NIST Privacy Framework

The NIST Privacy Framework courseprovides students with an understanding of how to implement privacy protections into their services and operations and products and handle and manage privacy risks. Although many security professionals are familiar with cybersecurity best practices, privacy issues can present different challenges based on products or services that potentially violate privacy, varying approaches to managing privacy risks, and an ever-changing regulatory landscape.

Prerequisites

Completion of Introduction to Data Privacy is a prerequisite for this course.

Course Goals

By the end of this course, students should be able to:

• Understand why the NIST Privacy Framework was developed and created
• Demonstrate knowledge of the NIST Privacy Framework Core
• Demonstrate knowledge of the NIST Privacy Framework Profiles
• Demonstrate knowledge of the NIST Privacy Implementation Tiers
• How to Adopt the NIST Privacy Framework (Ready, Set, Go) – Hypothetical Use Cases
• Compare the NIST Privacy Framework to other Privacy Frameworks

• Overview of the NIST Privacy Framework
• Introduction to the NIST Privacy Framework
• Why a Privacy Framework?
• Breakdown of the NIST Privacy Framework
• NIST Privacy Framework Core: Identify
• Inventory Mapping
• Business Environment
• Risk Assessment
• Data Processing Ecosystem Risk Management
• NIST Privacy Framework Core: Govern
• Governance Policies, Processes & Procedures
• Risk Management Strategy
• Awareness and Training
• Monitoring and Review
• NIST Privacy Framework Core: Control
• Data Processing Policies, Processes & Procedures
• Data Processing Management
• Disassociated Processing
• NIST Privacy Framework Core: Communicate
• Communication Policies, Processes & Procedures
• Data Processing Awareness
• NIST Privacy Framework Core: Protect
• Data Protection Policies, Processes & Procedures
• Identity Management, Authentication and Access Control
• Data Security
• Maintenance
• Protective Technology
• NIST Privacy Framework Profiles
• Profiles
• Industry Specific Profiles
• NIST Privacy Framework Implementation Tiers
• Implementation Tiers
• How to Adopt NIST Privacy Framework
• Ready, Set, Go
• Hypothetical Use Case #1
• Hypothetical Use Case #2
• Privacy Framework Comparisons
• Fair Information Practice Principles (FIPP)
• ISO 27701 and ISO 29100
• Generally Accepted Privacy Principles (GAPP)
• Secure Controls Framework Privacy Management Principles