The NIST Cybersecurity Framework is used to find, protect, respond, and tackle threats in a bid to achieve specific cybersecurity outcomes. Organizations applying the framework will benefit from its systematic process of risk assessment and management while acting as an overlay to determine gaps and provide a roadmap for improvements (National Institute of Standards and Technology, 2018, p.13). This will see improvement and reinforcement of existing cybersecurity programs and better prioritization of functions and critical services, reducing expenditures and maximizing effectiveness. Secondly, the NIST Cybersecurity framework can be applied throughout all life cycles from planning, building, deployment, and operation to decomposition, allowing it to lay the groundwork for every process. This enhances the performance and effectiveness of cybersecurity processes. Thirdly, the framework measures and assigns values of the risk alongside developing the cost and benefits of the processes undertaken to reduce risks and inform on acceptable levels of risks (National Institute of Standards and Technology, 2018, p.19). As such, it provides an effective way to measure the risks, costs, and benefits of cybersecurity strategies, aiding more rational and cost-effective cybersecurity approaches, decision-making, and investments.


Reference
National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology. Retrieved from https://doi.org/10.6028/NIST.CSWP.04162018