Verizon Incident Sharing Framework

Earlier this month Verizon Business announced their Verizon Incident Sharing Framework (VerIS framework). This document is a means to describe digital security incidents, using four main groupings: 1. Demographics, 2. Incident Classification, 3. Discovery and Mitigation, and 4. Impact Classification.

The idea is to provide a framework that incident investigators can complete for every digital security incident. Using the output, security teams can better identify trends and make recommend improved security strategies and tactics. For example, Verizon builds their Data Breach Investigation Report using data from their incident responses as formatted using the VerIS framework.

Verizon asked me to participate on a "board" affiliated with this project, so you can expect to hear more from me. Verizon started a Zoho Forum to discuss the framework, but I think a Wiki would better facilitate collaboration and development of the document. At work we are working on our next generation incident management system, so I think the VerIS framework might help us identify information to collect on incidents.

Comments

Unknown said…
Great effort from Verizon.

Should date of incident be called date of discovery ?

I bet you are going to add full content to list of evidence sources :-)
WHBaker said…
Went with your suggestion and moved to a wiki: https://verisframework.wiki.zoho.com/

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics