The following Figure represents a cyber-attack in an industrial system. It is an example of which type of threat representation? Concealment of attack activities Sabotaging the system Runs an attack Got control by wrapping $7otbxdx.dil Input events shape Signification Definition Any step describing a Vulnerability vulnerability required in order to Attack realize the attack The attack process in order to exploit a system vulnerability Security basic Direct cause of a security breach resulting from exploiting a given vulnerability event Intermediate A security breach caused by the Top event occurrence of input events The main goal of an attack generated from one or several security breaches SBE-13 Anti-malware (N/A) vulnerability V-13 Records the process normal operation SBE-12 (N/A) Step 7 software vulnerability CAND V-12 Feeds the Records the recorded data to the WinCC A-13.1 (M) process normal operation A-13.2 (M) SBE-11 (N/A) a. STRIDE Ob. Attack Tree ○ c. DFD Od. Attack Graph wwwww. AND Modify the code on the PLC A-12 Command and Control servers No communication monitoring V-11 Send information to its creators A-11 (D) Infection of a control PLC AT-2 What is a Risk Assessment? a. Mechanisms are used to restrain, regulate, or reduce vulnerabilities. b. A flaw, loophole, oversight, or error that can be exploited to violate system security policy. ◇ c. Single Loss Expectancy - The expected monetary loss every time a risk occurs. (SLE=AV*EF) O d. The process of identifying and prioritizing risks to the organization.

The following Figure represents a cyber-attack in an industrial system. It is an example of which type of threat representation? Concealment of attack activities Sabotaging the system Runs an attack Got control by wrapping $7otbxdx.dil Input events shape Signification Definition Any step describing a Vulnerability vulnerability required in order to Attack realize the attack The attack process in order to exploit a system vulnerability Security basic Direct cause of a security breach resulting from exploiting a given vulnerability event Intermediate A security breach caused by the Top event occurrence of input events The main goal of an attack generated from one or several security breaches SBE-13 Anti-malware (N/A) vulnerability V-13 Records the process normal operation SBE-12 (N/A) Step 7 software vulnerability CAND V-12 Feeds the Records the recorded data to the WinCC A-13.1 (M) process normal operation A-13.2 (M) SBE-11 (N/A) a. STRIDE Ob. Attack Tree ○ c. DFD Od. Attack Graph wwwww. AND Modify the code on the PLC A-12 Command and Control servers No communication monitoring V-11 Send information to its creators A-11 (D) Infection of a control PLC AT-2 What is a Risk Assessment? a. Mechanisms are used to restrain, regulate, or reduce vulnerabilities. b. A flaw, loophole, oversight, or error that can be exploited to violate system security policy. ◇ c. Single Loss Expectancy - The expected monetary loss every time a risk occurs. (SLE=AV*EF) O d. The process of identifying and prioritizing risks to the organization.