What to do upon Intrusion Detection?

So, the NetAdmin has done quite a bit of homework (read lots of TechRepublic papers, etc. on how to setup security) and feels pretty good about the existing security policy, then the question is asked…What ACTIONS DO YOU TAKE upon intrusion detection?

Are there any templates or guidelines that would be useful to develop a policy/procedure(s) for WHAT TO DO, if and when an intrusion or intrusion attempt has been detected?

Thanks,

TomW / NavTec