The NIST Cybersecurity Framework1 was created to establish standards in American information assurance and security posture. By using this framework, businesses can create plans that will benefit them and optimize their resources. Additionally, they can guarantee they are taking explicit steps towards success and assess their progress along the way. This will reduce (but not eliminate) their risk of being the victim of a cyberattack. If and when an incident occurs, it will ensure the proper response and recovery plans.

In my future workplace, I will use it to gain a better understanding of the business environment and how various aspects of the corporate world interact with each other. I will also make sure every move is in accordance with our interpretation of the framework. Every part of a company must be mindful of cybersecurity to achieve the highest level of information security possible.

More specifically, I might use this framework to evaluate a company’s needs and recommend plans and procedures to implement in the future in combination with other standards. For example, if I were assessing a hospital, the NIST Cybersecurity Framework would encourage me to identify private health information and recognize the necessity of HIPAA2, a health privacy standard. I could then plan my security protection, detection, response, and recovery appropriately. Hospitals, as critical infrastructure, should have these procedures in place.

To protect assets, you must first take stock of what must be protected; the NIST Framework is specific enough to guide companies to success and broad enough to be customized for specific business needs.