Verizon Framework Looks To Standardize Security Incident Reporting

  • By Cindy Horbrook
  • Apr 05, 2010

Verizon Business is giving away information that officials believe will help the IT security industry address a critical issue -- the lack of a common standard for the collection of security-incident data and analysis -- with the hopes that it will help the industry fight cybercrime.

“It’s really quite exciting because I don’t know of any other organization that has given out something at this level of risk management information and framework to the community,” said Alex Hutton, research and intelligence principle for Verizon’s risk team.

The recently released Verizon Incident-Sharing (VerIS) framework provides a common structure for describing and analyzing security incidents. The framework examines four intersecting factors -- threat, asset, impact and control -- to collect information useful to risk management. VerIS metrics are organized in four sections: demographics, incident description, discovery and mitigation and impact description.

“A company can take the VerIS document and they can use it as a foundation for a metrics program for themselves,” Hutton said.

VerIS is the research framework used for Verizon’s Data Breach Investigations Reports that the company has been doing biannually for a number of years.

“Here are the incidents that we’ve seen. Here’s why they happen. Here’s some metrics that you should be aware of,” Hutton said, describing the reports. “The real benefit is it gives security managers an idea of how to allocate resources so that they are not making the same mistakes others have made. The industry really has not seen anything to the depth that these Data Breach Investigation Reports do. That’s one of the reasons why they’re so popular.”

The decision to release the VerIS framework came from Dr. Peter Tippett, vice president of security and enterprise innovation at Verizon Business Response. Tippett noticed a need for the security community to have an open-source sharing program to provide a universal foundation for data collection and analysis.

“Dr. Tippett has been in the industry for a very long time. He has an emotional investment in making sure that we make the problem of cybercrime better and we keep evolving the field,” Hutton said.

Hutton said the response to the VerIS framework release has been overwhelming.

“We’ve got a lot of people who are very interested in using the framework internally. I’ve been contacted by incident response team leads who are telling me ‘I’ve got at least 100, 150 of these narratives that we’d like to work with you on translating,’” Hutton said. “It’s been very exciting to watch people figure out we really do have risk management data and we really can make sense of it and use it to make better decisions.”

Companies can access Verizon’s framework and other information at http://securityblog.verizonbusiness.com/20101/02/19/veris-framework.

About the Author

Cindy Horbrook is content development editor for Security Products magazine.

Featured

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.