Cyber-attacks have greatly increased over the years, and the attackers have progressively improved in devising attacks towards specific targets. To aid in identifying and defending against cyber-attacks we propose a cyber attack taxonomy called AVOIDIT (Attack Vector, Operational Impact, Defense, Information Impact, and Target). We use five major classifiers to characterize the nature of an attack: classification by attack vector, classification by operational impact, classification by defense, classification by informational impact, and classification by attack target. Classification by defense is oriented towards providing information to the network administrator regarding attack mitigation or remediation strategies. Contrary to the existing taxonomies, AVOIDIT efficiently classifies blended attacks. We further propose an efficient cause, action, defense, analysis, and target (CADAT) process used to facilitate attack classification. AVOIDIT and CADAT are used by an issue resolution system (IRS) to educate the defender on possible cyber-attacks and the development of potential security policies. We validate the proposed AVOIDIT taxonomy using cyber-attacks scenarios and highlight future work intended to simulate AVOIDIT's use within the IRS.