During a recent investigation, an auditor discovered that an engineer’s compromised workstation
was being used to connect to SCADA systems while the engineer was not logged in. The engineer
is responsible for administering the SCADA systems and cannot be blocked from connecting to
them. The SCADA systems cannot be modified without vendor approval which requires months of

testing.
Which of the following is MOST likely to protect the SCADA systems from misuse?

A.
Update anti-virus definitions on SCADA systems

B.
Audit accounts on the SCADA systems

C.
Install a firewall on the SCADA network

D.
Deploy NIPS at the edge of the SCADA network

Explanation: