CISSP · Question #1044
Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?
The correct answer is D. Protect individual components from exploitation. This question tests understanding of which ICS security objective is most universally applicable to IoT environments given their shared architectural characteristics.
Question
Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?
Options
- APrevent unauthorized modification of data.
- BRestore the system after an incident.
- CDetect security events and incidents.
- DProtect individual components from exploitation
How the community answered
(29 responses)- A31% (9)
- B7% (2)
- C17% (5)
- D45% (13)
Why each option
This question tests understanding of which ICS security objective is most universally applicable to IoT environments given their shared architectural characteristics.
Preventing unauthorized data modification (integrity) is a critical ICS goal but is not uniquely adaptable to all IoT systems, as many IoT devices prioritize availability and confidentiality over data integrity depending on their function.
System restoration after an incident is an ICS-specific resilience objective tied to operational continuity of critical infrastructure, and while relevant, it is more of a recovery process than a broadly adaptable security design principle for general IoT systems.
Detecting security events and incidents requires monitoring infrastructure and analytical capabilities that many constrained IoT devices lack the processing power or connectivity to support, making this objective less universally adaptable across all IoT deployments.
Protecting individual components from exploitation is the most transferable ICS objective to IoT because both environments consist of numerous distributed, resource-constrained physical devices that may run outdated firmware, lack encryption, and have limited patching capabilities. In IoT systems, just as in ICS, the attack surface is largely defined by the vulnerability of individual endpoints (sensors, actuators, controllers), making component-level hardening the foundational security strategy. This principle applies regardless of the specific IoT domain, whether industrial, consumer, or medical.
Concept tested: ICS security objectives applicability to IoT systems
Source: https://www.nist.gov/system/files/documents/2021/10/05/final_nistir_8228.pdf
Topics
Community Discussion
No community discussion yet for this question.