ENTERPRISE OSINT FOR RISK MANAGEMENT, MONITORING THE DIGITAL FOOTPRINT OF THE COMPANY AND EMPLOYEES
DOI:
https://doi.org/10.32689/maup.it.2026.1.6Keywords:
OSINT, enterprise OSINT, cyber intelligence, digital footprint, corporate security, risk management, SIEM, CTIAbstract
The object of the study is the process of identifying, interpreting and using open-source data for enterprise cyber risk management under the conditions of an expanding digital perimeter. The problem is that traditional internal monitoring mechanisms do not provide early detection of leaks, compromised accounts, shadow digital assets and behavioral signals connected with the digital footprint of employees. The paper improves the approach to Enterprise OSINT as a continuous cycle of collection, normalization, verification and correlation of external indicators with internal security events. The results include a structural architecture model of Enterprise OSINT, a matrix of threat vectors and detection methods, and a procedure for integrating OSINT data into the ISO/IEC 27001, SIEM and CTI control loop. The proposed results solve the problem of fragmented external monitoring through the combination of technical, organizational and analytical components within a single risk management contour. Their distinctive feature is the focus not only on the company infrastructure, but also on employees digital footprints, partner mentions, leaks in the Surface, Deep and Dark Web, and subsequent false-positive verification. The results are explained by the fact that external data are treated not as background information, but as operational risk indicators suitable for automated validation and prioritization. Practical use is possible in corporate information security systems, SOCs, economic security services and compliance units provided that ethical monitoring policies, response procedures and repeated source verification are in place.
References
Chalicheemala, D., & Chalicheemala, D. (2022). What is open-source intelligence and how it can prevent frauds. International Journal for Research in Applied Science & Engineering Technology, 10(9), 1368–1371. https://doi.org/10.22214/ijraset.2022.46268 [in English].
Kilani, H., & Qusef, A. (2021). OSINT techniques integration with risk assessment ISO/IEC 27001. In Proceedings of the 2021 6th International Conference on Information Systems Engineering (pp. 1–6). https://doi.org/10.1145/3460620.3460736 [in English].
Yadav, A., Kumar, A., & Singh, V. (2023). Open-source intelligence: A comprehensive review of the current state, applications and future perspectives in cyber security. Artificial Intelligence Review, 56, Article 1–38. https://doi.org/10.1007/s10462-023-10454-y [in English].
Brunner-Sperdin, A., & Situm, M. (2024). Private social media usage of employees: Implications for corporate risk management to protect corporate reputation. Journal of General Management. Advance online publication. https://doi.org/10.1177/03063070241297372 [in English].
Singh, P., Kumar, M., Sharma, N., & Kumar, P. (2025). Study of cyber threat intelligence, risk management and methods. Journal of Information and Optimization Sciences. Advance online publication. https://doi.org/10.47974/JIOS-1852 [in English].
El Amin, H., Samhat, A. E., Chamoun, M., Oueidat, L., & Feghali, A. (2024). An integrated approach to cyber risk management with cyber threat intelligence framework to secure critical infrastructure. Journal of Cybersecurity and Privacy, 4(2), 357–381. https://doi.org/10.3390/jcp4020018 [in English].
Rajamäki, J., & McMenamin, S. (2024). Utilization and sharing of cyber threat intelligence produced by opensource intelligence. In Proceedings of the 19th International Conference on Cyber Warfare and Security (pp. 341–349). https://doi.org/10.34190/iccws.19.1.2069 [in English].
Samad, M. Y., Ningtiyas, B. K., Fiqih, Rosny, F., & Permatasari, D. A. (2024). Anticipating cyber espionage: Open source intelligence (OSINT) investigation and cyber counterintelligence. Journal of Information Systems and Technology, 2(2). https://doi.org/10.31599/288ab341 [in English].
Pervez, M. H., Ecevit, M. İ., Naqvi, N. Z., Creutzburg, R., & Dag, H. (2023). Towards better cyber security consciousness: The ease and danger of OSINT tools in exposing critical infrastructure vulnerabilities. In Proceedings of the 8th International Conference on Ubiquitous and Future Networks (pp. 1–6). https://doi.org/10.1109/UBMK59864.2023.10286573 [in English].
Szymoniak, S., Foks, K., & Pyrkosz-Dziubczyk, A. (2025). Application of OSINT methods in ensuring cybersecurity. IPSI Transactions on Internet Research. https://doi.org/10.58245/ipsi.tir.2502.05 [in English].
Rheault, E., Nerayo, M., Leonard, J., Kolenbrander, J., Henshaw, C., Boswell, M., & Michaels, A. J. (2024). Use and Abuse of Personal Information, Part I: Design of a Scalable OSINT Collection Engine. Journal of Cybersecurity and Privacy, 4(3), 572–593. https://doi.org/10.3390/jcp4030027 [in English].
Shoaei, F., Pishdar, M., Bag-Mohammadi, M., & Karami, M. (2026). LROO Rug Pull Detector: A Leakage-Resistant Framework Based on On-Chain and OSINT Signals. arXiv preprint arXiv:2603.11324. https://doi.org/10.48550/arXiv.2603.11324 [in English].
Chen, X., Feng, X., Chen, S., Maitre, M., Rakshit, S., Duvieilh, D., Picone, A., & Tang, N. (2026). CyberThreat-Eval: Can Large Language Models Automate Real-World Threat Research? arXiv preprint arXiv:2603.09452. https://doi.org/10.48550/arXiv.2603.09452 [in English].
Shoaei, F., Pishdar, M., Bag-Mohammadi, M., & Karami, M. (2026). TM-RUGPULL: A Temporally Sound, Multimodal Dataset for Early Detection of RUG Pulls Across the Tokenized Ecosystem. arXiv preprint arXiv:2602.21529. https://doi.org/10.48550/arXiv.2602.21529 [in English].
de Jong, A., Cascavilla, G., & De Pascale, J. (2026). Breadcrumbs in the Digital Forest: Tracing Criminals through Torrent Metadata with OSINT. arXiv preprint arXiv:2601.01492. https://doi.org/10.48550/arXiv.2601.01492 [in English].
