The NIST Cybersecurity framework is very beneficial to most if not all companies. The NIST framework offers direction for organizations that want to have better control and reduce cybersecurity risks. The NIST framework has a set of processes that can help measure and mitigate a company’s existing cybersecurity and risk management systems as well as point out steps to strengthen them. NIST Cybersecurity framework includes 3 components: core, implementation tiers, and profiles. Profiles enable a company to establish a roadmap for reducing cybersecurity risks that are aligned with the organizational and sector goals. These profiles can be used to describe the organizations current state and help get them to their desired target state for their cybersecurity framework. This framework comes from a risk-based approach to outline to higher up executives who then will portray an integrated risk management approach aligned with the business goals to the business process level. Who will then communicate with operations level which tier to implement into the company. Overall this creates better communication and decision making throughout the organization.

I would use NIST CSF in order to gain a baseline for my company’s risk assessment. From there I would use the road map from my current profile to my desired target profile in order to meet cybersecurity risk management objectives already outlines for my company. Next I would use the implementation tiers as a gauge for the desired risk management practices aligned with my company’s appropriate budget plan, requirements, and desired risk levels.