The VERIS community website has been expanded to feature a VERIS Wiki, example incidents, white papers, user guides, and sample reports.
(WEB HOST INDUSTRY REVIEW) — Given the significant danger posed by gaps in security incidents data, Verizon Business (www.verizonbusiness.com) has launched the VERIS community website designed to collect and share security incident information reported voluntarily and anonymously by participating organizations worldwide.
The VERIS Project was introduced in March at the same time as Verizon Business’ public release of the research framework used for the company’s landmark “Data Breach Investigations Reports.” According to the company’s Thursday announcement, the VERIS website has been expanded to feature a VERIS Wiki, example incidents, white papers, user guides, and sample reports.
“With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload,” Verizon Business technology and innovation vice president Peter Tippett said in a statement.
The research framework introduced by Verizon earlier this year has since been publicly vetted by the security community, and was pivotal in introducing a common language and structured, repeatable process to allow organizations to objectively classify security incidents. Finding a common language is critical given that there is currently no universal language to describe security incidents or an accepted industry standard for the development of risk metrics.
Organizations and individuals can share data using a new online application for collecting, classifying, analyzing and comparing security incident information. Those who submit data will receive a customized mini “Data Breach Investigations Report” that analyzes the incidents and compares them with similar incidents that occurred with other participating organizations.
“We are sharing the aggregate data – and encouraging other companies to anonymously share their security-event data – to promote more dialogue and understanding of security incidents,” Tippett said. “The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk.”
The VERIS project is a joint effort of the Verizon RISK Team and ICSA Labs, an independent division of Verizon Business that performs third-party security testing and certification. For more than 20 years, ICSA Labs has facilitated data sharing and collaboration within the security industry. ICSA Labs’ facility and network will provide the backbone for the VERIS Project.
“The VERIS application is a smart way for Verizon Business to crowdsource breach data collection, and giving back to the data-starved security community makes it even more valuable,” said Wendy Nather, The 451 Group senior security analyst.
No related posts.
