Q:

From your readings of pages 1 – 21 of the NIST Cybersecurity Framework, what benefit can organizations gain from using this framework, and how would you use it at your future workplace?

The NIST Cybersecurity Framework is a living, constantly evolving document that is regularly updated by the NIST (National Institute of Standards and Technology). It was created with a mission at hand: to assist companies, organizations and businesses of most sizes, location and/or sophistication with drafting up or bolstering their own plans of action when it comes to the identification, analysis management and response to cybersecurity risks. In a way, it acts as a list of standards or guidelines for organizations to reference when figuring out how they want to address cybersecurity, which is the main benefit and use of the Framework. It can be used to strengthen existing cybersecurity policies, systems or protocols a company may already have in place, or it can be used as a guide for a business that has little or no cybersecurity in effect. There are many methods of application that utilize the document for many different organizations. Because of the ever-changing nature of the cybersecurity and technology field, the Framework will not always apply to every problem that companies will face. However, as I’ve stated before, the document is updated regularly. This is done to address new ubiquitous cybersecurity problems that come up so organizations have a reference when they must deal with those problems.

If I was in a position to make executive decisions on cybersecurity plans-of-action at my future workplace, I would absolutely consult the Framework for ideas or help either first or soon after that. For example, if my workplace began seeing various workstations with new or unknown software installed without my prior knowledge, I’d do as the Framework suggests in clause ID.AM-2 and create a new policy for myself and other network administrators to routinely survey devices in the network and inventory all applications and software that are downloaded. From there, we’d uninstall unnecessary or potentially malicious software programs and make sure each device is outfitted with the software it needs for daily function of the business.