To limit damage and prevent further harm, detected security incidents must be handled quickly and efficiently. To this end, a predefined and tested …