The NIST Framework is a set of guidelines that can help organizations by securing their critical infrastructure and improving their ability with identifying, preventing, detecting, responding, and recovering from cyber incidents. Overall, the Framework is used for reducing and managing cybersecurity risks, which greatly benefits all organizations. Using this Framework helps organizations, no matter the size or focus of the organization, with their critical infrastructure and improve their cybersecurity risk management. The Framework is implemented differently based on the organization’s choice.

To implement this into my future job I would first have to identify and categorize the different types of systems within my organization. I would take note of all the information types, information systems, assets, and specific responsibilities/roles of the individuals who manage them. I would also log what each system’s intended use is and how it connects to others. Next, I would select which security controls that need to be implemented and used as technical safeguards for the organization’s identified systems. Then, those selected security controls are implemented into their respective systems. Each control must describe how it is employed in its specific system of operation. These controls will then be used to both posture and benchmark the success of the organization’s cybersecurity initiatives. The implemented security controls then need to be assessed. Depending on the specific devices and systems, the controls must be implemented appropriately. The organization’s stakeholders then must grant permission to authorize the information systems, ensuring everyone is on the same page. Authorization of information systems require you to report system control operational success and determine whether the present risks are permissible to the organization. The final step in implementing the Framework is to continually monitor and update the systems. The system will continuously evolve technologies and threats at any given time. Breaches can happen at any time, ensuring that my organization has the right protocol in place will help with responding to the detected cybersecurity threat properly. Lastly, if my organization was impacted by a cybersecurity incident, it is important to restore all assets and operations that were impacted by a cybersecurity incident.