Frameworks, guidance, and publications for practical security architecture

Assured Control Enterprise Security Architecture

Resource

Risk Ontology

A structured way to define threats, vulnerabilities, controls, metrics, and their relationships in a business-led risk model.

What’s inside

01

Primary source material, summaries, and references kept together

02

Downloads and supporting artefacts surfaced close to the content

03

Long-form guidance laid out for practical reading rather than promotion

Clarifying risk relationships

The Risk Ontology resource introduces a structured model for understanding and managing risk within an organisation. It links concepts like threats, vulnerabilities, controls, metrics, and dependencies so teams can reason more clearly about exposure and response.

What it helps with

  • defining risk terminology precisely
  • linking business objectives to risk analysis
  • building clearer KRIs, KCIs, and KPIs
  • understanding how amplifiers, inhibitors, and catalysts shape risk scenarios

Practical value

This is the kind of resource that helps architecture and governance teams avoid vague conversations about risk. It gives them a shared model they can reuse in operating model discussions, assurance work, and design activity.

Risk Ontology

Downloads