There’s a certain amount of risk in every business.
Just because there is risk, though, doesn’t mean you should throw caution to the wind. This is why businesses big and small hire risk managers.
One of the best ways to strengthen your risk management strategy is with open source intelligence (OSINT). In this post we explore how OSINT can improve risk assessment.
Risk Assessment & COSO
At the foundation of most risk management strategies is the COSO cube. Developed by the Committee of Sponsoring Organizations (COSO), it’s a resource for enterprise risk management.
The cube builds a framework for risk managers to follow — from implementing their strategy to monitoring their results. At the center is risk assessment.
Is the risk a massive threat or a minor issue? Is it internal risk or external risk? Does it have the potential to lead to bigger problems?
These are questions a risk manager asks during risk assessment so they can devise a response and the more data they have to determine the impact of the risk, the better. That’s where OSINT comes in.
Strength From OSINT
Our team at BrightPlanet uses OSINT to help managers answer those risk assessment questions. Once an event has been identified, the risk of that event is then assessed. With the data provided from OSINT, a risk manager has a full range of information to determine the true ramifications of an event.
Take a banking institution for example. If customer data was accidentally sent to a group of employees, that’s an internal risk, and likely a minor one. The same information in the hands of hackers, however, is a major risk.
Using the power of OSINT, BrightPlanet can set up an ongoing search for the bank’s customers information — credit card and account numbers, for instance — watching to see if they show up anywhere in the open sources, Dark Web, Deep Web or Surface Web. If they do, the risk manager can access the seriousness of the event in question and decide what the appropriate response should be.
It would be impossible for a risk management team at any business to actively search the web for the compromised information at the speed and scale that BrightPlanet can. A risk management team can spend their time assessing and responding to risk as opposed to manually trying to find it in the first place when they include OSINT in their risk management strategy.
Work with the Web, Not Against It
Banking is an industry where risk assessment is a high priority, but it isn’t the only one.
Pharmaceutical companies need to monitor for counterfeit drugs. Human resources agencies must keep personal data protected. Even travel directors can assess the risk of sending a group to a specific location using OSINT.
Risk management isn’t something you can avoid — otherwise you’d hire a risk eliminator. The growth of the Internet opens even more opportunity for risk, but with OSINT you can effectively monitor the millions of pages and identify, assess and respond to risk faster and better.
Check out our full range of OSINT solutions for businesses across all industries. If you’re unsure how to it will work for you, contact us. Our team of experts will explain the power of data harvesting.
Download our risk management white paper to dig deeper into OSINT solutions and find out how they could work for you.