Alex Hutton; Verizon Business, Research & Intelligence, Principal
The Verizon Incident Categorization and Reporting (VICR) Framework & Community Project
One of the major complaints we continue to hear in the Information Security and Risk Management industry is a cry for more and better data. Over the past 24 months notable efforts from various industry groups have begun to attempt to identify metrics and models that might help produce either inductive or deductive knowledge about the cause and impact of security incidents. One of the more notable efforts is the Data Breach Investigations Report released by the Risk Intelligence team at Verizon Cybertrust Security.
The Risk Intelligence team at Verizon has created a new, community project to foster information sharing about incidents. Called the Incident Report & Information Sharing (VICR) Project, it is designed to extend knowledge about security incidents to the broader community to facilitate information sharing. VICR includes a common framework of incident metrics and their definitions for use in anonymous incident reporting.
This tract will cover the following topics :
1. A brief introduction to the VICR project,
2. A discussion on the philosophy behind incident metrics and metric reporting and analysis
3. A discussion of past efforts in data sharing and lessons learned
4. A brief introduction to the metrics in the VICR project their definitions, and a discussion of their relative values
5. A discussion of the status of the project, an analysis of the submissions to date, and a comparison of the community submissions relative to the 2009 Verizon DBIR
6. A discussion of other data loss information framed in the VICR framework
7. A preview of the 2010 Verizon DBIR information
8. A discussion of the future of VICR and call for increased community feedback on the framework and desired modifications to the catalog of VICR metric