Using social media for risk scoring
Risk scoring is a way of generating a number which tells you how risky something is. Risk relates to the likelihood and consequence of an event occurring. A simple risk scoring model involves assigning a value to the likelihood and consequence of a risk eventuating. These risk values are then added together to provide an overall risk score.
What are the benefits of risk scoring?
Time. A risk score can be used as an initial check to determine if a risk requires further investigation. When resources are limited, risk scores can help you focus your efforts. For example, when assessing candidates for employment, a higher risk score may warrant closer attention to certain areas during a job interview. The risk score threshold will be different for each organization and what it deems as an acceptable level of risk.
Another use for a risk score is to aid in decision making. For example, when assessing the risk that an organisation may suffer a cyber security incident, a low risk score may indicate that an organisation is more desirable to do business with than one with a higher risk score.
How can open source intelligence and risk scoring be applied to my business?
- Credit Risk – Financial institutions rely on credit databases to make decisions about whether to provide credit. By looking at what a person or organisation has said or has been said about them online, a risk score can be generated to provide an additional objective measure of credit risk.
- Cyber Risk – The information available online about your company, its infrastructure and its people will be used by attackers as inputs into cyber attacks. A risk score can be generated based on the type and volume of information available.
- Third Party Risk – Your suppliers have privileged access to your people, data and infrastructure. You rely on them to provide the inputs that you need to run your business. By looking at the behaviours of the supplier’s executives and what is being said about them and their company online, a risk score can be generated to help identify areas of concern.
- Employment Screening and Ongoing Monitoring – Your employees have access to your most sensitive data, and represent your business. By assessing a candidate’s online behaviour, you can generate a risk score that will help guide the interview process.
Once an employee joined your organisation, you can protect your assets by monitoring online behaviour. Depending on the organisations risk tolerance, risk scores above the tolerance can be turned into alerts for action by your security team.
Risk scoring is a great way to support decision making.
Open source intelligence is an objective way of generating a risk score for a person or organization, based on publicly available information.