THE NICHE OF NIST

I believe that the NIST CSF benefits organizations that use it in more ways than one.
1. Cost effective. Because the NIST CSF is voluntary, it is free. Therefor organizations can implement at their own pace and costs opposed to other frameworks (e.g., ISO 27001) that requires audits and certifications.
2. Longevity. NIST CSF can be implemented and used to improve an organization through all phases and is adaptive for the constant evolution of cybersecurity.
3. Liaison between techies & businessmen. In section 3.3 of the assigned reading it touches on this by explaining the use of the different profiles/tiers in the framework.
Overall, I feel that the main benefit of the NIST CSF is flexibility. From the cost, adaptiveness, tier assessment, profiles, and overall framework, I feel that any business can benefit from using The NIST CSF because it’s a perfect combination of cybersecurity and risk management.
I would use this at my future workplace as an assessment to where the company currently is within the scope of cybersecurity and a guide to the overall improvement of the cyber risk management of the company. Hopefully, I’ll save the company a lot of money, time, and turmoil. In return, I should get a raise!