Organizations that operate digital-based services rely heavily on Information Technology (IT). Nonetheless, this IT dependency inducts risks that could impact the achievement of organizations goals and even its own survival. One usual solution is to enforce an IT Risk Management (RM) approach to cope with IT-related risks. However, due to IT RM complexity and diversity, many organizations are not able to implement it successfully. Therefore, an IT RM ontology capturing the essential of IT RM concepts and its relations constitute a positive step towards the simplification and clarification of IT RM, which by its turn facilitates the IT RM enforcement. This paper designs an IT RM ontology, using DEMO, that is grounded in a SLR that follows the Kitchenham (2004) guidelines. The objective is to prescribe what key concepts, relationships and processes should be enforced to reduce the IT RM implementation effort when compared with an implementation from scratch.

--