What supports an organization in making risk management decisions to address their security posture in real time?

When should event analysis be performed?

What type of system processes information, the loss of which would have a debilitating impact to an organization?

Which mechanism within the NIST Cybersecurity Framework describes a method to capture the current state and define the target state for understanding gaps, exposure, and prioritize changes to mitigate risk?

The CSF recommends that the Communication Plan for an IRP include audience, method of communication, frequency, and what other element?