In This Chapter

Gleaning information about your organization from the Internet

Web resources

Seeking out information you (and others) can benefit from

One of the most important aspects in determining how your organization is at risk is to find out what information is publically available about your business and your systems. Gathering this information is such an important part of your overall methodology that I thought the subject deserves a dedicated chapter. In this chapter, I outline some free and easy ways to see what the world sees about you and your organization. You may be tempted to bypass this exercise in favor of the cooler and sexier technical security flaws, but don’t fall into the trap. Gathering this type of information is critical and often where most security breaches begin.

Gathering Public Information

The amount of information you can gather about an organization’s business and information systems that is widely available on the Internet is staggering. To see for yourself, the techniques outlined in the following sections can be used to gather information about your own organization.