“…For instance, NIST, in its special publication SP 800-61, defines five phases: (i) preparation, (ii) detection and analysis, (iii) containment, (iv) eradication and recovery, and (v) post-incident [43], [44]. In particular, the post-incident phase constitutes the final phase once an incident has been resolved.…”