Discussion Board Question: From your readings of pages 1 – 21 of the NIST Cybersecurity Framework, what benefit can organizations gain from using this framework, and how would you use it at your future workplace?

A benefit organizations can gain from using the NIST Cybersecurity Framework is the ability to effectively and efficiently solve a problem and have the best outcome and results. The NIST Cybersecurity Framework is mainly used to help reduce any potential risk or problem relating to Cybersecurity. The NIST Cybersecurity Framework consists of core elements that work together ensure that the framework is successful. The core elements are Functions, Categories, Subcategories, and Informative References. The NIST Cybersecurity Framework consists of five different functions that are used to combat a Cybersecurity issue. The functions are used to organize the cybersecurity activities. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Functions organize basic cybersecurity activities at their highest level.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The five functions are Identify, Protect, Detect, Respond, and Recover. The first function of the NIST Cybersecurity Framework is called Identify. Identify is used to develop a basic understanding to help manage any potential Cybersecurity risks to people, systems, data, etc. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Identify – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The second function of the NIST Cybersecurity Framework is called Protect. Protect is used to place in protocols to carry out critical services and prepares for any worst case scenario. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Protect – Develop and implement appropriate safeguards to ensure delivery of critical services.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The third function of the NIST Cybersecurity Framework is called Detect. Detect is used to scan to see if there is any suspicious activity of a Cybersecurity event and to implement any necessary policies. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Detect – Develop and implement appropriate activities to identify the occurrence of a “cybersecurity event.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The fourth function of the NIST Cybersecurity Framework is called Respond. Respond is used to take action and to fix the cybersecurity incident using the necessary protocols. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Respond – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The final function of the NIST Cybersecurity Framework is called Recover. Recover is used to see if there were any services were lost due to a Cybersecurity incident. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The next core element is Categories. Categories is a section that provides subpoints for each function into groups of a Cybersecurity outcomes. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Categories are the subdivisions of a Function into groups of cybersecurity outcomes closely tied to programmatic needs and particular activities.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The next core element is Subcategories. Subcategories divide a Category into a specific Cybersecurity technical or management activities/outcomes that provides results of an achievement. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, “Subcategories further divide a Category into specific outcomes of technical and/or management activities. They provide a set of results that, while not exhaustive, help support achievement of the outcomes in each Category.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). The final core element is Informative References. Informative References are sections that are made up of standards and guidelines to help achieve outcomes that are under each Subcategory. According to the article, “Framework for Improving Critical Infrastructure Cybersecurity”, Informative References are specific sections of standards, guidelines, and practices common among critical infrastructure sectors that illustrate a method to achieve the outcomes associated with each Subcategory.” (Framework for Improving Critical Infrastructure Cybersecurity, 2018). In the future, I would like to get a job in the Cybersecurity field, particularly as a Customer Service and Technical Support Associate. I will definitely use the NIST Cybersecurity Framework to help problem solve any Information technology issues in my workplace by using the different core elements regarding the NIST Cybersecurity Framework. For example, if I am having a problem with fixing a technical issue with a technology piece, such as a phone. I will first identify the issue of what is wrong with the phone, protect the phone by making sure there is not a virus on the phone, detect the issue, respond by fixing the issue that is wrong with the phone, and recover any missing any data. The NIST Cybersecurity Framework is essential for any job because it can solve any workplace problem with a series of steps, which is a recipe for success in the future.

Reference

National Institute of Standards and Technology. (2018, April 16). Framework for Improving Critical Infrastructure Cybersecurity. Google Drive. https://drive.google.com/file/d/1wPp9kofp-gdlu3NAisszeM8d8ko1djF1/view