Taxonomies have been widely documented in the literature and a number of classical approaches exist. The main problem is that many of these approaches are very general and, for example, apply to all networks and computer systems. The intention of this paper is not to invent a new taxonomy architecture but to create a model which is adaptable to new types of networks and new attack vectors and which can then be applied and be of use in specific situations. When the “classical” taxonomies were developed systems such as cloud computing, 3G malware, VoIP and social engineering vulnerabilities were unheard of. This paper therefore proposes a model which can be readily adapted to be of value in attack classification and vulnerability detection for specific cases such as those illustrated above. Thus the model can be adapted to new types of networks, devices and systems as they evolve as well as being able to incorporate new attack categories and techniques and adapt to new types of protection mechanisms.