NIST Cybersecurity framework

• identify  protect detect respond recover
• exploit code determines effectness
• E-mail, web isolation -> docker as rendering proxy
• SOC vs CISRT (CERT)
• Indicator of Compromise (IOC, pattern, hash based)
• Indicator of Attack (IOA, malicious behavior checks)