Use this blueprint to to design a IT risk taxonomy suitable for your organization.
- Leverage Info-Tech’s Build an IT Risk Taxonomy Guideline and identify level one IT risks types.
- Test level one IT risk types by mapping to your enterprise's ERM level one risk types.
- Break down level one risk types into subcategories.
- Work backward to test and align risk events and controls to the lowest-level risk category.
- Enhance your risk registry by adding the risk types and risk appetite statements to your registry or risk management software tool.