ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 59

After receiving an approved patch from the IACS vendor, what is BEST practice for the asset owner to follow?

Answer options

• A. If a low priority, there is no need to apply the patch.
• B. If a medium priority, schedule the installation within three months after receipt.
• C. If a high priority, apply the patch at the first unscheduled outage.
• D. If no problems are experienced with the current IACS, it is not necessary to apply the patch.

Correct answer: B

Explanation

The correct answer is B because it emphasizes a proactive approach to patch management by scheduling installation in a timely manner for medium priority patches. Options A and D suggest ignoring patches based on priority or current performance, which can lead to vulnerabilities. Option C is not ideal as it delays applying critical patches until an outage occurs, potentially leaving the system exposed.