As organizations around the world, whether for profit, non-profit, or government rely increasingly on networked systems to obtain and to provide goods and services, security of an organization's computing and networking systems (“cybersecurity”) is becoming increasingly important. Techniques to audit an organization's systems, including both hardware and software systems, are generally known. In some cases, however, performing a security audit of the organization's systems may not provide a comprehensive or accurate assessment of the security of those systems. One reason is that an organization likely has business relationships with several other organizations, such as affiliates, parts vendors, technology service providers, suppliers, distributors, customers, clients, accountants, lawyers, government regulators, etc. Personnel from these other business entities may regularly communicate with and access the organization's systems and/or data using public networks and/or the systems of those other business entities, which may not be audited and/or may not be secure. As such, in some cases, the assessment of security of the systems of an organization of interest can benefit from the knowledge of which other organizations regularly access its systems.
Obtaining this information is not an easy or a straightforward task, however. The organizations themselves can be complex, having a hierarchical structure of several business entities, and one or more of those entities may form business relationships with other business entities. Moreover, the business relations can be dynamic. They may form at different points in time and may become dormant or may cease to exist after some time.