Statistics show that while large amounts of money are being invested in cybersecurity, the number of incidents continues to grow, with cyber attacks motivated by political and financial issues, many times funded by States as part of cyberwarfare. Although the general perception is that the occurrence of incidents is almost inevitable, the literature demonstrates that cybersecurity initiatives are often focused on prevention of incidents rather than its response, with many organizations often poorly prepared and ignoring key incident handling processes. Some initiatives were proposed in order to fill this gap, one of them being the VERIS framework, a "vocabulary for event recording and incident sharing." VERIS goal is to provide a basis for incident documentation, at the same time allowing the sharing of anonymized data to a community database, hence providing metrics for use within organizations or among external parties. As VERIS is a framework focused on information gathering and sharing, this work proposes the extension of the model from its original JSON representation to an OWL ontology, one of the main tools of the Semantic Web initiative, used for knowledge representation and strongly tied to the idea of information sharing. This work focus on the advantages of using such representation for incident handling.
展开▼
