Verizon Business Launches Incident-Sharing VERIS Community Website

One of the most persistent and critical issues affecting the information security community is a lack of data about security incidents. To help advance understanding of information security risk industrywide, Verizon is launching the VERIS community website, which is designed to collect and share information about security incidents that are voluntarily and anonymously reported by participating organizations around the globe.

The site can be found at https://www2.icsalabs.com/veris/.

Organizations and individuals can now share their data by using a new online application for collecting, classifying, analyzing and comparing security incident information. Each person who submits data will receive a customized mini "Data Breach Investigations Report" that analyzes the incidents and compares them with similar incidents that occurred at other participating organizations.

The VERIS website will also feature easy access to other tools such as the VERIS Wiki, example incidents, white paper, user guide, sample report and a link to the "2010 Data Breach Investigations Report."

"With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload," said Peter Tippett, vice president of technology and innovation, Verizon Business. "We are sharing the aggregate data -- and encouraging other companies to anonymously share their security-event data -- to promote more dialogue and understanding of security incidents. The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk."

The VERIS Project was introduced in March when Verizon Business publicly released the research framework used for the company's landmark "Data Breach Investigations Reports." The framework, which has since been publically vetted by the security community, was pivotal in introducing a common language and structured, repeatable process to allow organizations to objectively classify security incidents. The common language is critical, as there is currently no universal language that describes security incidents or an accepted industry standard for the development of risk metrics.

Participating organizations can gain great benefit from the VERIS online application. Through VERIS, organizations can regularly generate incident reports that can be distributed and analyzed within their organization, while maintaining their privacy.

For example, participating enterprises will know whether their incident was a rare event or one commonly experienced by others, and such information can help enterprises decide what, if anything, should be done to prevent similar events in the future.

All participating organizations need to do is complete the online form, which consists of the following areas:

  • Demographics -- Submitters describe (but do not identify) the entity affected by the incident to enable comparative analytics.
  • Incident classification -- Describes the role of the threat agent, the agent's actions and their impact on the information assets.
  • Discovery and Mitigation -- Focuses on events immediately following the incident, as well as lessons learned from the response process.
  • Impact Classification -- The submitter provides a description and measures the consequences of the incident on the impacted organization.

This project is a joint effort of the Verizon RISK Team and ICSA Labs, an independent division of Verizon Business that performs third-party security testing and certification. For more than 20 years, ICSA Labs has facilitated data sharing and collaboration within the security industry. ICSA Labs' facility and network will provide the backbone for the VERIS Project.

"The VERIS application is a smart way for Verizon Business to crowd-source breach data collection, and giving back to the data-starved security community makes it even more valuable," said Wendy Nather, senior security analyst, The 451 Group.

Featured

  • Live From ISC West: Day 2 Recap

    If it’s even possible, Day 2 of ISC West in Las Vegas, Nevada, was even busier than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Venetian, because there’s more news coming out than anyone could be expected to keep track of. Our Live From sponsors—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—kept the momentum from Day 1 going with packed booths, happy hours, giveaways, product demonstrations, and more. Read Now

    • Industry Events
    • ISC West
  • Visiting Sin City

    I’m a recovering alcoholic, ten years sober this June. I almost wrote “recovered alcoholic,” because it’s a problem I’ve long since put to bed in every practical sense. But anyone who’s dealt with addiction knows that that part of your brain never goes away. You just learn to tell the difference between that insidious voice in your head and your actual internal monologue, and you get better at telling the other guy to shut up. Read Now

  • On My Way Out the Door

    To answer that one question I always get, at every booth visit, I have seen amazing product technology, solutions and above all else, the people that make it all work. Read Now

    • Industry Events
    • ISC West
  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3

  • Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft focuses on transforming traditional professional surveillance systems into cloud connected solutions via the Videoloft Cloud Adapter. 3

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3