Industry Specific Profiles

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 7 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Welcome to less than 7.2 industry specific profiles.
00:05
So in this video we will cover reasons for industry specific profiles and guidance on specific industries from specific industries.
00:15
So with industry specific profiles, this is where organizations in a certain industry sector or with similar roles in the data processing ecosystem, they may coordinate to develop common profiles. So uh people that operate in finance may uh
00:32
create basically a common profile for those within the financial sector. Um The same could be said for manufacturing for healthcare, um or various other industries. Um And sometimes these could be developed by different governing or regulatory bodies for those industries that may put out guidance basically on how to build a profile that's tailored specific to the needs of people in those sectors.
01:03
So
01:03
I sort of mentioned before some of the reasons that you look to establish specific profiles, but here's some additional others. Um So an organization may make decisions about how to collect or use data about individuals. Um uh So they may use a profile to express privacy requirements to an external service provider.
01:23
Um So you know, if you know that you work um you know in an industry
01:26
um that may have very specific requirements. Um and there are various other people that sort of operate in the same space. Um Then there could be a specific profile put together to express those needs to external service providers, just the same way that there could be a specific profile for manufacturers,
01:49
um you know, that are put together to determine the capabilities to build into its into their products. So customers can meet privacy needs um of their end users. Um As well as a developer could use a target profile to consider how to design an application um that enables privacy protections when used with other organizations
02:08
system requirements. Um So like I said, besides industry um specific profiles, you could also see like process specific um profiles that come into play, especially if it's a specific process that could be geared toward different types of industries, um but they all have to do
02:30
to follow the same process, so it's something to look into um when you are looking to determine what framework to align with. Um it's definitely worth looking into if you do operate in any specific industry to see if one has been developed and sometimes they can be found
02:50
on this website.
02:52
Other times it may be through um a regulatory body um if you work in a regulated industry um like I said, such as healthcare or finance, um there could be something that has already been put together that you may be able to utilize
03:07
um and so some that I found that are out there when I just did my own research and preparation for this course. Um and it's a bit different because since this privacy framework is new, there haven't been any um
03:21
in the industry specific uh guidance that I found for the knicks privacy framework, but in my research I did find that there is formalized guidance based on this CSF, which is the security framework from this, that correlates with the privacy framework,
03:37
so it may be easy to look at that formalized guidance even though it's from a security perspective
03:42
and um
03:44
have it align with this privacy framework. As I mentioned, there are there is overlap between this CSF and then this privacy framework. Um so what you will find out there um you will see there is manufacturing guidance out there um formalized guidance based on the next CSF
04:02
as well as um Hipaa has put out guidance um from a health care perspective. Um hip and high trust basically regarding uh following the next CSF and how to tailor that for those that operate in the healthcare space.
04:20
And then there has been um some formalized guidance from finance perspective of how to tailor than this CSF for those in the financial sector, and I do have links for these resources um uh linking basically to this guidance um within the resources page for this course,
04:40
so please feel free to look at those
04:43
and for those people that may not be operating in these industries, feel free to take a look at it as well. There may be something beneficial or helpful that you can pull from as you're trying to figure out what possible um
04:56
functions or categories or subcategories, you may be looking to pull from what is great about looking at some of those different options. Sometimes they give a various guidance if you're looking to sort of fall from a basic level, they kind of pull out the functions categories and subcategories that you should be following if you're at this level, I guess depending on your size
05:17
and then if you're let at a medium sized level organization, um they'll show possibly additional um
05:26
functions categories or subcategories that you could be following and then taking it to very large organizations. So it can be fascinating to look at to see their approach to see the current and target profiles that they have put together based on that. So do feel free to check that out.
05:46
So in this video we covered industry specific reasons to establish profiles as well as formalized guidance for profiles based on the next CSF.
05:54
So I hope you'll join me as we move into the next module.
Up Next