The VERIS (Vocabulary for Event Recording and Incident Sharing) Framework is a taxonomy that standardizes how security incidents are described and categorized.
Launched in 2010 by Verizon, the taxonomy enables organizations to collect, classify, analyze, compare and share information security incident data in a structured, repeatable, anonymous and secure manner.
The VERIS model incorporates more than 150 data points regarding the incident's threat landscape, asset landscape, impact landscape and control landscape. The framework, which is split into four sections (demographics, incident classification, discovery and mitigation, and impact classification), employs the A⁴ threat model:
- Actors: Whose actions affected the asset?
- Actions: What actions affected the asset?
- Assets: Which assets were affected?
- Attributed: How was the asset affected?
The VERIS metric is available for free download. Available separately is the VERIS Community Database, an open catalog of more than 1,200 publicly disclosed data breach incidents, primarily from 2012 and 2013. Coded into the VERIS format, the data set is meant to support both community research and corporate decision-making.