ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 75

Which of the following is an activity that should trigger a review of the CSMS?

Answer options

• A. Budgeting
• B. New technical controls
• C. Organizational restructuring
• D. Security incident exposing previously unknown risk.

Correct answer: D

Explanation

The correct answer is D, as a security incident that exposes unknown risks indicates a significant gap in security that necessitates a review of the CSMS. Options A, B, and C, while important, do not inherently suggest a need for immediate review of security measures unless directly related to emerging risks.