ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 7

Which activity is part of establishing policy, organization, and awareness?

Answer options

• A. Communicate policies.
• B. Establish the risk tolerance.
• C. Identify detailed vulnerabilities.
• D. Implement countermeasures.

Correct answer: A

Explanation

The correct answer is A, as communicating policies is essential for ensuring that all stakeholders are aware of the guidelines and procedures in place. Options B, C, and D focus on risk management and technical measures rather than the foundational activity of promoting awareness through communication.