Security teams can learn from the military about the importance of standard operating procedures. “SOPs” document prescribed methods for carrying out an activity or responding to a difficult situation. By establishing specific processes for conducting threat intelligence research, security teams can more quickly determine whether a compromise has occurred, and if so, its scope and impact. Answering the following questions about each indicator can help establish SOPs: IP addresses, domain names, URLs, file names and malware hashes. These questions indicate the need for SOPS that help identify the presence of compromise indicators in an organization’s IT environment.”]