The VerIS framework is more a ‘methodology’ for classifying the types of incidents, their impact, the organisation it happened to, and the mitigations done to remedy the situation and the effectiveness of those. It was created by the Verizon Business team, to attempt to provide a way of better understanding the threats that an organisation faces, thereby helping the business understand where it should target its investment. The VerIS framework is free, and its used in Verizon’s Data Breach Investigations Reports (DBIR): http://www.verizonbusiness.com/databreach
My question was more around if anyone had customised their RTIR installation with any custom fields to add the VerIS incident classification fields and data i.e. something like this:
o Source: External
o Type: Organized criminal group
o Origin: Romania
o Category: Hacking
o Type: SQL injection
o Path: Web application
o System: Database server
o Data: Personal information
o Type: Confidentiality
I first learnt about it when reading the Richard Bejtlich’s Taosecurity blog I was quite impressed with the comprehensiveness, and after seeing the DBIR report I understood how good metrics can really help in formulating a business plan to upper management, and to help target your upcoming budget.
Terry MacDonaldFrom: firstname.lastname@example.org [email@example.com] On Behalf Of Ruslan Zakirov [firstname.lastname@example.org]
Sent: Saturday, 28 May 2011 1:51 a.m.
To: Terry MacDonald
Subject: Re: [Rtir] Use of the VerIS Framework
I don’t know about any extensions for integrating RTIR with VerIS. As
far as I can see the only integration possible is to push data out of
RT/RTIR/AT into VerIS. It totally depends on VerIS capabilities to
Also, RTIR has workflow, but still it is quite flexible to quickly
bring generic enough integration that will work for many
installations, so it’s better to start from some production case, but
we don’t have any.