Sharing information using VERIS
The sharing of information about security incidents can help other organizations to better prepare for attacks and implement preventative measures and security controls to reduce the risk of intrusion. However, sharing information about a security incident that has occurred within your organization can lead to providing sensitive details about your network infrastructure and assets. It can also lead to sharing your organization's vulnerabilities with others and is therefore a very sensitive topic.
The Vocabulary for Event Recording and Incident Sharing (VERIS) framework is simply a collection of various metrics designed to create a mutual language that allows security professionals to describe security incidents in a structured and repeatable manner. In other words, VERIS ensures that security incidents are shared with sufficient, useful, and meaningful information. Without structure in sharing important information, there will be a lack of...
