity design for CPS by identifying what needs protection and possible consequences.

Resiliency of the system (Option D): Resiliency is important, but it's often addressed after conducting a risk assessment. The risk assessment informs decisions about how to design the system to be resilient against specific threats.

C. Risk assessment of the system When designing a Cyber-Physical System (CPS) or any system, the first consideration for a security practitioner should be a risk assessment. By conducting a risk assessment, the practitioner can identify potential threats, vulnerabilities, and the potential impact of those threats. This assessment forms the foundation for all subsequent security decisions, including detection mechanisms, network topology considerations, and system resiliency measures. Understanding the risks allows for informed decisions about where to allocate resources and which security measures to prioritize.

A. The question is asking about a security professional's concerns during development of this system. Seems like " Detection of sophisticated attackers" is the only option that has to do directly with security. On this topic, I read books about how IoT devices are not secure at all, in fact when Dick Cheney had his pacemaker installed the wireless transmitter was removed so that he can't be injured by a hacker. Hackers have taken over baby monitors. Seems like with such a critical system that will control your life finding sophisticated attackers is the top priority.

Resiliency won't matter if you have done proper risk assessment.

CPS are often used in safety-critical applications where a failure could result in harm to people or damage to property. Therefore, ensuring the safety and reliability of these systems is of utmost importance.

I vote for C While resiliency is an important consideration, it is not the first consideration that a security practitioner should make when designing a CPS. Before considering resiliency, it is important to conduct a risk assessment of the system to identify potential security risks and vulnerabilities. This information can then be used to determine the appropriate security controls and countermeasures needed to protect the system, including measures to enhance its resiliency.

Answer is correct

I think this is B, you want to segment iot devices

Cyber-physical systems refer to devices that offer a computational means to control something in the physical world. Examples of cyber-physical systems are embedded systems, and network-enabled devices is that of the Internet of Things (IoT) And for examples it include prosthetics to provide human augmentation or assistance, collision avoidance in vehicles, air traffic control coordination, precision in robot surgery, remote operation in hazardous conditions, and energy conservation in vehicles, equipment, mobile devices, and buildings.