Hi Ruslan, The VerIS framework is more a 'methodology' for classifying the types of incidents, their impact, the organisation it happened to, and the mitigations done to remedy the situation and the effectiveness of those. It was created by the Verizon Business team, to attempt to provide a way of better understanding the threats that an organisation faces, thereby helping the business understand where it should target its investment. The VerIS framework is free, and its used in Verizon's Data Breach Investigations Reports (DBIR): http://www.verizonbusiness.com/databreach
My question was more around if anyone had customised their RTIR installation with any custom fields to add the VerIS incident classification fields and data i.e. something like this: • Agent o Source: External o Type: Organized criminal group o Origin: Romania • Action o Category: Hacking o Type: SQL injection o Path: Web application • Asset o System: Database server o Data: Personal information • Attribute o Type: Confidentiality I first learnt about it when reading the Richard Bejtlich's Taosecurity blog I was quite impressed with the comprehensiveness, and after seeing the DBIR report I understood how good metrics can really help in formulating a business plan to upper management, and to help target your upcoming budget. Regards Terry MacDonald ________________________________________ From: [email protected] [[email protected]] On Behalf Of Ruslan Zakirov [[email protected]] Sent: Saturday, 28 May 2011 1:51 a.m. To: Terry MacDonald Cc: [email protected] Subject: Re: [Rtir] Use of the VerIS Framework Hi, I don't know about any extensions for integrating RTIR with VerIS. As far as I can see the only integration possible is to push data out of RT/RTIR/AT into VerIS. It totally depends on VerIS capabilities to import information. Also, RTIR has workflow, but still it is quite flexible to quickly bring generic enough integration that will work for many installations, so it's better to start from some production case, but we don't have any. On Fri, May 27, 2011 at 8:11 AM, Terry MacDonald <[email protected]> wrote: > Hi All, > > Just wondering if anyone has integrated the VerIS framework into RTIR > (https://verisframework.wiki.zoho.com/) ? We’ve just installed a new RTIR > install, and use the VerIS framework for classification of incidents. > Wondering if anyone else has attempted it, and how difficult it was. I can’t > find any VerIS framework extensions anywhere… > > Cheers > Terry -- Best regards, Ruslan. _______________________________________________ Rtir mailing list [email protected] http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
