Breakdown of the NIST Privacy Framework

00:00

Welcome to less than 1.3 breakdown of this privacy framework

00:09

in this video, we're going to cover the privacy framework structure.

00:15

So then this privacy framework structure really has three components. It's the core profiles and the implementation tears.

00:23

And we're going to get into the core over the next several modules but we'll go more in depth into profiles and implementation tears in the later modules for this course.

00:37

So with the core, what you're looking at really is a granular set of activities and outcomes that really help an organization um have a dialogue about how to manage privacy risks.

00:48

So as we see on the picture here, you'll see that there really are three categories within or three. Um

00:56

you have the function the categories and subcategories. I don't want to use the word categories to describe it when one of the uh one of these sets really is the category.

01:07

So you have the five functionalities. And then within those five functionalities you have 18 categories. And then it breaks down even further to have 100 subcategories for each of those categories.

01:19

So really how this is set up is that within the identified function? Um There are certain categories that make up that function and then there are subcategories for those categories. So the five functions are identify, govern, control, communicate and protect

01:36

um those of you that may be taking this course that are have a cybersecurity background. Um as I mentioned before, that may be familiar with in this cyber security framework on this CSF. This layout may look familiar to you because you utilize the same concept of functions categories and subcategories.

01:55

So as we go through

01:57

Modules two through 6, we're actually going to go through each of these functions and their categories and subcategories.

02:08

So the second part of the framework structure are the profiles.

02:13

So the profiles are really, it's where a company is going to take specific functions categories and subcategories from the core

02:22

um and determine um really had to prioritize um those in order to help manage privacy risks.

02:30

So the profiles you'll learn when we get into the later module um is really going to break down into separate concept of uh two separate concepts of your current profile versus your target profile. So they're really going to be looking at the function categories and subcategories to chart out what their current target or

02:51

their current profile is, and that's really gonna show what are they actually doing now versus their target profiles, where they want to be. So they may take additional functions categories and subcategories to show what their target goal is. And we're going to get into later how to really do that.

03:08

But the profiles like that is just another part of the MS privacy structure

03:13

and how to really utilize the core um to help manage privacy risk within your business.

03:22

And the final framework structure of the MS privacy framework are the implementation tears. So there are 41 is partial to risk and form three repeatable and for adaptable.

03:34

And these are really going to support communication about whether an organization has sufficient processes or resources in place to manage privacy risk and achieve its target profile.

03:43

So really you're gonna take um each function, each category subcategory to really determine sort of what is the status of that um within your enterprise. So for instance, if you're looking at something for the identify function, a category or subcategory within the identified function

04:00

you're really trying to determine, especially if you're looking at a current profile, what is our current status with that? Are we in a partial

04:10

um implementation here where maybe we haven't done a lot of work but we've kind of started it and you're going to sort of look at everything from that specification and we're going to get into a later module of sort of what the criteria is for each of these implementation tears in order for you to help determine where your organization may fall.

04:30

So let's take a quick quiz before we move into the next video.

04:34

So true or false in this privacy framework profiles provide an increasingly granular set of activities and outcomes that enable an organizational dialogue about managing privacy risks.

04:46

one true to false.

04:48

I know you've got this

04:54

so the answer here is actually false. So

04:58

hopefully this wasn't too misleading. I did try to throw you off a little bit um but in the question it says the miss privacy framework profiles provide increasingly grain your set of activities. So if you remember correctly, it's the core that actually does that not the profiles the profiles are where you get into having your current and target profile

05:15

to determine where your enterprise currently sits in regards to privacy risk management

05:20

versus where they want to be.

05:23

So do you remember that? It's the core which breaks down into the five functions um 18 categories and 100 subcategories um to help you really build a framework for how you're going to manage your privacy risk.