Skip to content

Demographic Codes

Jump to bottom Edit New page
Kevin Thompson edited this page May 19, 2014 · 1 revision

VERIS uses several variables to capture demographic information about a threat actor or victim and to capture impact data from an incident. Country, currency, industry, and region codes are used to ensure consistent representation of demographic and impact data from incident to incident.

Country

VERIS represents victim and actor countries using ISO alpha-2 country codes. These are two-letter codes defined by the International Standards Organization. Some examples of commonly used country codes include: United State (US), China (CN), Canada (CA).

A full list of countries and the associated country codes can be found here: http://www.nationsonline.org/oneworld/countrycodes.htm

Region code

In many cases, the analyst creating a VERIS object does not know the specific country where the actor or victim is located. For example, intelligence reports may state that threat actors from East Asia were attacking manufacturing companies in Europe. In these cases the analyst would mark Unknown for the actor country and the victim country.

To capture this information, VERIS has defined a region code starting in version 1.3. Region code is a six digit string to allow for leading zeros. The composition of the code is taken from United Nations region codes and subregion codes which can be found here: http://unstats.un.org/unsd/methods/m49/m49regin.htm.

The first three characters of the region code make up the major region such as Europe, Africa, Americas, etc. The second three characters are the subregion code if known. An attacker from East Asia would be given a region code of "142030". A victim in Europe would be given a region code of "150000"

Currency Code

Currency code is used to specify which currency is being used to measure the cost of certain impact variables. Currency codes are taken from ISO standard 4217. http://www.iso.org/iso/home/standards/currency_codes.htm

Industry Code

Victim and partner industries are represented in VERIS using a 2-to-6 character string known as a NAICS code. The North American Industry Classification System (NAICS) is used to classify industries. The length of the code is related to how much is known about the industry. For example, if all we knew about a victim's industry is that it was in health care we would use the code "62" to represent that. If, however, we knew that the victim was a general medical and surgical hospital then we would use the code "622110" to represent that.

New in VERIS version 1.3 is the addition of a dash to allow for ranges in NAICS code. In some cases, the information we have about a victim or partner industry is just a single word like "Manufacturing." However, there are several NAICS codes that apply to manufacturing and so we wouldn't know which code to apply. Most of the time a two-digit code will be used to describe a broad industry, but there are three cases where the range needs to be used:

  • Manufacturing: "31-33"
  • Retail: "41-45"
  • Transportation: "48-49"
Add a custom footer
Add a custom sidebar
Clone this wiki locally