Cyber Forecasting Model Discovered in Verizon's Incident Data
Cyber Forecasting Model Discovered in Verizon's Incident Data
CHICAGO, June 11, 2024 /PRNewswire/ -- HALOCK Security Labs was recently recognized for their contribution to the 2024 Verizon Data Breach Investigations Report (DBIR) having found a way to practically apply Verizon's raw data for risk assessments.
2024年6月11日,芝加哥/美通社 -- HALOCK安防實驗室因爲發現一種將Verizon的原始數據實際應用於風險評估的方法,最近在2024年Verizon數據泄露調查報告(DBIR)中得到了認可。
HALOCK's HIT Index (HALOCK Industry Threat Index) uses Verizon's crowd-sourced dataset known as the VERIS Community Database (VCDB). It contains over 10,000 breach records with more than 2,500 columns detailing the characteristics of each attack. The HIT Index is a detailed analysis of the VCBD data against a set of cybersecurity safeguards. It states that the more commonly a threat appears in incident records, the more likely it would be the cause of an eventual incident.
HALOCK的HIT指數(HALOCK行業威脅指數)使用Verizon的衆包數據集,稱爲VERIS社區數據庫(VCDB)。其中包含超過10,000條違規記錄,以及詳細描述每個攻擊特徵的超過2,500列。HIT指數是VCBD數據針對一組網絡安全保障措施的詳細分析,聲明瞭威脅越常在事件記錄中出現,它導致事件的可能性就越大。
A version of the HIT Index methodology was donated to the Center for Internet Security (CIS) and incorporated into the CIS Risk Assessment Method (CIS RAM 2.1) which is provided free to the cybersecurity community.
HIT指數方法的一種版本已經捐贈給互聯網安全中心(CIS)並納入到提供給網絡安全社區的CIS風險評估方法(CIS RAM 2.1)中,這是免費提供的。
"When you look at the data deeply, you see the patterns emerge. We just needed to model it in a way that people can use in risk analysis. The stronger your safeguards are for each threat, the less you should expect them to happen." – Todd Becker, Principal at HALOCK
“當你深入研究數據時,你會看到模式出現。我們只需要以人們可以在風險分析中使用的方式來建模它。每個威脅所需的安全防護措施越強大,你需要期望的出現就越少。” – HALOCK公司主管Todd Becker
This is not HALOCK's first foray into giving away intellectual property. HALOCK also developed the Duty of Care Risk Analysis methodology, or "DoCRA," to define reasonable security. Its principles have been adopted by CIS and cited by regulators from ten states. In conjunction with the HIT Index, this standard has been implemented as a part of CIS RAM and can be applied to most risk assessment methodologies prevalent today.
這不是HALOCK首次免費提供知識產權。HALOCK還開發了名爲Duty of Care風險分析方法(DoCRA),用於定義“合理安全”標準。合理的安防-半導體。這個標準已被CIS採用並被十個州的監管機構引用。與HIT指數一起,它作爲CIS RAM的一部分已經實施,並且可以應用於當前普遍的大多數風險評估方法。
Reasonable Risk LLC, a GRC SaaS application and sister company to HALOCK, has automated the HIT Index, CIS RAM, and DoCRA using VCBD data. Organizations using the application can derive the likelihood of threats based on real threat data (combined with the maturity of the safeguard in place), making risk analysis more credible and automatic.
GRC SaaS應用程序“Reasonable Risk LLC”是HALOCK的姐妹公司,已經使用VCBD數據自動化HIT指數,CIS RAM和DoCRA。使用該應用程序的組織可以根據實際威脅數據(結合已有防護措施的成熟度)推斷出威脅的可能性,從而使風險分析更加可信和自動化。
"Anyone who has been part of a risk assessment has been asked to determine the 'likelihood' of an event happening. The answer usually leaves us feeling like we are guessing. The Reasonable Risk Application utilizes the VCBD data to derive likelihood levels instead of guessing. This results in significantly more accurate risk scoring, which in turn translates to better prioritization for risk remediation. Deriving likelihood is a transformative step forward for risk management." – Jim Mirochnik, CEO of Reasonable Risk, LLC
“任何參與過風險評估的人都被要求確定事件發生的可能性。答案通常讓我們感覺像是在瞎猜。合理的風險應用程序利用VCBD數據來推導可能性級別,而不是猜測。這導致得分更準確,進而將結果轉化爲更好的風險緩解優先級。推出可能性是風險管理的一個變革性的前進步驟。”
Until now, VCBD data has not been utilized to improve risk assessments. A broad understanding of various cybersecurity attack vectors, as well as the knowledge of how to manipulate that data into insight, is required. HALOCK's team has created several solutions to facilitate ease in solving this exact problem, earning their credit in the 2024 Verizon DBIR.
迄今爲止,VCBD數據尚未被利用以改進風險評估。需要廣泛了解各種網絡安全攻擊向量,以及將該數據轉化爲見解的知識。HALOCK's團隊已經創建了幾個解決方案,以便容易地解決這個問題,從而在2024年Verizon DBIR中獲得了他們的榮譽。
To learn more about how DoCRA and the HIT Index (using VCDB data analysis) has been optimized in a Risk Management SaaS application, please visit .
了解在風險管理SaaS應用程序中如何將DoCRA和HIT指數(使用VCDB數據分析)優化的更多信息,請訪問 。
ABOUT HALOCK SECURITY LABS
關於HALOCK SECURITY LABS
HALOCK is a risk management and information security consulting firm providing cybersecurity, regulatory, strategic, and litigation services. HALOCK has pioneered an approach to risk analysis that aligns with regulatory standards for "reasonable" and "appropriate" safeguards and risk, using due care and reasonable person principles. As authors of CIS Risk Assessment Method (RAM) and board members of The Duty of Care Risk Analysis (DoCRA) Council, HALOCK offers unique insight to help organizations define their acceptable level of risk and establish reasonable security.
HALOCK是一家提供網絡安全監管,策略和訴訟服務的風險管理和信息安全諮詢公司。HALOCK開創了一種與“合理”和“適當”的安全防護和風險監管標準相符合的風險分析方法,使用注意義務和合理人原則。作爲CIS風險評估方法(RAM)的作者,以及The Duty of Care Risk Analysis (DoCRA)委員會的董事會成員,HALOCK提供獨特的洞察力,以幫助組織定義其可接受的風險水平並建立合理的安全體系。
SOURCE HALOCK Security Labs
資料來源:HALOCK安防實驗室
譯文內容由第三人軟體翻譯。