Verizon：2019年数据泄露调查报告（DBIR）（英文版）（78页）.pdf

《Verizon：2019年数据泄露调查报告（DBIR）（英文版）（78页）.pdf》由会员分享，可在线阅读，更多相关《Verizon：2019年数据泄露调查报告（DBIR）（英文版）（78页）.pdf（78页珍藏版）》请在三个皮匠报告上搜索。

1、2019 Data Breach Investigations Report business ready 4e 6f 20 63 6f 76 65 72 20 63 68 61 6c 6c 65 6e 67 65 20 74 68 69 73 20 79 65 61 72 2 Server (All breaches, n=1,881) Server (Just large organization breaches, n=335) Breaches Figure 1. Top asset variety in breaches 0% 20% 40% 60% 80% 100% Before

2、we formally introduce you to the 2019 Data Breach Investigations Report (DBIR), let us get some clarifications out of the way first to reduce potential ambiguity around terms, labels, and figures that you will find throughout this study. VERIS resources The terms “threat actions,” “threat actors,” “

3、varieties,” and “vectors” will be referenced a lot. These are part of the Vocabulary for Event Recording and Incident Sharing (VERIS), a framework designed to allow for a consistent, unequivocal collection of security incident details. Here are some select definitions followed by links with more inf

4、ormation on the framework and on the enumerations. Threat actor: Who is behind the event? This could be the external “bad guy” that launches a phishing campaign, or an employee who leaves sensitive documents in their seat back pocket. Threat action: What tactics (actions) were used to affect an asse

5、t? VERIS uses seven primary categories of threat actions: Malware, Hacking, Social, Misuse, Physical, Error, and Environmental. Examples at a high level are hacking a server, installing malware, and influencing human behavior. Variety: More specific enumerations of higher level categories - e.g., cl

6、assifying the external “bad guy” as an organized criminal group, or recording a hacking action as SQL injection or brute force. Learn more here: DBIR figures and figure data. features information on the framework with examples and enumeration listings. features the full VERIS schema. provides access