Threat Classification (IT centric)

[offset <offset () ubersecurity org>]

Greetings,

I'm researching threat classifications as part of an overall risk management program and I need to classify threats as 
part of the foundation.

Does anyone know of an overall threat classification map?  Or a list of URLs/resources/papers that would discuss threat 
classification at a high level (ie. high level classification such as authentication).  I envision something that would 
encompass all layers of IT risk (ie. items picked up via network scans, wireless, wardialing, host).

The challenge is to take inputs from all types of vulnerability reports, normalize into a type of threat 
classification, then apply rules (risk calculations) to rollup to an enterprise risk management program.

I understand for Web Applications there is the WASC (http://www.webappsec.org/projects/threat/), perhaps there are 
others for web applications?

Do any other threat classification maps exist other than for Web Applications?

Thanks in advance,
-- 
offset - ubersecurity org