Learning Marketplace

What does NIST Cybersecurity Framework Mean to Industry?

Information security breaches threaten national security, the economy, and the health and safety of the public at large, making cybersecurity one of the hottest topics on the minds of industry leaders, IT professionals, and consumers today. A cybersecurity breach can directly impact a company's revenue - not only by direct financial loss, but also through liability exposure, reputational damage, as well as severely hamper innovation and growth.

In 2014, at the direction of the President, the National Institute of Standards and Technology (NIST) released one of the more significant documents to begin to address the threats from breaches through the cyber net that covers our critical public and private infrastructure.

The Framework provides organization and structure to today's multiple approaches to cybersecurity by assembling standards, guidelines, and practices that work effectively in industry today, the most prominent and global standard being ISO/IEC 27001. “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes.” (NIST, Cybersecurity Framework, 2/12/14.)

Please join us as we discuss how ISO/IEC 27001 is structured to facilitate the process of evaluating and implementing the Framework and the positive impact it can have on industry.

Participants will develop an understanding of:

  • Overview of the NIST Framework
  • The Framework's structure and requirements
  • The NIST Framework's harmonization with international efforts and standards
  • Using ISO/IEC 27001 for evaluating an organization against the framework, addressing gaps, and implementing the controls


Matthew Smith is a technical lead at the innovation center G2 Inc, located in Annapolis Junction MD. Matthew has been working with NIST on Cybersecurity Framework for over 2 years and has a focus on implementation. Over the last 18 months, Matthew has been leading a team of contractors and government employees to fulfill portions of Presidential Executive Order 13636. Matthew has worked in the cybersecurity space for the last 5 years covering network defense, intrusion detection, and big data analytics.

John DiMaria is the ISO Product Manager for BSI Group America Inc. He has 28 years of successful experience in Management System Development, including Information Systems, and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Group America, Inc. regarding all product standards covering Risk, Quality, Sustainability and Regulatory Compliance.