Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company's network software, hardware, and key IT personnel—using OSINT—and detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.

Open-source intelligence for risk assessment / Hayes, Darren R.; Cappa, Francesco. - In: BUSINESS HORIZONS. - ISSN 0007-6813. - 61:5(2018), pp. 689-697. [10.1016/j.bushor.2018.02.001]

Open-source intelligence for risk assessment

Cappa, Francesco
2018

Abstract

Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company's network software, hardware, and key IT personnel—using OSINT—and detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.
Critical infrastructure; Cybersecurity; IT risk assessment; Open-source intelligence; Business and International Management; Marketing
Open-source intelligence for risk assessment / Hayes, Darren R.; Cappa, Francesco. - In: BUSINESS HORIZONS. - ISSN 0007-6813. - 61:5(2018), pp. 689-697. [10.1016/j.bushor.2018.02.001]
File in questo prodotto:
File Dimensione Formato  
BUSHOR_1469_corrected.pdf

Solo gestori archivio

Tipologia: Versione dell'editore
Licenza: DRM non definito
Dimensione 882.63 kB
Formato Adobe PDF
882.63 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11385/178543
Citazioni
  • Scopus 22
  • ???jsp.display-item.citation.isi??? 18
social impact