Course Description

The NIST Privacy Framework is designed to help organizations:

  • Identify, assess, manage, and communicate privacy risks
  • Develop innovative approaches to protect individuals’ privacy
  • Increase trust in products and services
  • Have a tool that would assist with enterprise privacy risk management

Process-oriented privacy principles (such as the Fair Information Practice Principles) are an important component of an overall privacy strategy, but on their own have not achieved consistent and measurable results in privacy protection. In the security field, risk management models, along with technical standards and best practices, are key components of improving security. The NIST Privacy Framework applies successful security methodology, with clearly stated objectives and measurable outcomes, to the protection of privacy.

The Privacy Framework incorporates standards, frameworks, models, methodologies, tools, guidelines, and principles utilized by organizations to identify, assess, manage, and communicate privacy risk at the management, operational, and technical levels. Compatible with existing legal and regulatory regimes, the healthcare industry will find the Framework useful in meeting the compliance requirements of the HIPAA Privacy Rule. Designed to integrate with the NIST Cybersecurity Framework, healthcare organizations may combine the Cybersecurity and Privacy Frameworks to incorporate compliance with HIPAA’s Security and Privacy Rules into the Enterprise Risk Management program.

Participants will be able to:

  • Recognize the primary sources for current privacy management practices
  • Discuss the relationship between privacy and security risks
  • Compare and contrast NIST’s Cybersecurity and Privacy Frameworks
  • Describe the structure and purpose of the NIST Privacy Framework
  • Understand how to use the NIST Privacy Framework in their organizations

Course Curriculum

  • 1


    • Presentation


IT Security Specialist, NIST

Nakia Grayson

Nakia supports the NIST Privacy Engineering Program with development of privacy risk management best practices, guidance and communications efforts. She also leads Supply Chain Assurance project efforts at the National Cybersecurity Center of Excellence and serves as the Contracting Officer Representative for NIST cybersecurity contracts. She earned her MBA and MS in Information Technology, Information Assurance and Business Administration from the University of Maryland University College.

Managing Principal & Founder, Cyber Tygr

Karen Greenhalgh

Karen has extensive experience managing HIPAA and NIST-CSF requirements within medical centers and is an ISC2 certified Healthcare Information Security & Privacy Practitioner (HCISPP). She has combined this knowledge with her successful entrepreneurial history to establish Cyber Tygr, a corporation focused on providing economical healthcare cybersecurity and privacy solutions.