Join Mike Chapple for an in-depth discussion in this video Privacy assessments, part of CompTIA Security+ (SY0-501) Cert Prep: 5 Risk Management.
- [Instructor] The U.S. federal government…uses a series of formal privacy assessments…for any systems involved in the handling…of personally identifiable information.…Anyone working with the federal government…will be required to follow these processes.…Security professionals and private industry…may not be required to use these processes…but may still learn from them and adapt them to their needs.…Privacy Threshold Analysis or PTAs are used to determine…whether a system contains or processes…personally identifiable information…in a manner that requires privacy control.…
When a system reaches the threshold specified in the PTA,…organizations must complete…a Privacy Impact Assessment or PIA…that dives into deeper detail to ensure that the system…meets privacy requirements.…The Privacy Threshold Assessment requires…that agencies answer a series of questions…about the types of information that the system will handle,…how the system is connected to other systems…and other technical and operational details.…
Here's an example of the PTA template…
Author
Mike Chapple
Released
12/1/2017- Security controls and policies
- Risk assessment and management
- Managing vendor relationships
- Social network security
- Security in the hiring process
- Measuring security education
- Business continuity planning and controls
- Preparing for incident response
- Network and software forensics
- Data security policies and roles
- Privacy assessments
Skill Level Beginner
Duration
Views
-
Introduction
-
Welcome1m 6s
-
-
1. Controls and Risks
-
Security controls6m 16s
-
Security policy framework4m 53s
-
Security policies5m 16s
-
Risk assessment5m 22s
-
Quantitative risk assessment6m 41s
-
Risk management3m 53s
-
-
2. Supply Chain Risk
-
Vendor agreements3m 40s
-
3. Personnel Management
-
Employee termination process2m 42s
-
4. Awareness and Training
-
Security education5m 17s
-
Compliance training3m 27s
-
User habits3m 20s
-
User-based threats2m 3s
-
-
5. Business Continuity and Disaster Recovery
-
Business continuity planning3m 27s
-
Business continuity controls3m 50s
-
Disaster recovery4m 26s
-
Backups9m 14s
-
Disaster recovery sites3m 26s
-
Testing BC/DR plans3m 42s
-
After action reports3m 12s
-
-
6. Incident Response
-
Security incidents3m 6s
-
Escalation and notification2m 42s
-
Incident mitigation2m 46s
-
Eradication and recovery2m 20s
-
-
7. Forensics
-
Conducting investigations4m 21s
-
Evidence types3m 51s
-
Introduction to forensics4m 24s
-
System and file forensics4m 26s
-
Network forensics4m 19s
-
Software forensics2m 52s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
-
8. Data Security and Privacy
-
Understanding data security3m 13s
-
Data security policies5m 43s
-
Data security roles3m 8s
-
Data privacy4m 30s
-
Limiting data collection3m 19s
-
Privacy assessments3m 38s
-
-
Conclusion
-
Next steps39s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Privacy assessments