Question:
What benefit can organizations gain from the NIST Cybersecurity Framework, and how would you use it at your future workplace?
My Response:
The NIST Cybersecurity Framework is a general guide on how a company should understand its current implementation of cybersecurity and how it could implement a new cybersecurity protocol. There are a lot of benefits to having a framework that businesses new or old can reference when assessing their systems or implementing new cybersecurity systems to better protect their business. However in my opinion this shouldn’t just be a basic framework, this should be a business standard, and having a tier-one cybersecurity network should be required or the business should lose its license or be fined. In this current digital era information is the new gold currency and if a business has any sort of confidential information it stands to reason that it would be well protected. If not hackers would have a field day reckoning havoc on their systems and stealing not just employee data but user’s data. In my ideal work environment, I would use the framework’s assessment measures to compare our current profile to a new potential profile that would be designed. Ideally, when I make it higher on the company ladder I would shoot for establishing a new profile to implement to get the company to a tier four adaptive if the business isn’t already there. The great benefit about this document is that it is constantly being updated with the best practices in the industry so if a large attack happens again this document should be updated a few years down the line with better procedures.
Classmates DB:
The benefits Organizations gain from the NIST Cybersecurity Framework are several as are the uses in the workplace. For instance, the core of the framework shows the company’s risk in cybersecurity in a high-level strategic view. You can also use the framework profile to represent outcomes and show places where you can grow and develop to reach a more stable and secure profile called target profile. Another benefit is by selecting the tier specifically the organization can value or devalue what their security is worth. Meaning they can beef up their internet security as needed and stay within their budget. You can also use this to your advantage in the workplace to boost yourself or maybe just boost your job security. If you understand the tiers and your company’s current security, you can suggest a boost or a decrease depending on the job’s status. You can then use this as a launching point for your career to help boost yourself to a higher role in your job. Respectfully of course in doing this, you will be bumping someone out of a job but for the greater good, it might be worth it. Another spot was the NIST Cybersecurity Framework. If you have knowledge of it, you can use it to evaluate your company to evaluate your job.
My response:
I agree with Elijah, however looking at the cost is an important goal of the NIST Framework, however smaller businesses need to understand that they cannot skimp on the cost for implementing a new and better system and I think that is one of the shortcomings of this document. The NIST Framework says that it can be used by any business or organization that is big or small however in the example implementations it seems like all the examples are directed towards a large corporation that has the funding and manpower to make the change over to a new and better system. I believe that the document should have its own section or example to best show what a smaller business should do when trying to implement a new profile and how it should say that even though it’s a small business it should try to invest in a strong cybersecurity system.