{
  "query": "Different stakeholders interpret the term \"low risk\" differently. What issue does this illustrate?",
  "options": [
    {
      "text": "Misaligned risk appetite",
      "explanation": "Stakeholders have different thresholds for acceptable risk which affects prioritization and decisions.",
      "correct": false,
      "selected": false
    },
    {
      "text": "Understated inherent risk",
      "explanation": "The initial threat level is assessed as lower than it actually is which can lead to insufficient controls.",
      "correct": false,
      "selected": false
    },
    {
      "text": "Inconsistent taxonomy",
      "explanation": "Misaligned terminology across stakeholders causes communication breakdown about risk levels and responses.",
      "correct": true,
      "selected": false
    }
  ],
  "answer": "<p><b>Inconsistent taxonomy</b> is correct. This option matches the situation where different stakeholders assign different meanings to the same term because taxonomy refers to how terms are defined and classified across groups.</p><p>An inconsistent taxonomy creates ambiguity and miscommunication because teams do not share a common vocabulary. That leads to inconsistent assessments, reporting differences, and misaligned control decisions when one party labels something as \"low risk\" while another interprets the label differently.</p><p><i>Misaligned risk appetite</i> is incorrect because that term refers to differing willingness to accept risk across stakeholders rather than to differences in how a term is defined. Appetite is about tolerance and thresholds and not about inconsistent definitions.</p><p><i>Understated inherent risk</i> is incorrect because that phrase implies the true level of risk has been underestimated. The question is about differing meanings of a label and not about the magnitude of the inherent risk being reported.</p>",
  "batch_id": "653",
  "answerCode": "3",
  "type": "multiple-choice",
  "originalQuery": "If an IT manager and a business executive interpret the term “low risk” differently, what potential problem does this illustrate?",
  "originalOptions": "A. Overestimation of risk appetite<br/>B. Inconsistent taxonomy leading to miscommunication<br/>C. Excessive control strength<br/>D. Reduced inherent risk",
  "domain": "Security and Privacy Governance, Risk Management, and Compliance Program",
  "hasImage": false,
  "queryImage": "",
  "queryImages": [],
  "deprecatedReference": false,
  "deprecatedMatches": {},
  "qid": "535s",
  "tip": "<p><i>Definitions</i> and <i>terminology</i> clues usually point to taxonomy issues. If a question emphasizes *acceptance levels* or *tolerance* then consider risk appetite instead.</p>",
  "references": [
    "<a href=\"https://www.iso.org/iso-31000-risk-management.html\">https://www.iso.org/iso-31000-risk-management.html</a>",
    "<a href=\"https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final\">https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final</a>",
    "<a href=\"https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final\">https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final</a>"
  ],
  "video_url": "https://certificationation.com/videos/others/iscc/cgrc/iscc-executive-interpret-the-term-low-exam-535.html",
  "url": "https://certificationation.com/questions/others/iscc/cgrc/iscc-executive-interpret-the-term-low-exam-535.html"
}