Prev | Next |
Risk Taxonomy
Getting to know the Risk Taxonomy
Aspect |
Description |
---|---|
Introducing the Risk Taxonomy |
The Risk Taxonomy is a facility to define a comprehensive, stable and reusable set of risk categories that can be applied universally across the system. This includes definitions of Threats, Loss type, Contact Frequency, Loss Magnitude, Risks and more. It is based on the Open Group Standard for Risk Taxonomy (OR-T) and provides a toolbox and diagrams for defining the Taxonomy.
|
Where to find the Risk Taxonomy |
Ribbon: Design > Diagram > Insert > Risk Taxonomy > Risk Taxonomy Project Browser Toolbar : New Diagram icon > Risk Taxonomy > Risk Taxonomy Project Browser context menu | Add Diagram... > Risk Taxonomy > Risk Taxonomy |
Usage of the Risk Taxonomy |
The Risk Taxonomy provides a common language and references for security and business analysts who need to understand and analyze risk in a formal way. It allows analysts to estimate the probable frequency and magnitude of future loss. |
Options for the Risk Taxonomy |
The Risk Taxonomy can be used at varying levels of formality depending on the initiatives, processes and requirements for risk assessment. The Relationship Matrix could also be used to record the relationship between the discrete values, Threat Capability and Resistance (Control) Strength to determine the derived Vulnerability. A Toolbox of elements and relationships is available for the Risk Taxonomy diagram allowing sophisticated models of risk to be created.
|
Learn more about the Risk Taxonomy |