Prev Next

Risk Taxonomy

Getting to know Risk Taxonomy

Introducing Risk Taxonomy

Risk Taxonomy is a facility to define a comprehensive, stable and reusable set of risk categories that can be applied universally across the system. This includes definitions of Threats, Loss type, Contact Frequency, Loss Magnitude, Risks and more. It is based on the Open Group Standard for Risk Taxonomy (OR-T) and provides Toolbox pages and diagrams for defining the Taxonomy.

Risk Taxonomy and Risk Analysis diagram in Sparx Systems Enterprise Architect

Where to find the Taxonomy

Ribbon: Design > Diagram > Add > Risk Taxonomy > Risk Taxonomy

Browser window Toolbar : New Diagram icon > Risk Taxonomy > Risk Taxonomy

Browser window context menu | Add Diagram... > Risk Taxonomy > Risk Taxonomy

Usage of Risk Taxonomy

Risk Taxonomy provides a common language and references for Security Analysts and Business Analysts who need to understand and analyze risk in a formal way. It allows Analysts to estimate the probable likelihood, frequency and magnitude of future loss.

Options for Risk Taxonomy

Risk Taxonomy can be used at varying levels of formality depending on the initiatives, processes and requirements for risk assessment. The Relationship Matrix could also be used to record the relationships between the discrete values, Threat Capability and Resistance (Control) Strength to determine the derived Vulnerability. Toolbox pages of elements and relationships are available for the Risk Taxonomy diagram, allowing sophisticated models of risk to be created.

Risk taxonomy toolbox in Sparx Systems Enterprise Architect.

Learn more about Risk Taxonomy

Risk Taxonomy