The Nist Cybersecurity framework can help refine an organization’s risk management process and uncover weaknesses in current activities. Although the framework is not a replacement for current cybersecurity processes, the framework can help organizations determine their current cybersecurity posture and identify a target state. Organizations can assess their approach to cybersecurity risk management with implementation tiers. Given the common terminologies provided in the framework, organizations have the tools to efficiently and effectively communicate risk and requirements with stakeholders. The NIST cybersecurity framework is an integral, live document that should be considered by all cybersecurity professionals when improving critical cybersecurity infrastructure.

In my future workplace, I will use the framework to assess the organizational approach to cybersecurity risk management with implementation tiers. Determining an implementation tier will supply information on how my workplace views cybersecurity risk and the procedures to manage risk. I will use the framework to complement current cybersecurity processes by referencing the desired outcomes in the core with current organizational cybersecurity outcomes. This will help me further analyze opportunities for improvement and understand the current cybersecurity posture within my workplace. With a better idea of the current posture and references to the framework core, I will also have the capabilities to efficiently communicate cybersecurity risks and requirements with stakeholders.