At the new VERIS community website, organizations and individuals can report data breach incidents and share information anonymously. Each person who submits data will receive a data breach investigations report that analyzes the data breach incident and compares it with similar incidents that occurred at other participating organizations.
The VERIS website, which is a joint effort by Verizon RISK Team and ICSA Labs, offers other tools such as the VERIS Wiki, examples of data breach incidents, white papers, user guide, sample report, and a link to the 2010 Data Breach Investigations Report.
"With the VERIS Project, Verizon is publicly sharing data that we have spent years gathering through our data breach caseload", said Peter Tippett, vice president of technology and innovation at Verizon Business. "We are sharing the aggregate data – and encouraging other companies to anonymously share their security-event data – to promote more dialogue and understanding of security incidents. The collective sharing of in-the-trenches security events offers us the opportunity to fundamentally change how we all manage risk."
The website has a form for participating organizations and individuals to fill out. The form requires the submitters to describe the entity affected by the incident to enable comparative analytics; describe the role of the threat agent, the agent’s actions, and the impact on the information assets; relate events immediately following the incident, as well as lessons learned from the response process; and provide a description and consequences of the incident on the organization.