Since the NIST Cybersecurity Framework was formally introduced, it has provided businesses of all shapes and sizes with a globally standardized methodology to identify and manage cybersecurity risks. Not only does this allow a business to tailor its’ resources to provide a most cost effective strategy, it also creates a common language so that all levels of management are able to make the best risk decisions.

Given the broad spectrum of cybersecurity, this framework additionally breaks down into functional areas, categories, and subcategories, providing an even more granular look into internal assets, potential threats, and response plans. Perhaps the best part about this framework, is that it is absolutely free.

Practical use of the NIST Cybersecurity Framework:

Following the framework itself into a new place of employment, I would flesh out the profile of my organization (identify what my organization needs, what are the inherent risks, and what risks are acceptable?), with the end goal of having a roadmap that both meets my organizational needs, and best aligns with the most up to date cybersecurity practices. Ultimately, cybersecurity isn’t a static idea; it is one that is constantly changes and requires security professionals who are motivated to stay ahead of the curve.