The NIST Cybersecurity Framework aids businesses and organizations of all sizes in better comprehending, controlling, and reducing their cybersecurity risk while securing their networks and data. The Framework is completely optional. It provides them with a summary of best practices to assist them in choosing where to concentrate their efforts and resources for cybersecurity protection. Organizations are able to target their security efforts precisely thanks to this framework. There are organizations out there that undoubtedly own security tools that, they do not really need. Understanding where a company should focus its efforts and resources on security is essential. As a result, a company may feel more at ease knowing that they have the most excellent security possible and that their money is not being wasted on things that are not needed. An organization can also use the framework core which consists of five functions, which are protect, detect, respond, and recover. This framework core gives an organization an easy route to use in terms of security.

In my future workplace, I would use the five framework core functions of the NIST Cybersecurity Framework to better protect myself. The first core function is Identify. Identifying requires an individual to have a better understanding of all the systems that make up the critical infrastructure of the organization. In this function, I have to ask myself which assets need to be protected in the company or the office where I work. I cannot protect something if I am not aware it exists. In this identify function, I am developing an awareness and making sure that nothing falls off the radar. For example, this can be listing all the hardware, servers, PCs, laptops, and printers I use. Also, listing every software I use such as Microsoft 365. Identifying every asset I use in my workplace that could potentially be at risk of cyber threat is very crucial. The next function is Protect. This stage requires looking at all the tools I have in place to protect all the assets I use from any cyber attack. This can be like having tools to protect myself from things like phishing. Also making sure I have tools such as multifactor authentication. The next function is Detect. This stage requires me to detect any unauthorized user or any suspicious activity around my network. The next function is Respond. This stage requires me, after detecting a cyber attack to notify other people such as my boss or other stakeholders. Also reporting the attack to law enforcement and authorities. And the last stage is Recover. This stage requires me to restore any assets that might have been impacted due to the cyber attack.

Citations

Google. (n.d.). 01b – nist_improving cybersecurity.pdf. Google Drive. https://drive.google.com/file/d/1wPp9kofp-gdlu3NAisszeM8d8ko1djF1/view

Ritchie, J. N. & A., & Staff in the Bureau of Competition & Office of Technology. (2022, October 6). Understanding the NIST cybersecurity framework. Federal Trade Commission. https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework Links to an external site.