Determine centralization of IT management

Determining if a "corporate" help desk exists, the degree of access and control it has, and whether there are "edge" units that may have different support processes and standards. [1]

ID: T1285
Sub-techniques:  No sub-techniques
Tactic: Organizational Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: No technical means to detect an adversary collecting information about a target. Any detection would be based upon strong OPSEC policy implementation.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Requires an adversary to undergo a research process to learn the internal workings of an organization. An adversary can do this by social engineering individuals in the company by claiming to need to find information for the help desk, or through social engineering of former employees or business partners.


  1. Scott Rasmussen. (2002, January 28). Centralized Network Security Management: Combining Defense In Depth with Manageable Security. Retrieved March 5, 2017.