Identify business processes/tempo

Understanding an organizations business processes and tempo may allow an adversary to more effectively craft social engineering attempts or to better hide technical actions, such as those that generate network traffic. [1] [2]

ID: T1280
Sub-techniques:  No sub-techniques
Tactic: Organizational Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Current or previous employees may divulge information on the Internet. If insiders are used, the defender may have policies or tools in place to detect loss of this data or knowledge.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: In some cases, this requires some insider knowledge or specialized access to learn when critical operations occur in a corporation. For publicly traded US corporations, there is a lot of open source information about their financial reporting obligations (per SEC). Companies announce their annual shareholder meeting and their quarter phone calls with investors. Information such as this can help the adversary to glean certain aspects of the business processes and/or rhythm.


  1. Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017.
  1. InfoSec Institute. (2013, September 11). OSINT (Open-Source Intelligence). Retrieved May 9, 2017.