Case study: A recent cyber security risk analysis identified a ransomware via spear-phishing to be a significant business risk to XYZ Realty Group (XYZRG). The chief information security officer (CISO) has advised XYZRG management and was given the go-ahead to institute a thorough SEAT programme and a comprehensive incident response plan to adequately deal with a ransomware attack. You have been hired by XYZRG to develop a cybersecurity incident response plan based on the NIST Incident Response framework.

You will use the NIST Incident Response framework to develop a cybersecurity incident
response plan. Answer the following questions.
2.1 Create a visual representation (diagram) of the cybersecurity incident response plan's
critical phases. Give a brief explanation of the important message conveyed by the
diagram.
2.2 Using the diagram above, briefly describe the incident response steps taken by the
security incident response team after a critical data breach is detected.
2.3 Explain how the information gathered during the incident response process will be
used.
Your response to the above questions must be supported by references, theory and
demonstrate application of critical thinking skills.

Q2.1: Diagrammatic representation of IRP phases.
Figure 1: Provide caption here
• Provide the caption to the figure
• Give a brief explanation of the important message conveyed by the diagram.
Q2.2: Explanation of incident response steps
• Using the diagram above, briefly describe the incident response steps taken by the
security incident response team after a critical data breach is detected.
Q2.3: Explanation of information gathered
• Explain how the information gathered during the incident response process will be
used.