Professional Documents
Culture Documents
Glossary
NIST Privacy Framework
Created By: Jay James, Teaching Assistant
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
12. Data lifecycle - lifecycle that includes the steps: data creation, storage management,
data use and role-based security, shared data, archive data, and permanently destroy
data.
13. Data Processing Awareness Category – Individuals and organizations have reliable
knowledge about data processing practices and associated privacy risks, and defective
mechanisms are used and maintained to increase predictability consistent with the
organization’s risk strategy to protect individuals’ privacy
14. Data Processing Ecosystem – the complex and interconnected relationships among
entities involved in creating or deploying systems, products, or services or any
components that process data
15. Data Processing Ecosystem Risk Management Category – The organization’s
priorities, constraints, risk tolerance, and assumptions are established and used to
support risk decisions associated with managing privacy risk and third parties within the
data processing ecosystem. The organization has established an implemented the
processes to identify, assess, and manage privacy risks within the data processing
ecosystem
16. Data Processing Management Category – data are managed consistent with the
organization’s risk strategy to protect individuals’ privacy, increase manageability, and
enable the implementation of privacy principles
17. Data Processing Policies, Processes, and Procedures Category – Policies,
processes, and procedures are maintained and used to manage data processing
consistent with the organization’s risk strategy to protect individual’s privacy
18. Data Protection Policies, Processes, and Procedures Category – security and
privacy policies, processes, and procedures are maintain and used to manage the
protection of data
19. Data Security Category – data are managed consistent with the organization’s risk
strategy to protect individuals’ privacy and maintain data confidentiality, integrity, and
availability
20. Disassociability – a privacy engineering objective which enables the processing of data
or events without association to individuals or devices beyond the operational
requirements of the system.
21. Disassociated Processing Category – Data processing solutions increase
disassociability consistent with the organization’s risk strategy to protect individuals’
privacy and enable implementation of privacy principles.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
22. Failsafe (2) – a design feature or practice that in the event of a specific type of failure,
inherently responds in a way that will cause no or minimal harm to other equipment, ot
the environment or to people
23. Fair Information Practice Principles – a set of principles and practices that describe
how an information-based society may approach information handling, storage,
management, and flows with a view toward maintaining, fairness, privacy, and security in
a rapidly evolving global technology environment
24. Generally Accepted Privacy Principles (GAPP) - framework intended to assist
Chartered Accountants and Certified Public Accountants in creating an effective privacy
program for managing and preventing privacy risks.
25. Go (Ready, Set, Go Method) – “Go” forward with implementing the action plan
26. Govern – Develop and implement the organizational governance structure to enable an
ongoing understanding of the organization’s risk management priorities that are informed
by privacy risk.
27. Governance Policies, Processes, and Procedures Category – The policies,
processes, and procedures to manage and monitor the organization’s regulatory, legal,
risk, environmental, and operational requirements are understood and inform the
management of privacy risk.
28. Hot Swap – the replacement or addition of components to a computer system without
stopping, shutting down, or rebooting system
29. Identify-P (ID-P) – Develop the organizational understanding to manage privacy risk for
individuals arising from data processing
30. Identity Management Authentication and Access Control Category – access to data
and devices is limited to authorized individuals, processes, and devices and is managed
consistent with the assessed risk of unauthorized access
31. Implementation Tiers – support communication about whether an organization has
sufficient processes and resources in place to manage privacy risk and achieve its
Target Profile
32. Implementation Tiers – Tiers including partial, risk informed, repeatable, and adaptive.
The for elements of the tiers include a privacy risk management process, integrated
privacy risk management program, data processing ecosystem relationships, and
workforce
33. Industry Specific Profiles – organizations in a certain industry sector or with similar
roles in the data processing ecosystem may coordinate to develop common profiles
34. Integrity (CIA Triad) – representing that data cannot be modified
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
35. Inventory and Mapping Category - data processing by systems, products, or services
is understood and informs the management of privacy risk
36. ISO 27701 - international standard on how to manage information security
37. ISO 29100 - provides a high-level framework for the protection of personally identifiable
information (PII) within information and communication technology (ICT) systems.
38. Load Balancing – the process of distributing network traffic across multiple servers to
ensure no single server bears too much demand
39. Maintenance Category – System maintenance and repairs are performed consistent
with policies, processes, and procedures
40. Monitoring and Review – The policies, processes, and procedures for ongoing review
of the organization’s privacy posture are understood and inform the management of
privacy risk
41. NIST PRAM Worksheet #1 –worksheet that frames organizational objectives and
privacy governance
42. NIST Privacy Framework (1) - voluntary tool developed in collaboration with
stakeholders intended to help organizations identify and manage privacy risk to build
innovative products and services while protecting individuals’ privacy
43. Principle of Least Functionality – configure systems to provide only essential
capabilities, restrict certain “functions, protocols, ports and services”, and limit
component functionality to a single function
44. Principle of Least Privilege – Allowing only authorized accesses for users which are
necessary to accomplish assigned tasks in accordance with organizational missions and
business functions
45. Prioritizing Risks – given the applicable limits of an organization’s resources,
organizations prioritize the risks to facilitate communication about how to respond.
46. Privacy Framework Core – provides an increasingly granular set of activities and
outcomes that enable an organizational dialogue about managing privacy risk. (5
functions, 18 Categories, and 100 subcategories)
47. Privacy Framework Profiles – are a selection of specific functions, categories and
subcategories from the core that an organization has prioritized to help it manage
privacy risk
48. Privacy Policy (Components) – includes the components on what data is collected and
how, how the data is used, how the data is stored and protected, company contact
information, use of cookies, and opt-out policy clause
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
References
1. https://www.nist.gov/privacy-framework
2. https://www.envirotech-online.com/news/gas-detection/8/net/is-your-sensor-fail-safe/461
25
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6