ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 6

Whose responsibility is it to determine the level of risk an organization is willing to tolerate?

Answer options

• A. Management
• B. Legal Department
• C. Operations Department
• D. Safety Department

Correct answer: A

Explanation

The responsibility to determine the risk tolerance of an organization lies with Management, as they are in charge of strategic decisions and overall governance. The Legal Department focuses on compliance and legal issues, the Operations Department handles day-to-day activities, and the Safety Department is concerned with workplace safety, not organizational risk assessment.