試験ISA-IEC-62443 トピック1 問題23 スレッド

ISA ISA-IEC-62443のリアル試験問題集
問題 #: 23
トピック #: 1
Which of the following is an example of separation of duties as a part of system development and maintenance?
Available Choices (select all choices that are correct)

おすすめの解答:A 解答を投票する

Separation of duties is a security principle that aims to prevent fraud, errors, conflicts of interest, or misuse of resources by dividing critical tasks or functions among different people or teams. It is one of the foundational requirements (FRs) of the ISA/IEC 62443 standards for securing industrial automation and control systems (IACSs). According to the ISA/IEC 62443-2-1 standard, separation of duties includes the following system requirements (SRs):
* SR 2.1: Security management policy
* SR 2.2: Personnel security
* SR 2.3: System development and maintenance
* SR 2.4: Incident response and recovery
* SR 2.5: Compliance and review
Among these SRs, the one that is most related to the example of system development and maintenance is SR
2.3. SR 2.3 requires that the IACS shall provide the capability to ensure that the development and maintenance of the system and its components are performed in a secure manner. This means that the IACS should have a mechanism to control the access and authorization of developers, testers, integrators, and maintainers who work on the system and its components. It also means that the IACS should have a mechanism to verify and validate the quality and security of the system and its components before, during, and after the development and maintenance processes.
Therefore, an example of separation of duties as a part of system development and maintenance is that changes are approved by one party and implemented by another. This ensures that the changes are authorized, documented, and reviewed by someone who is not involved in the implementation. This reduces the risk of introducing errors, vulnerabilities, or malicious code into the system and its components.
References:
* ISA/IEC 62443-2-1:2010, Security for industrial automation and control systems - Part 2-1: Establishing an industrial automation and control systems security program1
* ISA/IEC 62443 Cybersecurity Fundamentals Specialist Certificate Program2
* ISA/IEC 62443 Cybersecurity Library3
* Using the ISA/IEC 62443 Standards to Secure Your Control Systems4

Mizuno 2026-06-01 08:45:37

コメント

正解:
?」こちらは投票コメントになっております。普通のコメントに切り替えます。
ニックネーム: 送信 キャンセル
投票コメントをあげるごとに、選択した解答の投票数を1つ増やすことができます。

他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡