ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 72

Which statement is TRUE regarding application of patches in an IACS environment?

Answer options

• A. Patches should be applied as soon as they are available.
• B. Patches should be applied within one month of availability.
• C. Patches never should be applied in an IACS environment.
• D. Patches should be applied based on the organization’s risk assessment.

Correct answer: D

Explanation

The correct answer is D because the application of patches should be guided by a thorough risk assessment to ensure system stability and security. Options A and B are too rigid, as immediate application may not consider potential risks, while C is incorrect since patches can be critical for security and functionality in IACS environments.