What benefit can organizations gain from the NIST Cybersecurity Framework?

The NIST Cybersecurity Framework can help to understand your organization better and manage cyber security risks effectively. An understanding of risk tolerance can allow organizations to measure and report changes to their cybersecurity programs. This can help to make critical decisions, determine what actions need to be taken, and are important to improve an organization and prioritize investments to maximize funding, which also makes this cost-effective. The decision about how to apply it is left to the company. This framework can be utilized in a variety of ways. This framework can be used as a foundation for new cybersecurity programs or as a technique to strengthen a current program structure. Organizations will always face different risk exposures, threats, or vulnerabilities, and they may choose to address them in a variety of ways. This framework is incredibly flexible. It allows organizations to be creative and implement this framework in any way they feel fits their organization. The NIST Cybersecurity Framework can be used as the foundation for a new cybersecurity program or as a method to strengthen an established program structure no matter the size or risk exposure of an organization.

How would you use it at your future workplace?

My future company would make use of the framework profiles. I believe that the framework profiles serve to keep my organization in good standing by providing us with something to strive for regularly. I would create a current profile as well as a target profile that is not too far out of reach; after we achieve our target profile, we would create a new current profile and a new objective to strive toward. I would utilize the five framework core functions at my future workplace as well, first to ensure that everything is protected and handled correctly, but I don’t think I would use it all of the time. I would use it when needed especially if we happen to have an attack

 If my organization went through the five framework core functions again, we would begin by identifying and being aware of what needs to be protected and may be a potential threat, and then protect by looking at the tools and processors that we have in place to defend the organization. We would then identify by looking at the tools we have to alert us to potential cyber-attacks and having someone on the lookout for irregularities. Next We would need to respond by containing any type of damage and implementing a response plan, and then we would recover by talking with the organization and going over what we need to recover from an attack and how we can ensure that it never happens again.