1      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778589 - 2021 DBIR and the VERIS A4 Threat Model


Oct 20, 2021 10:30am ‐ Oct 20, 2021 11:30am



Credits: None available.

Description

VERIS, or the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information - anonymously and responsibly - with others. The VERIS Framework underpins the annual Data Breach Investigations Report (DBIR). VERIS employs the A4 Threat Model to describe key aspects of incidents and breaches that affect victim organizations. Simply put, the A4 Threat Model seeks to answer: who (actor) did what (action) to what (asset) in what way (attribute) for threat modeling, intelligence analysis, breach mitigation and detection / response improvement.

Learning Objectives:
  • Understand data breaches and cybersecurity incidents through the VERIS lens.
  • Identify the four components of the VERIS A4 Threat Model: actors, actions, assets, attributes.
  • Apply use cases for the VERIS A4 Threat Model.

Speaker(s):

  • John Grim, Head | RDI, Verizon Threat Research Advisory Center, Verizon
Tags: Intermediate

Credits

  • 1.00 - CPE

You must be logged in and own this session in order to post comments.