Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Verizon Unveils Crowd Sourced Data Breach Web Site

Community Information-Sharing Website to Advance Knowledge of Security Incidents via Anonymous Reporting

Verizon has launched a Web site designed to collect and share information about security incidents that can be voluntarily and anonymously reported by participating organizations around the globe.Data Breach Database

Community Information-Sharing Website to Advance Knowledge of Security Incidents via Anonymous Reporting

Verizon has launched a Web site designed to collect and share information about security incidents that can be voluntarily and anonymously reported by participating organizations around the globe.Data Breach Database

The site, “VERIS community Web site,” is essentially a crowd-sourced collection of data breach incidents. Using the site, organizations and individuals can share their data by using an online application for collecting, classifying, analyzing and comparing security incident information.

The site is built on the VERIS framework, the same platform introduced in March when Verizon Business publicly released the research framework used for the company’s landmark “Data Breach Investigations Reports.” The framework, which has since been publically vetted by the security community, was pivotal in introducing a common language and structured, repeatable process to allow organizations to objectively classify security incidents. The common language is critical, as there is currently no universal language that describes security incidents or an accepted industry standard for the development of risk metrics.

“With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload,” said Peter Tippett, vice president of technology and innovation, Verizon Business. “We are sharing the aggregate data — and encouraging other companies to anonymously share their security-event data — to promote more dialogue and understanding of security incidents. The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk.”

In order to report an incident, participating organizations complete a fairly simple set of online forms put together a wizard, consisting of the following areas: Demographics, Incident classification, Discovery and Mitigation and Impact Classification. Verizon says that after submitting data on an incident, users will receive a customized mini “Data Breach Investigations Report” that analyzes the incidents and compares them with similar incidents that occurred at other participating organizations.

Through VERIS, organizations can regularly generate incident reports that can be distributed and analyzed within their organization, while maintaining their privacy.

For example, participating enterprises will know whether their incident was a rare event or one commonly experienced by others, and such information can help enterprises decide what, if anything, should be done to prevent similar events in the future.

The project is a joint effort of the Verizon RISK Team and ICSA Labs, an independent division of Verizon Business that performs third-party security testing and certification.

You can visit the VARIS Community Site at: https://www2.icsalabs.com/veris/

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.