Hello everyone!

I think organizations can gain a lot from using the NIST Cybersecurity Framework because it gives them a clear, flexible way to understand and manage cybersecurity risks without having to start completely from scratch. One of the biggest benefits is that it helps align cybersecurity activities with business goals which makes it easier to prioritize efforts, improve resilience, and communicate risk across different teams. Whether a company already has a mature cybersecurity program or even if it is just getting started, the Framework can be adapted to fit their unique needs, size, and risk level.

In my future workplace, I would most likely use the Framework as a roadmap to assess where we stand (the “Current Profile”) and define where we want to be (the “Target Profile”). From there, i would use it to guide our security planning and investment decisions. Especially using the five core functions (Identify, Protect, Detect, Respond, Recover) to structure the day-to-day activities. I think that it is also a great tool for increasing collaboration between IT, leadership, and compliance teams by creating a common language around cybersecurity.

-Tatiayna S.