Once the system has been compromised, the intrusion needs to be confined. This can be accomplished by dividing the environment into a number of well defined components.
Also, an intruder is the best source of information on his intent. A security system could move the intruder to a play room. The play room is a copy of the original environment where similar, but non-critical, information is kept. The security system then logs the intruders actions. A review of the log, tells a lot about the scope of the intrusion.
In the play room, the security system, gives enough information to the intruder to discover intent without compromising more of the environment.