The CSF provides guidelines about how to reduce cybersecurity risks and recover from incidents. The Framework Core is grouped into five Functions: Identify, Protect, Detect, Respond, and Recover, which together can offer strategic insight into an organization’s lifecycle for cybersecurity risk management.
Organizations can create Current Profiles by leveraging their existing business drivers and risk assessment processes. They can then create Target Profiles based on their desired cybersecurity outcomes. The gap between their desired Target Profiles and their Current Profiles becomes subject to analysis for purposes of creating action plans.