The NIST Cybersecurity Framework is a great resource for businesses to use in order to address and manage cybersecurity risks in a cost-effective way. Government agencies, businesses, and organizations do not need to utilizie the NIST framework and can still mitigate risks (NIST, 2020). There are many different cybersecurity frameworks availabie to use. Some of these cybersecurity frameworks include (Mutune, 2019):
- IASME governance
- ISO 27001/ISO 27002
- SOC 2
- CIS v7
I don’t believe that an organization would be able to effectively mitigate risks without the utilization of a cybersecurity framework. They might be able to mitigate a few things, but they would be unable to mitigate a majority of cybersecurity risks without a framework.
Mutune, G. (2019, September 18). 23 Top Cybersecurity Frameworks. Retrieved November 17, 2020, from https://cyberexperts.com/cybersecurity-frameworks/
NIST. (2020, October 23). Cybersecurity Framework. Retrieved November 17, 2020, from https://www.nist.gov/cyberframework