Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Verizon Unveils Crowd Sourced Data Breach Web Site

Community Information-Sharing Website to Advance Knowledge of Security Incidents via Anonymous Reporting

Verizon has launched a Web site designed to collect and share information about security incidents that can be voluntarily and anonymously reported by participating organizations around the globe.Data Breach Database

Community Information-Sharing Website to Advance Knowledge of Security Incidents via Anonymous Reporting

Verizon has launched a Web site designed to collect and share information about security incidents that can be voluntarily and anonymously reported by participating organizations around the globe.Data Breach Database

The site, “VERIS community Web site,” is essentially a crowd-sourced collection of data breach incidents. Using the site, organizations and individuals can share their data by using an online application for collecting, classifying, analyzing and comparing security incident information.

The site is built on the VERIS framework, the same platform introduced in March when Verizon Business publicly released the research framework used for the company’s landmark “Data Breach Investigations Reports.” The framework, which has since been publically vetted by the security community, was pivotal in introducing a common language and structured, repeatable process to allow organizations to objectively classify security incidents. The common language is critical, as there is currently no universal language that describes security incidents or an accepted industry standard for the development of risk metrics.

“With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload,” said Peter Tippett, vice president of technology and innovation, Verizon Business. “We are sharing the aggregate data — and encouraging other companies to anonymously share their security-event data — to promote more dialogue and understanding of security incidents. The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk.”

In order to report an incident, participating organizations complete a fairly simple set of online forms put together a wizard, consisting of the following areas: Demographics, Incident classification, Discovery and Mitigation and Impact Classification. Verizon says that after submitting data on an incident, users will receive a customized mini “Data Breach Investigations Report” that analyzes the incidents and compares them with similar incidents that occurred at other participating organizations.

Through VERIS, organizations can regularly generate incident reports that can be distributed and analyzed within their organization, while maintaining their privacy.

For example, participating enterprises will know whether their incident was a rare event or one commonly experienced by others, and such information can help enterprises decide what, if anything, should be done to prevent similar events in the future.

The project is a joint effort of the Verizon RISK Team and ICSA Labs, an independent division of Verizon Business that performs third-party security testing and certification.

You can visit the VARIS Community Site at: https://www2.icsalabs.com/veris/

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.