Cybersecurity Framework Reflection

• What steps illustrate how an organization could use the Cybersecurity Framework to create or improve a cybersecurity program?,

• What key messages and ideas will you take away from this course?,

• What surprised you about the class?,

• What has changed in your opinion?,

• How might that move forward into your professional practice?,

Comprehensive General Answer

The NIST Cybersecurity Framework (CSF) provides organizations with a structured method to build or enhance their cybersecurity posture. To illustrate implementation, I would take the following steps:

1⃣ Identify Current State
Assess existing cybersecurity capabilities and risks, including assets, data sensitivity, and critical infrastructure dependencies (Lewis, 2020).
2⃣ Determine Target State
Define where the organization aims to be based on industry standards, threats, and regulatory requirements.
3⃣ Gap Analysis & Prioritization
Compare current conditions to target goals and prioritize actions by likelihood and impact of threats.
4⃣ Develop & Implement Action Plans
Apply appropriate controls across the framework’s core functions—Identify, Protect, Detect, Respond, Recover.
5⃣ Monitor, Evaluate, Improve
Cybersecurity needs continuous review, updating policies, training, and technologies as threats evolve.

Key Messages & Ideas Taken from the Course

A major takeaway is the recognition that critical infrastructure is deeply interconnected, meaning a vulnerability in one sector can cascade into others. The course emphasized that cybersecurity is not solely a technical function—it requires organizational policy, leadership engagement, and risk-informed decision-making (Lewis, 2020).

Another key message is the importance of defense in depth, integrating multiple layers of security to reduce single points of failure.

What Surprised Me

I was surprised by how much human behavior and organizational culture impact cybersecurity success. Technical controls alone are not enough — training and awareness are vital.

What Has Changed in My Perspective

I now better understand cybersecurity as a national security issue, not just an IT concern. Threats to power grids, healthcare networks, and communication systems can disrupt the entire nation.

Application to Professional Practice

Going forward, I would adopt a risk-driven mindset in my cybersecurity work. I plan to:

• Incorporate NIST CSF into organizational planning

• Promote continuous monitoring and improvement

• Advocate for stronger employee security awareness programs

This course reinforced that protecting critical infrastructure requires collaboration, vigilance, and proactive planning.

Reference — APA 7 Format

Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd ed.). Wiley.