Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data Breach Investigation Report Framework Publicly Released

Verizon Business : 04 March, 2010  (Company News)
Verizon's Incident-Sharing Framework provides a common standard for the reporting of computer security incidents
In an initiative to make it easier for companies to analyze and exchange data about security breaches and unite in the fight against cybercrime, Verizon Business is publicly releasing the research framework used for the company's landmark Data Breach Investigations Reports. The Verizon Incident-Sharing (VerIS) framework, released today, addresses a critical industrywide issue: the lack of a common standard for the collection of security-incident data and analysis. Businesses and government agencies currently use a variety of different -- and often incompatible -- systems to collect this data, making it difficult to quickly identify major trends in security breaches and to take collective action.

The incident-sharing framework will provide enterprises with a common structure for describing and analyzing security incidents. As a result, businesses will be able to compare and contrast their security data with Verizon's data breach reports, as well as with data of other organizations that use the VerIS framework, to gain a better understanding of how security breaches occur and what can be done to better manage risk.

"Since we began issuing the Data Breach Investigations Report, our customers and the security community at large have told us of their need for an open-source security-incident sharing program that will provide a universal foundation for data collection and analysis," said Peter Tippett, vice president of security and enterprise innovation at Verizon Business. "With the public release of VerIS, Verizon is answering this call by enabling organizations to work together in the ongoing fight against cybercrime."

Securosis, a leading independent security research and advisory firm, is one organization in favor of a standard platform for capturing security information. According to Rich Mogull, CEO of Securosis and a VerIS advisory board member, "It would be great if response teams started using a standard base of metrics. That would really help us perform external analysis across a wider base of data points."

The VerIS framework is designed to give organizations actionable security intelligence that can help improve an organization's ability to make sound security decisions. The framework uses first-hand information taken from an organization's actual investigations to elicit insight into security attacks. Specifically, the framework examines four intersecting factors -- threat, asset, impact and control-- to collect information useful to risk management. VerIS metrics are organized in four sections: demographics, incident description, discovery, and mitigation and impact description. When viewed in the aggregate, they give businesses a tangible idea of cause and severity of attack.

"For far too long, the information security industry has been chasing today's headline threats with a limited ability to measure success," said Jeremiah Grossman, CTO of WhiteHat Security and a VerIS advisory board member. "VerIS provides a path to leave security mysticism behind us. The knowledge of who our adversaries are, what they want, and how they are getting it is critical to safeguarding our digital world."

Companies can access Verizon's framework at on the company's security blog, where other resources will also be available, including an online community forum for open discussion among VerIS users. Verizon also plans to name an advisory board to oversee the evolution of the VerIS framework to ensure it meets the needs of all organizations across all sectors.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo