2 min read

Behavioral Threat Assessment and Open-Source Intelligence Gathering

Behavioral Threat Assessment and Open-Source Intelligence Gathering | Avertere.com

A Behavioral Threat Assessment (BTA) program identifies and evaluates individuals who may pose a threat of violence or harm to themselves or others. A BTA program aims to intervene and manage the risk of harm before it occurs.

K-12 administrators and faculty members should receive training on a behavioral threat assessment program because they are often the first defense when identifying and addressing potential threats in the school community. They are in a position to observe and interact with students daily and may be able to identify behavior that could indicate a potential threat.

Parents may be concerned about a behavioral threat assessment program, particularly if they feel their children’s privacy or rights are being violated. It is vital for schools to communicate the purpose and scope of the program to parents and to assure them that it is being implemented responsibly and respectfully.

There may also be regulatory concerns surrounding a behavioral threat assessment program, as schools must adhere to various laws and regulations related to student privacy and due process. Schools should consult legal counsel to ensure their program complies with all applicable laws and regulations.

PROS AND CONS

The pros of a behavioral threat assessment program include that it can help to identify and intervene with individuals who may pose a risk of violence or harm. It can also help to create a safer and more secure school environment. The cons of such a program may include the potential for intrusion into a person’s online persona or the possibility of false positives.

To develop a robust BTA program, it is essential to:

  1. Clearly define the purpose and scope of the program
  2. Develop a comprehensive and structured process for identifying and evaluating the potential threat
  3. Establish protocols for managing and mitigating identified risks
  4. Ensure that the program is compliant with all applicable laws and regulations
  5. Communicate the program to all stakeholders, including faculty, staff, students, and parents.

Open-Source Intelligence to Augment Behavioral threat assessments

Avertere offers a School Security Operations Center (S-SOC) that performs investigations by leveraging Open-Source Intelligence Gathering (OSINT) to augment the BTA program.

OSINT is the process of collecting, analyzing, and disseminating information that is publicly available and legally obtained. This includes information from the internet, social media, news articles, public records, and other sources that are not classified or restricted.

A Cyber Threat Intelligence (CTI) analyst can use OSINT to identify potential human threats or indicators of suspicious behavior for K12 Administrators and Faculty by:

  1. Monitoring social media profiles and activity: A CTI analyst can monitor social media profiles, such as WhatsApp, TikTok, Twitter, Facebook, Instagram, Snapchat, and LinkedIn, to identify potential threats or suspicious activity. This can include individuals posting threatening or malicious content or exhibiting behavior that could be indicative of malicious intent.

  2. Conducting online research: A CTI analyst can conduct online research to identify potential threats or suspicious activity. This can include looking for news articles or public records related to an individual or group or searching for specific keywords or phrases indicative of malicious intent.

  3. Utilizing threat intelligence feeds: A CTI analyst can use threat intelligence feeds, such as those provided by the Department of Homeland Security or other cyber intelligence agencies, to identify potential threats or suspicious activity. These feeds often contain information on known cyber threats and indicators of compromise, which can help a CTI analyst identify potential threats or suspicious behavior.

  4. Analyzing email and network traffic: A CTI analyst can analyze data within the school's network to identify potential threats or suspicious activity. This can include looking for patterns of activity or unusual spikes in traffic, which could indicate the presence of malware or other malicious activity.

Overall, OSINT is a valuable tool for CTI analysts in identifying potential human threats or indicators of suspicious behavior. Using various sources and techniques, a CTI analyst can gather the necessary information to help protect K12 Administrators and Faculty from potential cyber threats. The CTI analysts can use the observable data and input early warning indicators across other technical controls that would alert upon validation of observed concern for a proactive response.

Why Avertere?

Avertere is a complete Cybersecurity consulting and services firm dedicated solely to student and administrative safety within the education sector. We want to bring security to all schools and converge physical and Cybersecurity services on behalf of the education sector, so our teachers can focus on teaching.

Understanding School Cybersecurity: How to Start & Stay Safe

Understanding School Cybersecurity: How to Start & Stay Safe

If you’ve been following Avertere's blogs, you likely know a thing or two about online threats aimed at educational settings like schools. But,...

Read More
Shielding Our Schools: Unpacking MITRE D3FEND for K12 Cybersecurity

Shielding Our Schools: Unpacking MITRE D3FEND for K12 Cybersecurity

Greetings, K12 School champions! Our recent explorations, “How to Spot Cyber Threats that Could Harm Schools” and “Cyber Threats to Edu Cloud...

Read More
Cyber Threats to Edu Cloud Platforms: Google Workspace

Cyber Threats to Edu Cloud Platforms: Google Workspace

In a previous blog, we delved into identifying cyber threats to schools and how they cause impact using MITRE ATT&CK. Today, we narrow down our focus...

Read More