Verizon Unveils Threat and Breach Reporting Portal

Tuesday, November 16, 2010



Verizon has launched an anonymous breach reporting website with ICSA Labs called VERIS in an effort to elicit and consolidate data on security threats that are often isolated in disparate information silos or that remain unreported entirely.

The portal is designed as a web application, and provides step-by-step instructions on how and what to document, as well as allowing those who are unfamiliar with the site to test drive the process with a dry run.

From the VERIS website:

"One of the most critical and persistent challenges plaguing efforts to manage information risk is a lack of data. We have little data because we do not share and while there are many reasons for this, doubts that it can be done in a practical, private, and mutually beneficial manner are chief among them"
"The VERIS framework, this incident sharing application, and the Data Breach Investigations Reports are all free tools we have created in order to help overcome these doubts and meet this challenge. It is our belief that they can fundamentally change the way we manage information risk."

The intent is to do more than aggregate information for research, as participants are able to generate reports that contain pooled information based on the nature and similarities with data from threats provided by other users.

The application is designed to encourage participation by offering anonymity to contributors. Many companies do not report lapses in security that may result in unwanted publicity or negatively impact shareholder confidence.

It will be interesting to see if the effort does in fact elicit more information on active threats, as unreported breaches leave other organizations susceptible to the same vulnerabilities, a fact that criminal networks have long exploited to their benefit.


Possibly Related Articles:
breaches Security Strategies Headlines Verizon VERIS ICSA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.