A government organization operates and maintains several ICS environments.
The categorization of one of the ICS environments led to a moderate baseline.
The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The organization has already categorized one of their ICS environments and complied with a set of security controls based on the categorization. However, since this is a unique environment, the organization needs to determine if there are any other security controls that should be considered to provide adequate security.
The correct next step would be to check for any relevant or required overlays. Overlays are additional sets of controls that are applied to an existing baseline to address specific security requirements. These overlays are usually created by regulatory bodies or industry-specific groups and are designed to supplement existing baselines to meet additional security requirements.
By checking for relevant or required overlays, the organization can identify any additional security controls that are specific to their ICS environment, and that are not included in the moderate baseline set of controls. This will help the organization ensure that they are adequately protecting their ICS environment from potential threats and risks.
Reviewing enhancements within the current control set, modifying to a high-baseline set of controls, and performing continuous monitoring are also important steps in maintaining the security of the ICS environment, but they are not the appropriate next step in this case.