Start With the End in Mind
Whatever your goals, open source intelligence can be tremendously valuable for all security disciplines. Ultimately, though, finding the right combination of tools and techniques for your specific needs will take time, as well as a degree of trial and error. The tools and techniques you need to identify insecure assets are not the same as those that would help you follow up on a threat alert or connect data points across a variety of sources.
Planning on Intelligence
Information, as we know it today, includes both electronic and physical information. The organizational structure must be capable of managing this information throughout the information lifecycle regardless of source or format (data, paper documents, electronic documents, audio, video, etc.) for delivery through multiple channels that may include cell phones and web interfaces.
According to Wikipedia, Information management (IM) is the collection and management of information from one or more sources and the distribution of that information to one or more audiences. This sometimes involves those who have a stake in or a right to that information. Management means the organization of and control over the structure, processing, and delivery of information.
Intelligence Mission Objectives
Three Mission Objectives refer to foundational intelligence missions the IC must accomplish, regardless of threat or topic:
- Strategic Intelligence—inform and enrich understanding of enduring security issues;
- Anticipatory Intelligence—detect, identify, and warn of emerging issues and discontinuities;
- Current Operations—support ongoing actions and sensitive intelligence operations.
Acting on Intelligence
Having a clear strategy and framework in place for open source intelligence gathering is essential — simply looking for anything that could be interesting or useful will inevitably lead to burnout. There is a dark side to open source intelligence: anything that can be found by security professionals can also be found (and used) by threat actors.
Of all the threat intelligence subtypes, open source intelligence (OSINT) is perhaps the most widely used, which makes sense. After all, it’s mostly free, and who can say no to that? Unfortunately, much like the other major subtypes — human intelligence, signals intelligence, and geospatial intelligence, to name a few — open source intelligence is widely misunderstood and misused. Intelligence can provide insights not available elsewhere that warn of potential threats and opportunities, assess probable outcomes of proposed policy options, provide leadership profiles on persons of interest, and inform organizations of opportunities and threats threats.
Open source intelligence is derived from data and information that is available to the general public. It’s not limited to what can be found using Google, although the so-called “surface web” is an important component.
As valuable as open source intelligence can be, information overload is a real concern. Most of the tools and techniques used to conduct open source intelligence initiatives are designed to help security professionals (or threat actors) focus their efforts on specific areas of interest.
How To
According to Wikipedia, Information management (IM) is the collection and management of information from one or more sources and the distribution of that information to one or more audiences. This sometimes involves those who have a stake in or a right to that information. Management means the organization of and control over the structure, processing, and delivery of information.
- Identify sources of interest and filter information by those sources
- Specify your scope of information gathering
- Drill-down on information collected
- Combine information from different sources