Instructions:

From your readings of pages 1 – 21 of the NIST Cybersecurity Framework, what benefit can organizations gain from using this framework, and how would you use it at your future workplace?

---

Organizations can use the NIST Framework to benefit them in many areas, such as effective cybersecurity goal setting, understanding how they are currently handling cybersecurity, and establishing and/or improving cybersecurity programs, just to name a few. The Framework Core is a very powerful tool for organizing cybersecurity goals for organizations. Having broader ideas with more specific subsections followed by outlined tasks including specific actions to complete those tasks really helps get the ball rolling towards the future. Getting an idea of how cybersecurity is currently handled in an organization is the first step to determining the next step in building up security. The Framework Implementation Tiers are exactly what organizations should look to in order to find where they are, and what level of security they strive to be at. Section 3.2 of the Framework describes the steps to establishing and/or improving cybersecurity programs. These steps can be summarized as follows: get an idea of the business side, what to protect and how, understand current situation, understand risks for assets, identify goals, form a plan to reach goals, and start working on it. This section can be revisited as many times as desired to keep improving cybersecurity. I could use the Framework to work with my employer to accomplish the above as well as other more specific things like identifying areas that my employer might be missing.