VERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information - anonymously and responsibly – with others.
VERIS underpins the annual Data Breach Investigations Report. VERIS and its A4 Threat Model – Actors, Actions, Assets, Attributes – help codify incident-related information for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement.
Key takeaways for this session include:
• Understanding cybersecurity incidents through the VERIS lens
• Recognizing the VERIS A4 Threat Model: Actors, Actions, Assets, Attributes
• Getting started in Threat Modeling with VERIS