IN THIS CHAPTER

Gleaning information about your organization from the Internet

Using Web resources

Seeking information that you (and others) can benefit from

One of the most important aspects in determining how your organization is at risk is finding out what information about your business and your systems is publicly available. Gathering this information is such an important part of your overall methodology that I think the subject deserves a dedicated chapter.

In this chapter, I outline some free, easy ways to see what the world sees about you and your organization. You may be tempted to bypass this exercise in favor of the cooler, sexier technical security flaws, but don’t fall into the trap. Gathering this type of information is critical and is often where many security breaches begin.

Gathering Public Information

The amount of information you can gather about an organization’s business and information systems from the Internet is staggering. To see for yourself, use the techniques outlined in the following sections to gather information about your own organization.