The document discusses the need for organizations to have an incident response (IR) framework to adequately prepare for security incidents. It introduces the VERIS framework, which can help lay the foundation for an IR program by describing attacks. VERIS provides a common vocabulary for recording and sharing information about security incidents and helps organizations understand the variety of actions, actors, assets, and attributes involved in incidents to improve detection and response capabilities. The document advocates that understanding details about incidents through frameworks like VERIS is important because organizations cannot detect or respond to what they do not understand or know about attacks and attackers.