BLOG, Writting Skill

Assessing the Effectiveness of the NIST Cybersecurity Framework

Posted by zabeb001 on

            In today’s digital environment, a single cyberattack can shut down a hospital, stop business, or leak sensitive personal information. That is why the NIST Cybersecurity Framework (CSF) is an important tool. It helps organizations understand and manage their cybersecurity risks. This paper explains how to assess the CSF’s effectiveness by looking at expert opinions, possible policy changes, and the ethical, political, and social sides of the framework.

            Many experts have shared their views about how CSF works. Rejeb et al. (2024) say the CSF helps organizations improve how they manage risks and increases awareness about cybersecurity. This technique is especially useful in healthcare. The CSF is flexible and not mandatory, which makes it easier for different organizations to use it in a way that works for them. Aljawarneh et al. (2023) agree and explain that the CSF has five main steps: Identify, Protect, Detect, Respond, and Recover. These steps provide organizations with a clear and simple way to manage cybersecurity.

            Another study by Gungor and Kose (2024) talks about how CSF helps both government and private organizations create better cybersecurity plans. They like that the CSF is easy to follow and receives regular updates. But they also point out a problem: many small businesses do not have enough people or money to use the CSF fully. This study shows that while CSF works well for big organizations, smaller ones might need more help.

            To assess the CSF, there are three favorable ways. First, determine how many small and large organizations are using it and if it is helping them. Second, compare the number of cyberattacks and response times before and after using the CSF. This process will show if it makes a difference. Third, see if CSF helps people continue learning and improving as threats change. It is also important to gather feedback from users of the CSF. Their experiences can tell us if the CSF is practical and easy to use.

            These ideas also suggest some policy changes. If small businesses are struggling to use CSF, the government could consider providing them with additional support or creating a simpler version of the framework. CSF training could be added to job programs or taught in schools. That way, more people would know how to use it and be ready for cybersecurity jobs. Another possible recommendation is to offer financial grants or tax credits to small businesses that commit to using the CSF. Such measures would encourage adoption and strengthen national cybersecurity.

            CSF also affects people in other ways. Ethically, it helps protect private information. Politically, it supports teamwork between the government and private companies. Socially, it helps organizations protect the public and make the internet safer. Previous papers have shown that CSF helps keep a balance between safety and privacy. But for it to be fair, all organizations need access to the tools and training to use them well. Overall, my earlier papers showed how CSF supports both security and fairness, and this paper builds on that by showing where improvement is still needed.

            In conclusion, the CSF is not perfect, but it offers many benefits. It is clear, flexible, and helps people continue learning. With the right support and updated policies, CSF can help many organizations build stronger cybersecurity. It can also make the digital world safer for everyone, not just companies or governments, but for everyday people too.

References

Rejeb, A., Keogh, J. G., Treiblmaier, H., Zailani, S., & Rejeb, K. (2024). Enhancing      Cybersecurity Risk Management Through the NIST Framework: A Healthcare         Perspective. arXiv. https://arxiv.org/pdf/2404.11473

Aljawarneh, S., Alsarhan, A., & Aldwairi, M. (2023). Cybersecurity risk assessment using the        NIST Cybersecurity Framework. Electronics, 14(7), 1364. https://www.mdpi.com/2079-9292/14/7/1364

Gungor, O., & Kose, U. (2024). Cybersecurity and the NIST framework: An implementation         review. International Journal of Advanced Computer Science and Applications, 16(6). https://thesai.org/Downloads/Volume16No6/Paper_72Cybersecurity_and_the_NIST_Framework.pdf National Institute of Standards and Technology. (2018). Framework for Improving Critical            Infrastructure Cybersecurity, Version 1.1.https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

Facebooktwitterlinkedininstagramflickrfoursquaremail

Leave a Reply

Your email address will not be published. Required fields are marked *