Organizations can gain a number of benefits from using the NIST Framework. It can be a great tool for identifying gaps in an organization’s own process for assessing risk, and can be used to incorporate improvements. It can also be used as the foundation to create an entire new process.

To use this framework at my future workplace, I would start by asking myself what potential cybersecurity risks I foresee, depending on my organization’s specific mission and needs. I would then review the risk deterrent process that is already in place and compare it to all aspects of the Framework Core and its categories/subcategories. Finally, I would develop a Framework Profile based on these categories/subcategories and address any areas for improvement.