International Conference on Military and Security Studies-2015 1 Abstract— Enlargement of cyber space has increased the level and amount of cyber risk. Commensurate with the growing risk in Information Communication Technology (ICT), many countries have prepared their national cyber security strategies. The complexity in cyber attacks, cyber espionage activities have demonstrated that not only the national critical infrastructures are on the target, but also the institutions are. Having a national level cybersecurity strategy document could not prevent cyber attacks targeting institutions. Therefore, institutions should also have a robust cyber security strategy, roadmap and action plan in order to stand firmly against emerging cyber risks. It has become a real fact that protecting critical infrastructures and assets will be key issues that leaders should permanently take into account whether they are being a CEO of an organization or a general commanding a troop. From this point of view, we tried to shed light on some possible cyber risks that how cyber criminals can exploit. Via open source intelligence and social networks, employees, managers and even system administrators can be exposed to hacking and cyber intelligence activities. In this study, we have made a case study by using open source intelligence and social networks in order to emphasize and show how institutions are vulnerable to possible cyber attacks and cyber intelligence activities. Index Terms— Institutional Cybersecurity, Social Networks, Open Source Information Gathering Techniques, Metadata. I. INTRODUCTION he use of information communication technologies (ICT), ranging from merely a smart phone to national assets like critical infrastructures, have been increasing day by day around the world. Along with the widespread use of ICT, cyber risks have been rising in accordance. Reaching the 1 billion points in 2012, the global smart phone users are Cpt. Muhammer Karaman, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398-0100/3504, İstanbul-Turkey, email: muammerkaraman29@gmail.com) Cpt. Hayrettin Çatalkaya, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398- 0100/3504, İstanbul-Turkey, email: hcatalkaya@gmail.com) expected to reach 1.75 million in the current year. It is also expected that more than 2.23 billion people around the world or approximately half of the mobile phone users will connect internet via mobile devices in following years. [1] In this complex and enlarging cyber environment, how institutions will manage to protect themselves against cyber related activities (ranging from commercial use of personal information, open source information gathering, to cyber espionage efforts? In this study we tried to define how information gathering techniques via open source can give valuable information about employees to cyber criminals and then we recommended several counter measures against these activities. The organization of this study is handled in four sections. In Section 2, we tried to define institutional cyber security, its components, dilemmas and importance for a nation. In Section 3, we gave some information about open source intelligence (OSINT) gathering techniques through internet and social networks and executed a case study. In that case study, we used some freeware tools and gathered information and analyzed the results and put light on possible major cyber incidents. Finally in Section 4, we have pointed out that some essential cybersecurity measures and processes that should be handled both technically and administratively. II. METHODS Expansion of cyberspace and the increasing use of smart devices have made us to reevaluate the cybersecurity not only from governmental level but also from institutional perspective. Thus, the institutional cyber security can be defined as the capability that consist of information security components and procedures, provides cooperation with partners and government authorities and handles top down cyber security situational awareness [2]. Generally the first step against global cyber threats is seen as forming a national level cybersecurity strategy. In government level strategies, the risks are put forward, critical infrastructures are emphasized, action plans and measures are discussed and specified. When we move down from government level to institutional level, it is hardly possible to Institutional Cybersecurity: A Case Study of Open Source Intelligence and Social Networks M. Karaman, H. Çatalkaya T