[Infowarrior] - Verizon Incident Metrics Framework Released

Richard Forno rforno at infowarrior.org
Mon Mar 1 13:20:49 UTC 2010 

(c/o J)

http://securityblog.verizonbusiness.com/2010/02/19/veris-framework-2/

Verizon Incident Metrics Framework Released
Wade Baker
February 19th, 2010

Many of you who reading our blog regularly are familiar with our .Data
Breach Investigations Report..  We hope that you.ve found past reports
informative, useful, and above all, actionable.

The production of the DBIR has been driven by our desire to help solve
what we see as two of the most significant problems facing our industry:

    1. Uncertainty due to the lack of data
    2. Equivocality due to the lack of a common framework

Basically, we believe that until we can all be on the same page  
regarding
what terms mean and why those terms are useful, we.re going to have a
problem creating meaning from any data we *do* get.

One of the reasons we feel that the DBIR was so successful is because we
are able to translate the incident narrative (the attacker did this,  
then
that, then the other thing) into a data set.  To accomplish this
translation task, we used a framework, a sort of taxonomy of incident
elements we thought that, when gathered consistently, would help people
better interpret data and manage risk.

Today we.re making a version of that framework, the Verizon Incident
Sharing Framework (VerIS), available for you to use.

In the document that  you can download here, you.ll find the first  
release
of the VerIS framework.  You can also find a shorter executive summary
here.  Our goal for our customers, friends, and anyone responsible for
incident response, is to be able to create data sets that can be used  
and
compared because of their commonality.  Together, we can work to  
eliminate
both equivocality and uncertainty, and help defend the organizations we
serve.

We hope that you.ll use and even take an active interest in the VerIS
Framework.  To that extent, we.ve set up an online forum for questions  
and
answers, and have put in place an advisory board of independent security
experts to work with the community for the better growth and evolution  
of
the framework as it.s used outside of Verizon.

We truly believe that together, we can begin to make a real difference,
and it is our hope that this .common language. will be the first step
towards creating an era of shared knowledge and collaboration for our
industry.
_______________________________________________

More information about the Infowarrior mailing list