Prev Next

Risk Taxonomy

Getting to know the Risk Taxonomy



Introducing the Risk Taxonomy

The Risk Taxonomy is a facility to define a comprehensive, stable and reusable set of risk categories that can be applied universally across the system. This includes definitions of Threats, Loss type, Contact Frequency, Loss Magnitude, Risks and more. It is based on the Open Group Standard for Risk Taxonomy (OR-T) and provides a toolbox and diagrams for defining the Taxonomy.

Where to find the Risk Taxonomy

Ribbon: Design > Diagram > New > Risk Taxonomy > Risk Taxonomy

Project Browser Caption Bar Menu: New Diagram | Risk Taxonomy | Risk Taxonomy

Project Browser Context Menu: Add Diagram... | Risk Taxonomy | Risk Taxonomy

Usage of the Risk Taxonomy

The Risk Taxonomy provides a common language and references for security and business analysts who need to understand and analyze risk in a formal way. It allows analysts to estimate the probable frequency and magnitude of future loss.

Options for the Risk Taxonomy

The Risk Taxonomy can be used at varying levels of formality depending on the initiatives, processes and requirements for risk assessment. The Relationship Matrix could also be used to record the relationship between the discrete values, Threat Capability and Resistance (Control) Strength to determine the derived Vulnerability. A Toolbox of elements and relationships is available for the Risk Taxonomy diagram allowing sophisticated models of risk to be created.

Learn more about the Risk Taxonomy

Risk Taxonomy