Secure Controls Framework Privacy Management Principles

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 7 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
Welcome to less than 10.4 secure controls framework privacy management principles
00:06
in this video. We'll cover the overview of the secure controls framework privacy management principles. We look at the secure controls framework privacy management principles, mapping
00:16
And we'll look at the secure controls framework privacy management principles 11 domains, as well as an excerpt of secure controls framework privacy management principles matrix.
00:28
So here we have our grid comparing this privacy framework to secure controls. Framework privacy management principles using the four different elements that I've used, which is the governing body, the correlating security framework, the controls and the maturity model.
00:44
So as we know that this privacy framework is governed by Nist, the National Institute of Standards and Technology, whereas the secure controls framework is governed by
00:55
the secure control Framework Council and its security and privacy by design initiatives. So it's a group of volunteers um from security and privacy um that basically created uh this framework as well as the correlating uh security frame with the secure control framework that
01:14
um this is based on
01:15
um and as we know, the correlating security framework for this privacy framework is in this cyber security framework
01:23
um as far as controls furnace, there are five functions, 18 categories and 100 subcategories. Whereas the secure controls framework privacy management principles has 11 domains and 76 principles that fall under each of those 11 domains. Um As far as the maturity model,
01:41
this privacy framework falls for implementation tears,
01:44
one partial to risk informed through repeatable and for adaptive.
01:49
And then finally, um for the maturity model for secure controls framework privacy management principles, there are six maturity levels, so you have not performed performed informally planned and tracked. Well defined, quantitatively controlled and continuously improving.
02:09
So one thing to point out with secure controls framework privacy management principles um is the reason that they did develop this is because they knew it would be very difficult for people um with a non legal background to try to comb through and call through all the different frameworks and laws and regulations
02:29
um to really sort of identify um
02:34
you know, and do a true comparison. Uh So what they did was they looked at a lot of the leading um frameworks that were out there that were out there and Prince privacy management principles um and map to those so that if you're choosing to follow the secure controls framework
02:53
in a sense, it is almost like you're following and adhering to these other ones, if you are compliant
02:59
and are enacting these controls within your organization. So you can see that they map to the G D P R. We see the Fair Information Practice principles on here, which means more than likely those 11 domains may be pretty similar to the Fair information practice principles. We also see the generally accepted privacy principles here as well as the HIPAA privacy rule.
03:20
We even see 27 701 and 29 100 here missed 853. And it does even including this privacy framework. So you see here they map to a lot of different frameworks and even some regulations um which means this could be pretty valuable for a company that maybe
03:38
operating in a lot of different regions around the world and have to adhere to a lot of different privacy frameworks because we even see that um a I C P A s trust services criteria is on here as well as the ASIA pacific Economic Cooperation. So there's a lot going on here, even CCP A um that may make this a viable option for some companies to use as their
04:01
privacy framework.
04:04
So the 11 domains um for the secure controls framework, privacy management principles are number one privacy by design to data subject participation, three limited collection and use for transparency. Five Data life cycle management,
04:25
six data subject rights,
04:27
seven security by design, eight incident response, nine risk management, 13th party management and 11 business environment.
04:34
And so as again, once again, now that we've gone through the fair information practice principles and the general accepted privacy principles as well as even the eye. So 29 100 principles um like I said, you do start to see a lot of overlap. A lot of
04:50
Similar principles from each one. And like I said, a lot of them took their cue from the codification of the fair information practice principles um way back in the 1980s. And so like I said, you do see a lot of them having the same principles throughout. Like I said, we see privacy by design, we see
05:10
collection and use
05:12
um you do see, you know, security listed here as well as data subject rights. Um And like I said, you even see how this ties into um the regulations um that spawned a lot of these same elements from the CCP A and G D P R that I've mentioned previously.
05:30
So here I wanted to give an excerpt sort of of their matrix. Um and so focusing on the darker gray area where it says 2.0, data subject participation was one of the 11 domains we saw on the previous screen. And so it gives a description here um of that particular principle.
05:48
And then as it goes into 2.1,
05:51
you see uh one of the principles that falls under that domain. Um so we see a clear choices is one that falls under data subject participation and it gives basically a description of that particular principle. Um So then what you're looking at in the yellow area
06:11
um is how it maps to these different frameworks and regulations. So it's actually giving you article numbers
06:16
or clauses or different sections of another framework or regulation that it's mapping to so that you can easily um go to those sections in those documents to see um what the description says or what the requirements are. And you would actually be meeting them since it's basically mapping back to that.
06:35
Um So I said this is definitely on the higher end for someone to consider, since it does map to all the frameworks that we've covered, including Nist and um actually some regulations we saw C C P A and G D P R um so I have included the link
06:51
for the secure controls framework in the resources section.
06:56
Please check it out. They do have a lot of documentation and help to assist you should this be one that you're choosing to adopt and it is free, just like the knicks privacy framework. As you can see from our comparisons right now, the only one of the that is a true cost because it is a standard and not a framework was I so
07:15
27 701 and I saw a 29 100.
07:18
And so that does have a cost because also you would get certified to ISO whereas the other frameworks that we looked at are just that frameworks that can be tailored to um how your organization um is choosing to operate.
07:33
So in this video we covered the miss privacy framework and the secure controls. Framework, privacy management principles comparison. Uh We looked at the secure controls framework, privacy management principles mapping and the 11 domains. And then we reviewed an excerpt of the secure controls framework privacy management principles Matrix.
07:53
So I hope you've enjoyed this course
07:55
um and do know that before you can get your certificate of completion, um that there is an assessment that you will need to complete, but I hope you've enjoyed this course. I thank you for taking it and please do reach out to me. Should you have any comments or questions?