IDEAS home Printed from https://ideas.repec.org/a/eee/bushor/v61y2018i5p689-697.html
   My bibliography  Save this article

Open-source intelligence for risk assessment

Author

Listed:
  • Hayes, Darren R.
  • Cappa, Francesco

Abstract

Advances in information technology (IT) have prompted tremendous growth in security issues for companies. Increasingly, cyberattacks represent a threat to companies and national security; to prevent them, firms should routinely perform risk assessments of their IT infrastructure and employees. This article highlights the importance of open-source intelligence (OSINT) tools in conducting risk assessments to prevent cyberattacks. More specifically, we performed a vulnerability assessment on the critical infrastructure of a company operating on the U.S. electrical grid. We successfully profiled the company’s network software, hardware, and key IT personnel—using OSINT—and detailed potential vulnerabilities associated with these findings. The results of our study provide empirical evidence for the efficacy of OSINT in improving the security posture of organizations. Our research findings were subsequently used to produce tactical and strategic recommendations for organizations based on the use of OSINT to identify vulnerabilities, mitigate risks, and formulate more robust security policies to prevent cyberattacks.

Suggested Citation

  • Hayes, Darren R. & Cappa, Francesco, 2018. "Open-source intelligence for risk assessment," Business Horizons, Elsevier, vol. 61(5), pages 689-697.
    • Handle: RePEc:eee:bushor:v:61:y:2018:i:5:p:689-697
    DOI: 10.1016/j.bushor.2018.02.001
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0007681318300296
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.bushor.2018.02.001?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Shackelford, Scott J., 2012. "Should your firm invest in cyber risk insurance?," Business Horizons, Elsevier, vol. 55(4), pages 349-356.
    2. Genge, Béla & Kiss, István & Haller, Piroska, 2015. "A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 10(C), pages 3-17.
    3. Hartong, Mark & Goel, Rajni & Wijesekera, Duminda, 2008. "Security and the US rail infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 1(C), pages 15-28.
    4. Rice, Mason & Miller, Robert & Shenoi, Sujeet, 2011. "May the US government monitor private critical infrastructure assets to combat foreign cyberspace threats?," International Journal of Critical Infrastructure Protection, Elsevier, vol. 4(1), pages 3-13.
    5. Young, Derek & Lopez, Juan & Rice, Mason & Ramsey, Benjamin & McTasney, Robert, 2016. "A framework for incorporating insurance in critical infrastructure cyber risk strategies," International Journal of Critical Infrastructure Protection, Elsevier, vol. 14(C), pages 43-57.
    6. Abraham, Sherly & Chengalur-Smith, InduShobha, 2010. "An overview of social engineering malware: Trends, tactics, and implications," Technology in Society, Elsevier, vol. 32(3), pages 183-196.
    7. Alharthi, Abdulkhaliq & Krotov, Vlad & Bowman, Michael, 2017. "Addressing barriers to big data," Business Horizons, Elsevier, vol. 60(3), pages 285-292.
    8. Hooper, Val & McKissack, Jeremy, 2016. "The emerging role of the CISO," Business Horizons, Elsevier, vol. 59(6), pages 585-591.
    9. Rong Fu & Xiaojuan Huang & Jun Sun & Zhenkai Zhou & Decheng Chen & Yingjun Wu, 2017. "Stability Analysis of the Cyber Physical Microgrid System under the Intermittent DoS Attacks," Energies, MDPI, vol. 10(5), pages 1-15, May.
    10. Ananda Kumar, V. & Pandey, Krishan K. & Punia, Devendra Kumar, 2014. "Cyber security threats in the power sector: Need for a domain specific regulatory framework in India," Energy Policy, Elsevier, vol. 65(C), pages 126-133.
    11. Francesco Cappa & Fausto Del Sette & Darren Hayes & Federica Rosso, 2016. "How to Deliver Open Sustainable Innovation: An Integrated Approach for a Sustainable Marketable Product," Sustainability, MDPI, vol. 8(12), pages 1-14, December.
    12. Karabacak, Bilge & Yildirim, Sevgi Ozkan & Baykal, Nazife, 2016. "A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness," International Journal of Critical Infrastructure Protection, Elsevier, vol. 15(C), pages 47-59.
    13. Shackelford, Scott J., 2016. "Business and cyber peace: We need you!," Business Horizons, Elsevier, vol. 59(5), pages 539-548.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Maria Federica Cordova & Andrea Celone, 2019. "SDGs and Innovation in the Business Context Literature Review," Sustainability, MDPI, vol. 11(24), pages 1-14, December.
    2. Francesco Cappa & Michele Pinelli & Riccardo Maiolini & Maria Isabella Leone, 2021. "“Pledge” me your ears! The role of narratives and narrator experience in explaining crowdfunding success," Small Business Economics, Springer, vol. 57(2), pages 953-973, August.
    3. Muhammad Mudassar Yamin & Mohib Ullah & Habib Ullah & Basel Katt & Mohammad Hijji & Khan Muhammad, 2022. "Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security," Mathematics, MDPI, vol. 10(12), pages 1-25, June.
    4. Francesco Cappa & Federica Rosso & Darren Hayes, 2019. "Monetary and Social Rewards for Crowdsourcing," Sustainability, MDPI, vol. 11(10), pages 1-14, May.
    5. Zhou, Hongli & Zhang, Xiaodong & Hu, Yang, 2020. "Robustness of open source product innovation community’s knowledge collaboration network under the dynamic environment," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 540(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Md. Hamid Uddin & Md. Hakim Ali & Mohammad Kabir Hassan, 2020. "Cybersecurity hazards and financial system vulnerability: a synthesis of literature," Risk Management, Palgrave Macmillan, vol. 22(4), pages 239-309, December.
    2. Dirk Wrede & Tino Stegen & Johann-Matthias Schulenburg, 2020. "Affirmative and silent cyber coverage in traditional insurance policies: Qualitative content analysis of selected insurance products from the German insurance market," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 45(4), pages 657-689, October.
    3. Tabesh, Pooya & Mousavidin, Elham & Hasani, Sona, 2019. "Implementing big data strategies: A managerial perspective," Business Horizons, Elsevier, vol. 62(3), pages 347-358.
    4. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    5. Naci Akdemir & Serkan Yenal, 2021. "How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails," SAGE Open, , vol. 11(3), pages 21582440211, July.
    6. Meghisan-Toma Georgeta-Madalina & Nicula Vasile Cosmin, 2020. "ICT Security Measures for the Companies within European Union Member States – Perspectives in COVID-19 Context," Proceedings of the International Conference on Business Excellence, Sciendo, vol. 14(1), pages 362-370, July.
    7. Siwar Kriaa & Marc Bouissou & Youssef Laarouchi, 2019. "A new safety and security risk analysis framework for industrial control systems," Journal of Risk and Reliability, , vol. 233(2), pages 151-174, April.
    8. Berns, John P. & Jia, Yankun & Gondo, Maria, 2022. "Crowdfunding success in sustainability-oriented projects: An exploratory examination of the crowdfunding of 3D printers," Technology in Society, Elsevier, vol. 71(C).
    9. Francis Aboagye‐Otchere & Cletus Agyenim‐Boateng & Abdulai Enusah & Theodora Ekua Aryee, 2021. "A Review of Big Data Research in Accounting," Intelligent Systems in Accounting, Finance and Management, John Wiley & Sons, Ltd., vol. 28(4), pages 268-283, October.
    10. Monica C. LaBarge & Kristen L. Walker & Courtney Nations Azzari & Maureen Bourassa & Jesse Catlin & Stacey Finkelstein & Alexei Gloukhovtsev & James Leonhardt & Kelly Martin & Maria Rejowicz‐Quaid & M, 2022. "Digital exchange compromises: Teetering priorities of consumers and organizations at the iron triangle," Journal of Consumer Affairs, Wiley Blackwell, vol. 56(3), pages 1220-1243, September.
    11. González, Santiago G. & Dormido Canto, S. & Sánchez Moreno, José, 2020. "Obtaining high preventive and resilience capacities in critical infrastructure by industrial automation cells," International Journal of Critical Infrastructure Protection, Elsevier, vol. 29(C).
    12. Acharya, Abhilash & Singh, Sanjay Kumar & Pereira, Vijay & Singh, Poonam, 2018. "Big data, knowledge co-creation and decision making in fashion industry," International Journal of Information Management, Elsevier, vol. 42(C), pages 90-101.
    13. Singh, Abhishek Narain & Gupta, M.P. & Ojha, Amitabh, 2014. "Identifying critical infrastructure sectors and their dependencies: An Indian scenario," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(2), pages 71-85.
    14. Asad Hussain & Sunila Fatima Ahmad & Mishal Tanveer & Ansa Sameen Iqbal, 2022. "Computer Malware Classification, Factors, and Detection Techniques: A Systematic Literature Review (SLR)," International Journal of Innovations in Science & Technology, 50sea, vol. 4(3), pages 899-918, August.
    15. Umit Can & Bilal Alatas, 2017. "Big Social Network Data and Sustainable Economic Development," Sustainability, MDPI, vol. 9(11), pages 1-19, November.
    16. Baldini, Gianmarco & Nai Fovino, Igor & Masera, Marcelo & Luise, Marco & Pellegrini, Vincenzo & Bagagli, Enzo & Rubino, Giuseppe & Malangone, Raffaele & Stefano, Marcoccio & Senesi, Fabio, 2010. "An early warning system for detecting GSM-R wireless interference in the high-speed railway infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(3), pages 140-156.
    17. Jakob Pohlisch, 2020. "Internal Open Innovation—Lessons Learned from Internal Crowdsourcing at SAP," Sustainability, MDPI, vol. 12(10), pages 1-22, May.
    18. Gabriela Zeller & Matthias Scherer, 2023. "Risk mitigation services in cyber insurance: optimal contract design and price structure," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 48(2), pages 502-547, April.
    19. Maria Federica Cordova & Andrea Celone, 2019. "SDGs and Innovation in the Business Context Literature Review," Sustainability, MDPI, vol. 11(24), pages 1-14, December.
    20. Nguyen, Phan Dinh & Tran, Lobel Trong Thuy & Baker, John, 2021. "Driving university brand value through social media," Technology in Society, Elsevier, vol. 65(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:bushor:v:61:y:2018:i:5:p:689-697. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/bushor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.