Difference between revisions of "Databreach Risk Event Data Model"
From Open Risk Data
imported>Wiki admin |
imported>Wiki admin |
||
| Line 3: | Line 3: | ||
The Data Model derives from the Vocabulary for Event Recording and Incident Sharing ([http://veriscommunity.net/ VERIS]), adapted to fit into the Wikibase [[Data Model]] | The Data Model derives from the Vocabulary for Event Recording and Incident Sharing ([http://veriscommunity.net/ VERIS]), adapted to fit into the Wikibase [[Data Model]] | ||
| + | In terms of the overall [https://www.openriskmanual.org/wiki/Risk_Taxonomy risk taxonomy], a databreach risk event is | ||
| + | * roughly equivalent to [https://www.openriskmanual.org/wiki/IT_Security_Risk IT Security Risk]] | ||
| + | * which is a subtype of [https://www.openriskmanual.org/wiki/IT_Risk IT Risk]] | ||
| + | * which is a subtype of [https://www.openriskmanual.org/wiki/Operational_Risk Operational Risk]] (for a managed entity such as a corporation or other organization) | ||
| + | * which is a subtype of [https://www.openriskmanual.org/wiki/Business_Risk Business Risk]], the highest level category | ||
| + | Databreach risk events are further subdivided according to the type of threat action used (membership of multiple classes is possible): | ||
* Malware | * Malware | ||
* Hacking | * Hacking | ||
| Line 34: | Line 40: | ||
* has internal actor (subclass of has actor) | * has internal actor (subclass of has actor) | ||
* has external actor (subclass of has actor) | * has external actor (subclass of has actor) | ||
| − | |||
| − | |||
| − | |||
== See also == | == See also == | ||
[[Category:Documentation]] | [[Category:Documentation]] | ||
Revision as of 14:57, 5 March 2020
This is the documentation of the Databreach Risk Event Data Model (and associated Cyber Incident Risk Events) used in Open Risk Data to capture Databreach Risk Events
The Data Model derives from the Vocabulary for Event Recording and Incident Sharing (VERIS), adapted to fit into the Wikibase Data Model
In terms of the overall risk taxonomy, a databreach risk event is
- roughly equivalent to IT Security Risk]
- which is a subtype of IT Risk]
- which is a subtype of Operational Risk] (for a managed entity such as a corporation or other organization)
- which is a subtype of Business Risk], the highest level category
Databreach risk events are further subdivided according to the type of threat action used (membership of multiple classes is possible):
- Malware
- Hacking
- Social Engineering
- Misuse
- Physical Action
- Technical Error
- Environmental Hazards
The Data Model Structure
The primary entity documented is a Databreach Risk Event (NB: Several auxiliary entities must be defined). The full description of Items and Properties is as follows:
- Databreach Item:
- Item identifier (a serial ID number, prefixed with Q). This is a unique ID for an Item in the context of the Open Risk Data instance. This is assigned automatically by the system when an item is first inserted into the database. It is not the same as the incident_id which is used to identify events in the VCDB
- Fingerprint, consisting of:
- Multilingual label, a human readable label. This is a unique textual description of an Item. It is constructed out of incident data as a concatenated string of the form ENTITY + DATE + CATEGORY, where the DATE is MM/YEAR format obtained from timeline/incident data
- Multilingual description, a longer description of the item constructed with snippets from the action
- Multilingual aliases, other possible labels for an item (NORMALLY NOT USED)
- Statements, associated with the item, each consisting of:
- Claim, consisting of:
- Property
- Value
- Qualifiers (additional property-value pairs)
- References (each consisting of one or more property-value pairs)
- Rank (NORMALLY NOT USED)
- Claim, consisting of:
The list of claims is as follows
- has action
- has internal actor (subclass of has actor)
- has external actor (subclass of has actor)
