Verizon Framework Looks To Standardize Security Incident Reporting

Verizon Business is giving away information that officials believe will help the IT security industry address a critical issue -- the lack of a common standard for the collection of security-incident data and analysis -- with the hopes that it will help the industry fight cybercrime.

“It’s really quite exciting because I don’t know of any other organization that has given out something at this level of risk management information and framework to the community,” said Alex Hutton, research and intelligence principle for Verizon’s risk team.

The recently released Verizon Incident-Sharing (VerIS) framework provides a common structure for describing and analyzing security incidents. The framework examines four intersecting factors -- threat, asset, impact and control -- to collect information useful to risk management. VerIS metrics are organized in four sections: demographics, incident description, discovery and mitigation and impact description.

“A company can take the VerIS document and they can use it as a foundation for a metrics program for themselves,” Hutton said.

VerIS is the research framework used for Verizon’s Data Breach Investigations Reports that the company has been doing biannually for a number of years.

“Here are the incidents that we’ve seen. Here’s why they happen. Here’s some metrics that you should be aware of,” Hutton said, describing the reports. “The real benefit is it gives security managers an idea of how to allocate resources so that they are not making the same mistakes others have made. The industry really has not seen anything to the depth that these Data Breach Investigation Reports do. That’s one of the reasons why they’re so popular.”

The decision to release the VerIS framework came from Dr. Peter Tippett, vice president of security and enterprise innovation at Verizon Business Response. Tippett noticed a need for the security community to have an open-source sharing program to provide a universal foundation for data collection and analysis.

“Dr. Tippett has been in the industry for a very long time. He has an emotional investment in making sure that we make the problem of cybercrime better and we keep evolving the field,” Hutton said.

Hutton said the response to the VerIS framework release has been overwhelming.

“We’ve got a lot of people who are very interested in using the framework internally. I’ve been contacted by incident response team leads who are telling me ‘I’ve got at least 100, 150 of these narratives that we’d like to work with you on translating,’” Hutton said. “It’s been very exciting to watch people figure out we really do have risk management data and we really can make sense of it and use it to make better decisions.”

Companies can access Verizon’s framework and other information at http://securityblog.verizonbusiness.com/20101/02/19/veris-framework.

About the Author

Cindy Horbrook is content development editor for Security Products magazine.

Featured

  • AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

    The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now

  • Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

    Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now

  • Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities