In an initiative to make it easier for companies to analyze and exchange data
about security breaches and unite in the fight against cybercrime, Verizon
Business is publicly releasing the research framework
used for the company's landmark Data Breach Investigations Reports.
The Verizon Incident-Sharing (VerIS) framework, released March 1,
2010, addresses a critical industrywide issue: the lack of a common standard for
the collection of security-incident data and analysis. Businesses and government
agencies currently use a variety of different -- and often incompatible --
systems to collect this data, making it difficult to quickly identify major
trends in security breaches and to take collective action.
The incident-sharing framework will provide enterprises with a common structure
for describing and analyzing security incidents. As a result, businesses will be
able to compare and contrast their security data with Verizon's data breach
reports, as well as with data of other organizations that use the VerIS
framework, to gain a better understanding of how security breaches occur and
what can be done to better manage risk.
"Since we began issuing the Data Breach Investigations Report, our customers and
the security community at large have told us of their need for an open-source
security-incident sharing program that will provide a universal foundation for
data collection and analysis," said Peter Tippett, vice president of security
and enterprise innovation at Verizon Business. "With the public release of
VerIS, Verizon is answering this call by enabling organizations to work together
in the ongoing fight against cybercrime."
Securosis, a leading independent security research and advisory firm, is one
organization in favor of a standard platform for capturing security information.
According to Rich Mogull, CEO of Securosis and a VerIS advisory board member,
"It would be great if response teams started using a standard base of metrics.
That would really help us perform external analysis across a wider base of data
points."
The Verizon Incident-Sharing Framework Takes a Real-World Approach
The VerIS framework is designed to give organizations actionable security
intelligence that can help improve an organization's ability to make sound
security decisions. The framework uses first-hand info rmation taken from an
organization's actual investigations to elicit insight into security attacks.
Specifically, the framework examines four intersecting factors -- threat, asset,
impact and control -- to collect information useful to risk management. VerIS
metrics are organized in four sections: demographics, incident description,
discovery, and mitigation and impact description. When viewed in the aggregate,
they give businesses a tangible idea of cause and severity of attack.
"For far too long, the information security industry has been chasing today's
headline threats with a limited ability to measure success," said Jeremiah
Grossman, CTO of WhiteHat Security and a VerIS advisory board member. "VerIS
provides a path to leave security mysticism behind us. The knowledge of who our
adversaries are, what they want, and how they are getting it is critical to
safeguarding our digital world."
|
|
.