Looking for some advice on the most correct way to describe incidents involving cloud native asset types. Am newer to the VERIS Framework and have been looking on how to describe common incident types that are seen. Examples include cloud native storage (S3/Azure Storage), Kubernetes/Containers, Native WebApps/SQL, Functions/Logics Apps, etc.
Given the example scenario:An S3 Bucket containing PII has been accidentally left in a publicly accessible mode leading to an actor exfiltrating the data contained therein and making ransom demands to not release the data.
I can force some of these cloud native terms into the Asset Enumerations but then it fails to highlight issues with Cloud Native configurations/incidents when they occur.
I see the Cloud Specific section of the Enum but it's still missing (in my opinion) some of the depth I'm looking for here:
Looking for best practices/advice on how to handle this one and if there's some element missing in the framework.
Looking for some advice on the most correct way to describe incidents involving cloud native asset types. Am newer to the VERIS Framework and have been looking on how to describe common incident types that are seen. Examples include cloud native storage (S3/Azure Storage), Kubernetes/Containers, Native WebApps/SQL, Functions/Logics Apps, etc.
Given the example scenario: An S3 Bucket containing PII has been accidentally left in a publicly accessible mode leading to an actor exfiltrating the data contained therein and making ransom demands to not release the data.
Actor: External - Organized Crime - Financial Action: Error - Publishing Error - Carelessness Asset: Server - File - External Hosted - Victim Owned???? Attribute: Confidentiality/Possession - Data Disclosure - Personal Variety
I can force some of these cloud native terms into the Asset Enumerations but then it fails to highlight issues with Cloud Native configurations/incidents when they occur.
I see the Cloud Specific section of the Enum but it's still missing (in my opinion) some of the depth I'm looking for here:
Looking for best practices/advice on how to handle this one and if there's some element missing in the framework.