Strengthen Your Risk Management: Use OSINT to Improve Control Activities

Risk management is a big concern for businesses in every industry.

From banking to insurance, companies work to minimize potential risks. Here at BrightPlanet, we use open source intelligence (OSINT) to help our clients strengthen risk management plans — including their control activities.

What Are Control Activities?

COSO FrameworkNearly every risk management plan starts with the COSO cube.

Developed by the Committee of Sponsoring Organizations (COSO), the COSO cube acts as a risk management framework for many organizations.

The guidelines outlined in the cube come together to create a holistic risk management plan, and each individual piece, like risk response or event identification, can be supported with OSINT data.

Control activities are a high-level element of the COSO cube, designed to keep a business accountable for their internal risk management. Even the best risk management system in the world needs accountability.

That’s where OSINT comes in.

How Does OSINT Help?

The Internet isn’t just comprised of social media channels and news sites. There are millions of names, addresses, emails and account numbers hosted online — more information than one person could ever scan through manually.

Here at BrightPlanet, though, we dig into the Deep Web with a process called data harvesting. This allows us to use computer algorithms to browse OSINT information, tailored to the needs of your business.

In cases of control activities, this might include developing an internal certification process for your employees or creating a monitoring system for sensitive information internally.

Audit Preparation and Execution

This OSINT monitoring is especially important when faced with an audit.

Instead of scrambling to explain your risk management processes, BrightPlant can provide your business with the specific requirements and algorithms we’re using to monitor your protected data.

For example, let’s say we’d integrated OSINT into Bank A’s risk management framework and were monitoring for data breaches. If an internal auditor from the bank’s overarching brand decides to do an internal review of Bank A, BrightPlanet can provide the auditor with the algorithms of the rules, what entities are being extracted and the sites that are being harvested as part of the ongoing monitoring for breach events. And we do this in any language, and with all open source content.

Instead of Bank A’s compliance manager worrying about where to get the information, they’ll know BrightPlanet is on top of it and can provide it for their audit. We can also set up an internal system so employees can access the information directly. It can be set-up to provide certain access to certain employees.

OSINT Solutions for Your Business

Right now, OSINT data is an innovative technology in risk management practices, but we see it slowly becoming part of the standard. Now is the time to implement OSINT solutions.

We have a collection of powerful tools available to harvest OSINT data. Put your business ahead of the curve and simplify your process with our OSINT solutions. If you’re not sure how this fits into your business framework, contact us with questions, and our team of experts will be in touch.

Download our risk management white paper to dig deeper into OSINT solutions and find out how they could work for you.

Download the OSINT for Risk Management White Paper