5. Consider what could be included in Open Source Intelligence data sets (AC 1.5)

Open source Intelligence (OSINT) refers to information that is available to the public. The important thing about OSINT is that this information is accessible to anyone who know where to look. OSINT can come from various places, the news website, social media posts, public records and databases. It's often used by analysts and security professionals to gather important data on potential threats, trends or even the activities of individuals or organisations.

One of the main sources of OSINT is the internet itself. This includes things like online news articles, blogs and other public publications. These sources can give valuable insights into current event, potential risks, or emerging threats. Social media can be a enormous source of information if you know where to look. Whether it's Twitter (now called X), Facebook or Instagram, people share a lot about their personal lives, about work, their opinions and sometimes even things that hint at bigger threats or issues. Some tools are designed to filter and gather this information efficiently, helping analysts see patterns or threats before they become a major issue.

GPS data, census data and public records. These can be incredibly useful for tracking movements, understanding demographics and learning more about particular company or individual's background. Another critical resource are malware repositories and exploit databases, which are publicly available collections of known security vulnerabilities and malicious software. These can help security professionals understand current threats or potential attacks that are circulating.

The deep web and dark we are also sources of OSINT, although a trickier to access and use. The deep web includes all the web pages that aren't indexed by search engines, and while not all of it is malicious it's a goldmine for those looking for detailed, often overlooked information. The dark web, can be more dangerous, being home to illicit activity, but it's still a place where critical threat data might be found.

Tools and software can be used to collect and analyse all this information, whether it's free or require a paid subscription. The key to any data collection process, is making sure the sources are reliable. If you pull information from unreliable sources, you might end up wasting time or even making incorrect decisions. It's also essential to follow legal guidelines like GDRP when gathering and using OSINT, ensuring that personal privacy is respected and no laws are broken in the process.