Cybersecurity incident response: Before, during and after