Open-source intelligence for risk assessment

Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company’s network software, hardware, and key IT personnel—using OSINT—and detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.