A government organization operates and maintains several ICS environments. The categorization of one of the ICS environments led to a moderate baseline.
The organization has complied a set of applicable security controls based on this categorization.
Given that this is a unique environment, which of the following should the organization do NEXT to determine if other security controls should be considered?
A. Check for any relevant or required overlays.
B. Review enhancements within the current control set.
C. Modify to a high-baseline set of controls.
D. Perform continuous monitoring.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Baselines represent the security controls necessary to address the impact on an organization should there be a loss of confidentiality, integrity, or availability, as reflected by the system’s security category. Overlays are intended to address additional factors (beyond impact) or diverge from the assumptions used to create the security control baselines. Together, the combination of baseline and applicable overlay(s) represents the initial security control set prior to system-specific tailoring.
A. Check for any relevant or required overlays
The assignment of controls is generally predicated upon the security control set assigned to the baseline. If you have a unique environment, then you can add additional overlays which have additional controls or increase your baseline. The question is based upon environmental condition so an overlay or possibly compensating controls would apply. Sorry to add to the confusion but I believe the answer is A.
“Before continuous monitoring can be successful, an organization must ensure that the operational baselines are captured.”
This is from a CASP book. I think its D too
I think D is correct.
Per NIST 800-137…
Continuous monitoring:
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
My gut says D but COMPTIA doesn’t care
I want to say D. Perform continuous monitoring. because then you can create a new baseline to compare and that will allow you to view if other security controls can be considered.
C makes sense because if you modify to a high-baseline, then you will see what other controls are not met, and then you can implement them based on the results.
not sure on this on either
How would modifying to a high-baseline help us determine if other security controls should be considered?