Executive Summary
Open-source intelligence (OSINT) is the collection and analysis of publicly available information. Investigators and security teams rely on it daily; attackers rely on it for the same reason: it is accurate, abundant, and free. Reconnaissance opens the cyber kill chain. Adversaries piece together fragments of public data into detailed profiles of an organization, its technology, and its people, then turn those profiles into spear-phishing, social engineering, and technical exploits without touching the target’s perimeter. In the 2023 MGM Resorts and Caesars intrusions, Scattered Spider used LinkedIn data to impersonate staff convincingly enough to get past the IT help desk, and the same playbook took down UK retailers including Marks & Spencer in 2025, at a cost in the hundreds of millions of pounds.
The business risk is direct. An expanded digital footprint can reveal employee names and addresses, the technology stack, supplier relationships, and even staff photo identification: a roadmap for an attack. Exposed addresses feed credential stuffing, public detail about executives feeds business email compromise, and with enough minor personal detail a criminal can pose convincingly as a colleague or a trusted vendor.
Exposure carries physical consequences as well. High-profile executives are targets of doxing campaigns that publish home addresses, family details, and travel patterns. The murder of Brian Thompson, the CEO of UnitedHealthcare, in December 2024 is the starkest recent example: the attacker planned around a publicly announced investor conference and was waiting outside the venue. Ransomware crews now bring the same leverage into negotiation: Semperis’ 2025 ransomware study found physical threats against staff in 40% of attacks as criminals look for new ways to force payment, intimidation assembled from the same public fuel of addresses, family ties, and routines.
For organizations, other impacts of unmanaged OSINT risk include:
Financial losses
Fraud, scams, or competitive disadvantage.
Reputational damage
Leaks or misinformation spreading publicly.
Legal & compliance issues
When sensitive data like customer information is exposed.
Cybersecurity incidents
Enabled by leaked infrastructure details, or social engineering.
Framework Positioning
The OSINT Defense & Security Framework (ODSF) is an open OSINT risk management framework created by Ray Heffer and published by PsySecure. It counters a specific and growing pattern: adversaries weaponizing public information against an organization’s most valuable asset, its people.
ODSF treats organization-wide OSINT exposure as the managed object: five focus areas, 34 subcategories, and 150 controls, each carrying a compact evidence core and organization-size applicability, with a published scoring rubric, a framework-level threat model, and a baseline subset for small organizations. Every security control rests on assumptions about what an attacker cannot know, and public information breaks those assumptions silently; ODSF names this the Control Confidence Gap and uses it to prioritize what gets fixed first. Each focus area carries category-level orientation to NIST CSF 2.0, and control-level crosswalks to external standards ship separately as ODSF mapping packs.
The framework is openly licensed under CC BY 4.0: adopt it, adapt it, and build on it with attribution, while PsySecure maintains the canonical source and version governance.
Framework Structure
The OSINT Defense & Security Framework is organized into five distinct Focus Areas, each owning one aspect of OSINT risk management:
Digital Footprint Reduction
Minimizing the public exposure of sensitive or critical information related to the organization and its people. This includes controlling what information appears in search results, social media platforms, and public databases. Organizations learn to systematically identify and reduce unnecessary data exposure while maintaining operational effectiveness.
Social Engineering Defense
Preparing defenses for the human element and processes to resist attacks leveraging OSINT. This encompasses security awareness training specifically focused on OSINT threats and establishing protocols to verify requests for sensitive information. Teams develop skills to recognize and respond to sophisticated social engineering attempts.
Technology Exposure Management
Controlling and hardening the organization's technical attack surface that is discoverable via OSINT tools. This includes managing publicly visible infrastructure details, service enumeration, and technology stack information. Organizations implement controls to reduce technical intelligence available to adversaries during reconnaissance.
Executive Exposure Protection
Special safeguards for high-profile individuals such as executives and board members who face elevated OSINT targeting and personal risk. This includes personal-account and recovery hardening, telecom and SIM-swap protection, consent-scoped household exposure governance, travel and calendar exposure, and impersonation response.
Continuous Monitoring and Response
Ongoing surveillance of public data for emerging threats or leaks, and the capability to respond rapidly. This includes monitoring for data breaches, leaked credentials, and emerging threat intelligence related to your organization. Organizations establish processes for detection, assessment, and mitigation of OSINT-based risks.
Each focus area divides into subcategories, and each subcategory states an objective and contains controls. Control descriptions state the outcome an organization implements; implementation guidance shows how that outcome can be achieved, and each control names the two or three evidence fields that prove it. The framework also ships its interpretation conventions, a framework-level threat model with five adversary archetypes, a glossary of load-bearing terms, a scoring rubric with a reference severity method, and a 27-control baseline subset recommended as the starting point for small organizations, with a documented consultancy-delivered path for the smallest.
Implementation Philosophy
Maintaining a defensive posture with ODSF is an ongoing cycle of assessment, reduction, monitoring, and adaptation. As one industry expert noted, “Smaller, well-managed digital footprints offer fewer opportunities for exploitation”. Public information regenerates: marketing publishes, employees post, vendors leak, data brokers re-list.
Organizations that apply the controls on a cadence make OSINT collection expensive, slow, and unreliable for the adversary, and the effect compounds: each closed exposure removes raw material a later attack would have used.
Ray HefferAuthor, OSINT Defense & Security Framework
Get the Framework
The complete framework, with every focus area, subcategory, control, and implementation guidance, ships as two documents: a designed PDF for reading and the canonical JSON for tooling. Both are free under CC BY 4.0. Start with the five focus areas, then the baseline subset, then the full catalog. If you arrived here from a link into the old framework catalog at odsf.psysecure.com, these downloads are the complete current framework.
Current version: 0.3.0 (Public Draft), released June 11, 2026 (changelog)
License: Creative Commons Attribution 4.0 International (CC BY 4.0)
Attribution: OSINT Defense & Security Framework (ODSF) v0.3.0. Author: Ray Heffer; Publisher: PsySecure. Source: https://psysecure.com/odsf/. License: CC BY 4.0.
Stable links for citation: psysecure.com/odsf/pdf and psysecure.com/odsf/json always point at the current version.
Further Reading
To learn more about OSINT threats and defensive strategies: