Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

Annex F. Intelligence Standard Operating Procedures

No: 43065348 Date(g): 27/2/2022 | Date(h): 26/7/1443 Status: In-Force
Below are listed some examples of how SOPs should help users when performing specific kind of threat intelligence. 
 
When performing deep and dark web intelligence, the step-by-step instructions should help users in identifying all the elements needed to properly conduct it, including but not limited to: 
 
 
  •  
Using a controlled isolated and untraceable environment such as a Virtual Machine (VM)
 
 
  •  
Update and collect a list of deep web and dark web forums and marketplaces
 
 
  •  
Create various avatars for access
 
Similarly, when performing Social Media Intelligence (SOCMINT), the step-by-step instructions should help in identifying all the elements needed to properly conduct it, for example: 
 
 
  •  
Providing users with a list of different types of sources and continuously updating this list (e.g. Blogs, microblogs, social networks, images, video, and discussion forums)
 
 
  •  
Conduct training on Social network and online video hosting and sharing platform (e.g. Twitter, Facebook, YouTube etc.)
 
 
  •  
Using social media tools when possible (commercial and open-source)
 
In the same way, when performing human intelligence (HUMINT), the step-by-step instructions should help users in identifying all the elements needed to properly conduct it, including but not limited to: 
 
 
  •  
Conduct ethics training for analysts performing active engagements online
 
 
  •  
Implement SOPs related to forum and marketplace accesses
 
 
  •  
Build an avatar for each access to avoid traceback
 
 
  •  
Understanding the difference between active and passive monitoring