As the increase use critical infrastructures continues to rise, so does cyber attacks. With technology continuing to advance, cyber attacks are becoming more sophisticated, and complex. In response, the Cybersecurity Enhancement Act of 2014 updated the need to design a cybersecurity framework, to develop the strength of cybersecurity. In summary a cybersecurity framework serves a model for critical infrastructures, and other small business to strengthen and manage cyber risks. Before a organization can develop a framework, there must be an understanding on what drives the business. Also an organization needs to know what specific technologies they currently have. Every business has different priorities, systems, tools, and unique cyber risk. Though many businesses use different methods for their frameworks, but the idea for improved cybersecurity is the same.

There are three main aspects to a cybersecurity framework. These are the framework core, framework implementation tiers, and framework profile. The framework core is a set of wanted cybersecurity outcomes. This sets a guideline business to communicate with each other on the desired cybersecurity practice. Framework implementation tiers, offers an overview on how the business view their cybersecurity risks, and observe on their current cyber risk management. Finally, a Framework profile reveals the outcomes based on what a business has chosen as their needs and wants for cyber security risk management.

With the three main aspects of a cybersecurity framework, it provides a vast amount of benefits for critical infrastructures, and other organizations for cyber risk management. A framework doesn’t replace organizations already in placed security protocols, it complements, and improves upon it. It resembles a continuous life cycle of designing, planning, and deploying. In turn, an organization can continue improving upon their security programs. Another benefit a framework brings, is using it to compare other organizations cyber activities. Companies can use each other as a way to set standards, and find opportunities for improvements within their systems.

If ethical hacking is a career being pursued, the use of a framework can offer major benefits. For example, if a company wanted an ethical test their systems, knowing what the framework of the company is can make finding vulnerabilities easier. Meaning that if an organizations framework is weak, an ethical hacker can state what vulnerabilities they found, and suggest what improvements can be made to strengthen the framework. Also frameworks can be used in a way to further improve the ethical hackers skill. With increased hacking skills, it would also lead towards to stronger frameworks.

Overall, cybersecurity frameworks offers business a bounty of opportunities to strengthen their security systems. Like previously stated, using a framework is like a lifecycle. There’s always room for improvement, so using a framework can lead companies towards their desired cyber security goals.