Framework is constantly evolving and self-correcting certain flaws on its own. It can be difficult to block everything security wise because the people trying to infiltrate are typically a couple of steps ahead, but a self-updating system is a good thing to have. I also like the idea of “Framework Profiles” and how they can be in the current state or in a target state. To me it seems like you can take care of current issues and also look ahead to where you want things to be. The tier system for risk management also seems like something that is very useful. I would use it in my future workplace to differentiate what levels of leadership have access to certain things within the company. The Intergrated risk program seems like the most useful to me.