Includes the monitoring of a computer system or network and the ascertaining of anomalies or a series of activities indicating that a break-in is occurring. Without detection software, companies, medical and educational institutions, and government agencies would not be able to tell when they have had a security incident or when the security incident began. In short, detection tools look for the unusual and the unexpected. Note, however, that even though detection software can reduce the amount of information that system administrators are required to process, they must still assess the seriousness of the intrusion to determine what next steps need to be taken, including whether to contact law enforcement agents. Pipkin, D.L. Halting the Hacker: A Practical Guide to Computer Security. Upper Saddle River, NJ: Prentice Hall, 2003.