“…We added categories to cover incident phases described in Section IV-C, i.e., Access Control, Anomaly Detection, Phenomenon Evaluation, Stopping from Propagating, Self-Adaptiveness, and Evidence. For each category, we went through existing studies and other sources [37], [38], [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57] to examine the completeness of the coverage by the standards and complement the missing pieces. All these recommendations were again validated against our inclusion and exclusion criteria.…”