If a person is working at or owns share or portion of a business/ company, they are considered stakeholders in that business. Stakeholders should be doing everything to mitigate risk in their company to be profitable and to thrive. “The Framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders” (NIST, pg 6). The Framework benefits a company or organization by laying out the details in their cyber protection by identifying and prioritizing actions to mitigate any risk or liability. It is also a tool for aligning policies, business methods and new tech throughout the organization.

The Framework has a series of elements and tiers and profiles of information that travels through all facets of an organization. For example, the operations level of a company implements a profile, a vulnerability or threat is identified, the business level will then assign a tier for the profile and develop the information. That information is then assessed and identified with a risk and sent to the senior executive level that issue out priorities. The priorities are then sent back down to the business level and operations level.

I would use this in my future workplace to prioritize my focus. My work in the Marines utilizes the pass of information the same way in every job field. Operations finds targets/vulnerabilities, give information up to their commanding officers in the field who form a battle plan. That plan is sent from there to the commander of the area of operations. The information is assessed and priorities of missions are sent back down and disseminated to the commanding officers who then brief the troops on what’s next.

Citation

Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. (2018). doi:10.6028/nist.cswp.04162018