Managed Services

Verizon Hopes to Spur Security Data Sharing

Verizon Enterprise Solutions today made public the framework it has been using for its own annual Data Breach Investigation Reports, hoping to get the telecom industry more engaged in sharing information that can lead to improved security.

There is no common way today of reporting incidents, said Wade Baker, director of risk intelligence for Verizon, and that is one barrier to industry-wide reporting of security breaches.

“There is not a way to describe an incident that everyone can use so that you can understand and use the same data,” Baker said. “That prevents the ability to amass a large amount of data and get a true picture of the security issues that we are facing.”

The Verizon Incident Sharing Framework can be used by enterprises as a common structure for describing and analyzing incidents in which networks are breached or data is lost or compromised, enabling assessments and comparisons with data compiled by other organizations using Verizon’s VerIS framework, including Verizon’s annual Data Breach Investigation Reports.

The VerIS looks at four different aspects of network security, including threats, assets, the impact of an intrusion or data breach, and control. It then organizes metrics into four sections: demographics, incident description, discovery, and mitigation and impact description. The end result is a report that shows the cause and magnitude of a given incident.

Greater data sharing will enable the industry to get a more accurate picture of the nature of security threats and do a better job of addressing them, Baker said. Verizon is making the VerIS framework available at no cost to encourage other service providers and organizations to use it.

“We can’t make people share information,” Baker said. “But we do hope this lends itself to better sharing. If we are all using the same language to describe security incidents, then we can figure out a way to share that information responsibly.

— Carol Wilson, Chief Editor, Events, Light Reading

janice33rpm 12/5/2012 | 4:41:57 PM
re: Verizon Hopes to Spur Security Data Sharing

In David Scott’s words, everyone needs to be a mini-Security Officer in the modern organization today.  I think Mr. Scott is right:  Most individuals and organizations enjoy Security largely as a matter of luck.  Anyone else here reading I.T. WARS?  I had to read parts of this book as part of my employee orientation at a new job.  The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors.  It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on.  Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Sign In