One organization might decide to implement the Framework tiers to outline desired risk management techniques. Framework can be used to discover opportunities to strengthen and convey its management of cybersecurity risk while aligning with industry practices. Another organization may utilize the Framework’s five Functions to assess its overall risk management portfolio.  An organization without a cybersecurity program in place can utilize the Framework as a guide to create one. Framework core has the ability to Identify, Protect, Detect, Respond, and Recover. By organizing information, facilitating risk management decisions, mitigating risks, and improving by gaining knowledge from past mistakes, they assist an organization by expressing its management of cybersecurity risk.

For my future workplace I would implement a Current Profile so that my workplace can assess how well they are accomplishing the objectives set in the Core Categories and Subcategories, aligned with the five high-level Functions: Identify, Protect, Detect, Respond, and Recover. I could also utilize the Framework to give interdependent stakeholders a consistent language to discuss requirements. Or I may use framework to make sure a new product or service fulfills important security requirements.