Many faults and errors can occur during the day-to-day operation of IT and ICS components. In such cases, security incidents may not be identified as such by personnel and cyber attacks (or related attempts) could go undetected. It is sometimes not easy to differentiate between security incidents and technical faults. If users and administrators are not specifically trained to recognise security incidents and react to them appropriately, vulnerabilities can remain undetected and be exploited. If security incidents are recognised too late or not at all, effective countermeasures cannot be taken in time. Small vulnerabilities in an organisation can grow into critical threats to integrity, confidentiality, and availability. This can hamper business processes, cause financial damage, or lead to regulatory and legal sanctions.