03.19.2013Enterprise Tech

VERIS Framework Enables the Sharing of Security Incident Data Across the Globe

In order for Verizon to analyze and assess millions of data breach records each year to produce its Data Breach Investigations Report (DBIR), the RISK team needed a way to capture data breach information in a consistent way.

In response to this need, Verizon developed the VERIS framework in 2010. Today, VERIS enables all data from DBIR contributors to be aggregated and analyzed in the same format. The framework uses a common language and a structured, repeatable process, both of which allow organizations to objectively classify security incidents.

“The common language is critical, as there is currently no universal language that describes security incidents or an accepted industry standard for the development of risk metrics,” said Wade Baker, managing principal, RISK (Research Intelligence Solutions Knowledge) Team, Verizon.

In order to keep it with this important piece of the puzzle, Verizon recently released a full version of the schema; one that had been tested and refined by input received from the VERIS community.

According to Wade Baker, managing principal of the RISK team, the enhanced framework means “stability”. And, it will help organizations trying to implement VERIS into their processes and applications.

“We released an initial version of VERIS nearly three years ago, but it has continued to be modified and refined since then,” Wade added. “This was a natural and necessary process as VERIS went from a set of data points used only by Verizon for a specific purpose (to produce the DBIR) to a decently-documented and structured schema that has proven itself suitable to the end for which it was created – sharing incident data.”

For more information about VERIS, visit www.veriscommunity.net. The schema itself can be obtained from GitHub (there is a main schema file (verisc.json) and one that includes the many enumerations specified within VERIS (verisc-enum.json).