Breakdown of the NIST Privacy Framework

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

4 hours 7 minutes
Video Transcription
Welcome to less than 1.3 breakdown of this privacy framework
in this video, we're going to cover the privacy framework structure.
So then this privacy framework structure really has three components. It's the core profiles and the implementation tears.
And we're going to get into the core over the next several modules but we'll go more in depth into profiles and implementation tears in the later modules for this course.
So with the core, what you're looking at really is a granular set of activities and outcomes that really help an organization um have a dialogue about how to manage privacy risks.
So as we see on the picture here, you'll see that there really are three categories within or three. Um
you have the function the categories and subcategories. I don't want to use the word categories to describe it when one of the uh one of these sets really is the category.
So you have the five functionalities. And then within those five functionalities you have 18 categories. And then it breaks down even further to have 100 subcategories for each of those categories.
So really how this is set up is that within the identified function? Um There are certain categories that make up that function and then there are subcategories for those categories. So the five functions are identify, govern, control, communicate and protect
um those of you that may be taking this course that are have a cybersecurity background. Um as I mentioned before, that may be familiar with in this cyber security framework on this CSF. This layout may look familiar to you because you utilize the same concept of functions categories and subcategories.
So as we go through
Modules two through 6, we're actually going to go through each of these functions and their categories and subcategories.
So the second part of the framework structure are the profiles.
So the profiles are really, it's where a company is going to take specific functions categories and subcategories from the core
um and determine um really had to prioritize um those in order to help manage privacy risks.
So the profiles you'll learn when we get into the later module um is really going to break down into separate concept of uh two separate concepts of your current profile versus your target profile. So they're really going to be looking at the function categories and subcategories to chart out what their current target or
their current profile is, and that's really gonna show what are they actually doing now versus their target profiles, where they want to be. So they may take additional functions categories and subcategories to show what their target goal is. And we're going to get into later how to really do that.
But the profiles like that is just another part of the MS privacy structure
and how to really utilize the core um to help manage privacy risk within your business.
And the final framework structure of the MS privacy framework are the implementation tears. So there are 41 is partial to risk and form three repeatable and for adaptable.
And these are really going to support communication about whether an organization has sufficient processes or resources in place to manage privacy risk and achieve its target profile.
So really you're gonna take um each function, each category subcategory to really determine sort of what is the status of that um within your enterprise. So for instance, if you're looking at something for the identify function, a category or subcategory within the identified function
you're really trying to determine, especially if you're looking at a current profile, what is our current status with that? Are we in a partial
um implementation here where maybe we haven't done a lot of work but we've kind of started it and you're going to sort of look at everything from that specification and we're going to get into a later module of sort of what the criteria is for each of these implementation tears in order for you to help determine where your organization may fall.
So let's take a quick quiz before we move into the next video.
So true or false in this privacy framework profiles provide an increasingly granular set of activities and outcomes that enable an organizational dialogue about managing privacy risks.
one true to false.
I know you've got this
so the answer here is actually false. So
hopefully this wasn't too misleading. I did try to throw you off a little bit um but in the question it says the miss privacy framework profiles provide increasingly grain your set of activities. So if you remember correctly, it's the core that actually does that not the profiles the profiles are where you get into having your current and target profile
to determine where your enterprise currently sits in regards to privacy risk management
versus where they want to be.
So do you remember that? It's the core which breaks down into the five functions um 18 categories and 100 subcategories um to help you really build a framework for how you're going to manage your privacy risk.
So in summary, in this video, we covered the core which includes the five functions, 18 categories and 100 subcategories. We talked a little bit about the profiles current versus target and then went through the four implementation tears which were partial risk informed, repeatable and adaptable. I hope you'll join me as we move into module to
Up Next