First, I apologize for the long absence of any further posts in this series. I am sure everybody thought I had decided not to continue. Not the case. With the presentation at Secure360, a bathroom remodel and life in general getting in the way, I didn't take the time to keep on top of this series.
Anyway, let's dive back in. All the posts in this series can be found on this page if you want a refresher or are just now jumping on the band wagon.
In the last post I said we were going to talk a little more about assets, but we are not. We are going to start in on the taxonomy and pick up those words about assets a little later. First, what in the world is a taxonomy? I asked myself this question late last year.
...In addition, the word is also used as a count noun: a taxonomy, or taxonomic scheme, is a particular classification ("the taxonomy of ..."), arranged in a hierarchical structure. Typically this is organised by subtype-supertype relationships, also called parent-child relationships...
At the top of a taxonomy is the item being represented. I guess that means we should define exactly what we are building this taxonomy for. One would think I'd have gotten to this a bit earlier. Apparently not Okay. Here we go. Let's define RISK.
From the introduction:
Risk - The probable frequency and probable magnitude of future loss
If risk is defined as above, then the very top of our taxonomy looks like this:
Starting with the next post, we will begin to build out the rest of the taxonomy. However, we are going to start from the bottom.
As always, I am interested in what you have say. Please leave comments or email me if you like. My email address is on the about page.