Exploring F.A.I.R. – Taxonomy – Definition of Risk

by kriggins on June 15, 2009

in fair, Risk Management

First, I apologize for the long absence of any further posts in this series. I am sure everybody thought I had decided not to continue. Not the case. With the presentation at Secure360, a bathroom remodel and life in general getting in the way, I didn't take the time to keep on top of this series.

Anyway, let's dive back in. All the posts in this series can be found on this page if you want a refresher or are just now jumping on the band wagon.

In the last post I said we were going to talk a little more about assets, but we are not. We are going to start in on the taxonomy and pick up those words about assets a little later. First, what in the world is a taxonomy? I asked myself this question late last year.

From wikipedia:

...In addition, the word is also used as a count noun: a taxonomy, or taxonomic scheme, is a particular classification ("the taxonomy of ..."), arranged in a hierarchical structure. Typically this is organised by subtype-supertype relationships, also called parent-child relationships...

At the top of a taxonomy is the item being represented. I guess that means we should define exactly what we are building this taxonomy for. One would think I'd have gotten to this a bit earlier. Apparently not :) Okay. Here we go. Let's define RISK.

Risk_definition

From the introduction:

Risk - The probable frequency and probable magnitude of future loss

If risk is defined as above, then the very top of our taxonomy looks like this:

taxonomy-head

Starting with the next post, we will begin to build out the rest of the taxonomy. However, we are going to start from the bottom.

As always, I am interested in what you have say. Please leave comments or email me if you like. My email address is on the about page.

-Kevin

Previous post:

Next post: