VERIZON 业务风险小组(VERIZON BUSINESS RISK TEAM)在他们的安全博客上发布了《2008 DATA BREACH INVESTIGATIONS REPORT》（2008数据失窃调查报告）。报告中包含他们在2004～2007年调查的500多个案例。与 CSI/FBI 计算机犯罪调查所不同的是这个报告是基于特定事件的。

报告对数据失窃源、威胁分类、攻击难易度、定向攻击、攻击路径、信息仓库与渠道、发现方法等做了详细的说明。

报告对 unkown unkowns 做了全新的解释：

Throughout hundreds of investigations over the last four years, one theme emerges as perhaps the most consistent
and widespread trend of our entire caseload. Nine out of 10 data breaches involved one of the following:
- A system unknown to the organization (or business group afected)
- A system storing  data that the organization did not know existed on that system
- A system that had unknown network  connections or accessibility
- A system that had unknown accounts or  privileges
We refer to these recurring situations as "unknown unknowns!" and they appear to be the Achilles heel in the dat
protection eforts of every organization - regardless of industry, size, location, or overall security posture.

系统、数据、连接、权限，这四点讲的非常棒！

报告总共29页，言简意赅。
下载链接 http://www.verizonbusiness.com/resources/security/databreachreport.pdf