Enterprise Cyber SecuriTy Reference Architecture (ECSTRA) is a nice tree/taxonomy and a checklist if you like a checklist while trying to figure out what not to miss. Its not exaustive, but covers most topics, such as preventive measures, security services catalogue etc.
http://artconfusion.com/TECRA/
Also see this article its maker: https://www.linkedin.com/pulse/what-does-ciso-your-board-you-need-know-breadth-cyber-boris-taratine/