Organizations can benefit from using this framework in a multitude of ways. It first helps a company establish the basis of how secure they would like to have the company against a cybersecurity risk. Once they have established a framework, companies can take a look into the organization and identify its needs. Even in the future, they can decide to orchestrate the framework to be more secure or to cut back in places where they think resources could be lessened. The framework displays a baseline for companies to see which tier their security measures align with. Once companies run the framework to see their standing, they can look into how each different category aligns. From this, companies can create a target profile that they strive for the system to improve to. This is great for companies that are expanding and seeing the need to increase security risk in a specific area. A company can repeat this cycle constantly by running the framework and creating a target profile to keep up with its changes as the company evolves.
In the future this framework would be extremely helpful in my workplace. It will allow me to constantly assess and reassess our risk management protocols to see if there are any needs for changes. I would first prioritize and scope the organization objectives. After the objectives have been identified, I will orient what we want to protect. This will lead me to create the current profile to show our baseline. I would then use the current profile and conduct a risk assessment. This risk assessment will help me create a target profile and where I want us to be among the different tiers. I will compare the current profile alongside the target profile to distinguish any gaps. This will lead me to create an action plan that I can apply to achieve the target profile.