One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1934314 |
| Date de publication | 2020-09-22 11:00:00 (vue: 2020-09-23 10:12:33) |
| Titre | Data privacy and data governance fundamentals of the NIST Privacy Framework |
| Texte | As of January 16, the National Institute for Standards and Technology (NIST) published the first version of their privacy framework. For those of you familiar with NIST frameworks you will already be accustomed with the way NIST presents control categories, controls, sub controls, et cetera. This framework includes the following categories: Identify Govern Control Communicate Protect Some of these controls have some corollaries in other frameworks, such as NIST’s Cybersecurity Framework (CSF), but Govern, Control, and Communicate are completely brand new. Many of the controls under the familiar categories have changed as well. These controls provide guidance for organizations to create a strong privacy program, and one that could be integrated into existing cybersecurity operations. Privacy is quickly becoming a top concern for organizations across the board, both due to a shift in consumer interests and because of increased legal requirements. This framework is one of the first of its kind to help businesses understand what constitutes a good privacy program. What’s in the framework? As noted above this framework includes five new control families that are broken out into individual categories and sub-categories. NIST also sprinkles in areas from other frameworks such as the detection requirements from the CSF. The five categories can be summarized as follows: Develop the understanding to effectively manage privacy risks Create an internal culture and corporate structure to support risk management and data governance Develop policies, procedures, and practices to effectively control and protect data Provide that communication channels are in place and regularly communicated for employees to ask questions and raise issues related to privacy and data management Implement technical, administrative, and physical controls to protect and maintain the integrity of data. These five categories share similar themes to the rest of NIST's security standards, emphasizing how security and privacy can work hand-in-hand to create safer and more efficient workflows.Organizations should be sure to work with a certified privacy attorney when developing their privacy program to provide that it meets all legal requirements. How to use this framework Within the framework NIST provides guidance on how to utilize this framework to either create a new privacy program or improve an existing one. They break down the process into three steps: Ready The first step is to create an understanding of the organization, its mission, and the overall business environment. This environment includes things like risk tolerance, legal requirements, et cetera. This step is covered by the Identify and Govern functions. It is important that organizations focus on creating clear guidelines and values that are communicated to the staff. As with security, effective implementation of this framework requires the support and efforts of all employees. Set Once the foundation has been laid, the next step is to outline what categories and subcategories are already implemented, partially implemented, or not implemented at all. Informed by the values and requirements established in the first step organizations can better prioritize the remaining controls for implementation. The second step should result in a clear plan that outlines the status of all controls, and a prioritized schedule for implementing the remainder. Go The last step is the actual implementation of the action plan developed above. The categories can be implemented in any order so the plan should be highly customized to meet the specific needs of the organization. As controls are implemented the second step ‘Set’ can and should be rep |
| Envoyé | Oui |
| Condensat | communication or 171 800 about above accustomed across action actual address administrative all already also among any are areas ask assessments assuming att attorney balance based be integrated because becoming been better between board both brand break broken brought build business businesses but can careful categories categories: category certain certified cetera changed channels clear com combination combining communicate communicated company completely concern concerns conclusion consider constitutes consumer consumers control controls corollaries corporate could course covered covers create created creating csf culture customized cybersecurity data demands detection develop developed developing different down due easier effective effectively efficient efforts either emphasizing employees ensure environment established exercises existing factors familiar families first five focus focused follow following follows: foundation framework frameworks from functions fundamentals funding further general good govern governance great guidance guidelines hand has have help highly holistic honest how https://cybersecurity identify implement implementation implemented implementing important improve includes increased individual information informed institute integrate integrity interests internal issues its january keep keeping kind laid landscape last legal legislators like list looking maintain makes manage management many mapping mature may meet meets mission more much must national needs new next nist nist's nist’s not noted once one operations order organization organization’s organizational organizations other out outline outlines output outside overall package part partially parties physical place plan please policies practices prepared presents priorities prioritize prioritized privacy procedures process program programs protect provide provides published questions quickly raise ready realistic reassessing references regularly related relevant remainder remaining repeated require requirements requires rest result risk risks robust rounded safer schedule second security set share shift should significant significantly similar socialize some specific sprinkles staff standards status step steps steps: strong struck structure sub subcategories such summarized support sure tasks teams technical technology them themes these things those three time to create tolerance top types under understand understanding updated upon use utilize utilizing values vendor version visit way well what what’s when whole will within work workflows your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.