Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company's network software, hardware, and key IT personnelâusing OSINTâand detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.
Open-source intelligence for risk assessment / Hayes, Darren R.; Cappa, Francesco. - In: BUSINESS HORIZONS. - ISSN 0007-6813. - 61:5(2018), pp. 689-697. [10.1016/j.bushor.2018.02.001]
Open-source intelligence for risk assessment
Cappa, Francesco
2018
Abstract
Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company's network software, hardware, and key IT personnelâusing OSINTâand detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.File | Dimensione | Formato | |
---|---|---|---|
BUSHOR_1469_corrected.pdf
Solo gestori archivio
Tipologia:
Versione dell'editore
Licenza:
DRM (Digital rights management) non definiti
Dimensione
882.63 kB
Formato
Adobe PDF
|
882.63 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.