SlideShare a Scribd company logo

ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively

PECB
PECB

In today's rapidly evolving digital landscape, the integration of artificial intelligence (AI) in business processes is becoming increasingly essential. Hence, it is crucial to stay informed and prepared. Amongst others, the webinar covers: • ISO/IEC 27005 and ISO/IEC 27001 and their key components • The standard’s alignment • Identifying AI risks and vulnerabilities • Implementing effective risk management strategies Presenters: Sabrina Feddal With more than 16 years of background in operational security, telco as engineer and project manager for major international companies. I have founded Probe I.T in 2016 to provide my customers (both national and international) with GRC services. Winner of the 2020 award, the CEFCYS – Main French Women in cybersecurity association - jury's favorite, she remains committed on a daily basis to maintaining diversity and gender diversity in her teams. Passionate about Law, History & Cybersecurity. She has several professional certifications acquired over the course of her career: Prince2, CISSP, Lead Implementer ISO27001, Risk Manager, University degree in Cybercrime and Digital Investigation. Her values: excellence, discretion, professionalism. Mike Boutwell Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects. Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director. Date: November 22, 2023 Tags: ISO, ISO/IEC 27001, ISO/IEC 27005, Cybersecurity, Information Security ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 ISO/IEC 27005 Information Security Risk Management - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/TtnY1vzHzns

1 of 18
Download to read offline
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
Agenda
▪ A.I Use Cases
▪ ISO/IEC ISO27001 and ISO27005
approach to manage risks
▪ Focus on A.I Threat Model
▪ ISO/IEC 27001 Relevant controls to
manage A.I Risks
▪ Q&A
Technology impacting a wide range of sectors of society
Artificial Intelligence – General use cases
Healthcare
and medecine
Finance
Automotive
and
transportation
Retail and e-
commerce
Manufacturing
and
Production
Education
Entertainment
and Media
Customer
Service
Agriculture Cybersecurity
Legal and Law
Enforcement
Space
Exploration
▪ Application Development
▪ Developers building AI applications
▪ Office automation / shadow it
▪ Employees using AI SaaS application to perform and/or help achieving their activities – document creation
and manipulation - shadow it, dataleakage, output prompt
▪ Cyber Weapons
▪ Attackers using AI capabilities to build cyberweapons – vulnerabilities detection and exploitation, deepfake
capability – side effects on school, blackmailing people, social engineering,
AI Use Cases
Day-to-day examples
▪ AI Based OCRs/ Document Readers
▪ Automating data extraction from scanned documents
▪ Manipulated inputs leading to incorrect data
▪ Lack of controls on extracted data, leading to a data breach
▪ AI-Powered Assistants (MS Copilot/ Chat GPT)
▪ Base workstation compromised
▪ Hierarchical access control problems, lack of adequacy in security controls in file systems
▪ No assurance the MS and others do what they claim
▪ AI in Cybersecurity Tools
▪ Generation of false positives – waste of resources or ignored real threats
AI Use Cases
Practical examples
Agenda
▪ A.I Use Cases
▪ ISO/IEC ISO27001 and ISO27005
approach to manage risks
▪ Focus on A.I Threat Model
▪ ISO/IEC 27001 Relevant controls to
manage A.I Risks
▪ Q&A

Recommended

Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 

More Related Content

What's hot

Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing IntroductionVivek Shelke
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber riskG Prachi
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
The need for security
The need for securityThe need for security
The need for securityDhani Ahmad
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesSaeed Al Dhaheri
 
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachThe Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachDeloitte United States
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 

What's hot (20)

Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
Policies to mitigate cyber risk
Policies to mitigate cyber riskPolicies to mitigate cyber risk
Policies to mitigate cyber risk
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
The need for security
The need for securityThe need for security
The need for security
 
Overcoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart citiesOvercoming the cybersecurity challenges of smart cities
Overcoming the cybersecurity challenges of smart cities
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approachThe Internet of Things (IoT) and cybersecurity: A secure-by-design approach
The Internet of Things (IoT) and cybersecurity: A secure-by-design approach
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptography
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 

Similar to ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively

ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxNapoleon NV
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxharigopala
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Ask the Exerts - AI Ethics, Principles and Governance.pdf
Ask the Exerts - AI Ethics, Principles and Governance.pdfAsk the Exerts - AI Ethics, Principles and Governance.pdf
Ask the Exerts - AI Ethics, Principles and Governance.pdfTechSoup
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deckddcomeau
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AINUS-ISS
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012Hakem Filiz
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 

Similar to ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively (20)

ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
 
ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptx
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptx
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Ask the Exerts - AI Ethics, Principles and Governance.pdf
Ask the Exerts - AI Ethics, Principles and Governance.pdfAsk the Exerts - AI Ethics, Principles and Governance.pdf
Ask the Exerts - AI Ethics, Principles and Governance.pdf
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Feb 26 NETP Slide Deck
Feb 26 NETP Slide DeckFeb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AI
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 

More from PECB

ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 

More from PECB (20)

ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 

Recently uploaded

spring_bee_bot_creations_erd primary.pdf
spring_bee_bot_creations_erd primary.pdfspring_bee_bot_creations_erd primary.pdf
spring_bee_bot_creations_erd primary.pdfKonstantina Koutsodimou
 
Mycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMargie Morgan
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
Organic Synthesis and Estimation of Functional Groups
Organic Synthesis and Estimation of Functional GroupsOrganic Synthesis and Estimation of Functional Groups
Organic Synthesis and Estimation of Functional GroupsDr.M.Geethavani
 
Digital Footprints to Career Pathways - Building a Strong Professional Online...
Digital Footprints to Career Pathways - Building a Strong Professional Online...Digital Footprints to Career Pathways - Building a Strong Professional Online...
Digital Footprints to Career Pathways - Building a Strong Professional Online...Sue Beckingham
 
Kartik Nair In Media Res Media Component
Kartik Nair In Media Res Media ComponentKartik Nair In Media Res Media Component
Kartik Nair In Media Res Media ComponentInMediaRes1
 
Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Association for Project Management
 
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...Katherine Villaluna
 
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdf
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdfA Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdf
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdfOH TEIK BIN
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxdeputymitchell2
 
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...SUMIT TIWARI
 
Healthy Habits for Happy School Staff - presentation
Healthy Habits for Happy School Staff - presentationHealthy Habits for Happy School Staff - presentation
Healthy Habits for Happy School Staff - presentationPooky Knightsmith
 
Andreas Schleicher_ Strengthening Upper Secondary Education in Lithuania
Andreas Schleicher_ Strengthening Upper Secondary  Education in LithuaniaAndreas Schleicher_ Strengthening Upper Secondary  Education in Lithuania
Andreas Schleicher_ Strengthening Upper Secondary Education in LithuaniaEduSkills OECD
 
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxBBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxProf. Kanchan Kumari
 
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...EduSkills OECD
 
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...SABC News
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.Florence Dayana
 
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?Can Brain Science Actually Help Make Your Training & Teaching "Stick"?
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?Aggregage
 
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdfAynouraHamidova
 
Brochure-Project-tryve-elementary-dept..docx
Brochure-Project-tryve-elementary-dept..docxBrochure-Project-tryve-elementary-dept..docx
Brochure-Project-tryve-elementary-dept..docxAnnaLizaTadeo1
 

Recently uploaded (20)

spring_bee_bot_creations_erd primary.pdf
spring_bee_bot_creations_erd primary.pdfspring_bee_bot_creations_erd primary.pdf
spring_bee_bot_creations_erd primary.pdf
 
Mycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with MorganMycology Update February 2024 Microbes with Morgan
Mycology Update February 2024 Microbes with Morgan
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
Organic Synthesis and Estimation of Functional Groups
Organic Synthesis and Estimation of Functional GroupsOrganic Synthesis and Estimation of Functional Groups
Organic Synthesis and Estimation of Functional Groups
 
Digital Footprints to Career Pathways - Building a Strong Professional Online...
Digital Footprints to Career Pathways - Building a Strong Professional Online...Digital Footprints to Career Pathways - Building a Strong Professional Online...
Digital Footprints to Career Pathways - Building a Strong Professional Online...
 
Kartik Nair In Media Res Media Component
Kartik Nair In Media Res Media ComponentKartik Nair In Media Res Media Component
Kartik Nair In Media Res Media Component
 
Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...Discussing the new Competence Framework for project managers in the built env...
Discussing the new Competence Framework for project managers in the built env...
 
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...
Practical Research 1, Lesson 5: DESIGNING A RESEARCH PROJECT RELATED TO DAILY...
 
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdf
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdfA Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdf
A Free eBook ~ Mental Exercise ...Puzzles to Analyze.pdf
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...
Bilingual notes of Pharmacognosy chapter 4Glycosides, Volatile oils,Tannins,R...
 
Healthy Habits for Happy School Staff - presentation
Healthy Habits for Happy School Staff - presentationHealthy Habits for Happy School Staff - presentation
Healthy Habits for Happy School Staff - presentation
 
Andreas Schleicher_ Strengthening Upper Secondary Education in Lithuania
Andreas Schleicher_ Strengthening Upper Secondary  Education in LithuaniaAndreas Schleicher_ Strengthening Upper Secondary  Education in Lithuania
Andreas Schleicher_ Strengthening Upper Secondary Education in Lithuania
 
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptxBBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
BBA 603 FUNDAMENTAL OF E- COMMERCE UNIT 1.pptx
 
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...
Managing Choice, Coherence and Specialisation in Upper Secondary Education - ...
 
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...
MEC MAJUBA SADDENED BY THE PASSING AWAY OF THREE TEACHERS FOLLOWING A CAR ACC...
 
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdfDr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
Dr.M.Florence Dayana-Cloud Computing-Unit - 1.pdf
 
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?Can Brain Science Actually Help Make Your Training & Teaching "Stick"?
Can Brain Science Actually Help Make Your Training & Teaching "Stick"?
 
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
11 CI SINIF SINAQLARI - 10-2023-Aynura-Hamidova.pdf
 
Brochure-Project-tryve-elementary-dept..docx
Brochure-Project-tryve-elementary-dept..docxBrochure-Project-tryve-elementary-dept..docx
Brochure-Project-tryve-elementary-dept..docx
 

ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively

  • 2. Agenda ▪ A.I Use Cases ▪ ISO/IEC ISO27001 and ISO27005 approach to manage risks ▪ Focus on A.I Threat Model ▪ ISO/IEC 27001 Relevant controls to manage A.I Risks ▪ Q&A
  • 3. Technology impacting a wide range of sectors of society Artificial Intelligence – General use cases Healthcare and medecine Finance Automotive and transportation Retail and e- commerce Manufacturing and Production Education Entertainment and Media Customer Service Agriculture Cybersecurity Legal and Law Enforcement Space Exploration
  • 4. ▪ Application Development ▪ Developers building AI applications ▪ Office automation / shadow it ▪ Employees using AI SaaS application to perform and/or help achieving their activities – document creation and manipulation - shadow it, dataleakage, output prompt ▪ Cyber Weapons ▪ Attackers using AI capabilities to build cyberweapons – vulnerabilities detection and exploitation, deepfake capability – side effects on school, blackmailing people, social engineering, AI Use Cases Day-to-day examples
  • 5. ▪ AI Based OCRs/ Document Readers ▪ Automating data extraction from scanned documents ▪ Manipulated inputs leading to incorrect data ▪ Lack of controls on extracted data, leading to a data breach ▪ AI-Powered Assistants (MS Copilot/ Chat GPT) ▪ Base workstation compromised ▪ Hierarchical access control problems, lack of adequacy in security controls in file systems ▪ No assurance the MS and others do what they claim ▪ AI in Cybersecurity Tools ▪ Generation of false positives – waste of resources or ignored real threats AI Use Cases Practical examples
  • 6. Agenda ▪ A.I Use Cases ▪ ISO/IEC ISO27001 and ISO27005 approach to manage risks ▪ Focus on A.I Threat Model ▪ ISO/IEC 27001 Relevant controls to manage A.I Risks ▪ Q&A
  • 7. Key Benefits to manage A.I Risks ISO/IEC 27001 ▪ Enhance Data Security ▪ Improve Compliance and legal Assurance ▪ Systematic Risk Assessment and Tailored risk mitigation ▪ Stakeholders confidence ▪ Business Continuity and Resilience ▪ Continuously monitor and improve
  • 8. Key Benefits to manage A.I Risks ISO/IEC 27005 ▪ Proactive Approach for Emerging Risks ▪ Systematic and Comprehensive Risk Assessment ▪ Alignment with best practices and standards ▪ Enhance Stakeholder confidence ▪ Improved Decision-Making and Governance
  • 9. Agenda ▪ A.I Use Cases ▪ ISO/IEC ISO27001 and ISO27005 approach to manage risks ▪ Focus on A.I Threat Model ▪ ISO/IEC 27001 Relevant controls to manage A.I Risks ▪ Q&A
  • 10. Threat Modeling is Increasingly Important ▪ Use of a risk assessment and treatment (ISO 27005, Clause 6.1 & 6.8) ▪ Use cases are fundamentally important ▪ Foundational security controls more important than ever
  • 11. Example of threat model A.I Threat model Threats using A.I Threats to A.I Threats from A.I Legal and regulatory threats ▪ Data poisoining and model manipulation ▪ Adversarial attacks ▪ AI-Powered Cyber Attacks ▪ Exploitation of AI System Vulnerabilities ▪ Privacy Violations ▪ AI Model Theft ▪ Lack of transparency and explainability ▪ Dependency and Overreliance • * OWASP Top 10 for Large Language Model Applications • * OWASP Machine Learning Security Top Ten
  • 12. Examples Threats Model Threats using A.I models • LLMO1 : Prompt Injection • LLM02 : Insecure Output Handing • LLM03: Trained Data Poisoning • LLMO05 : Supply chain attack • LLM06: Sensitive information disclosure • LLM07: Insecure Plugin Design • LLM08 : Excessive Agency • LLM09 : Overreliance • Indirect prompt injection • Fake Ressources • Copyright infrangement Threats To A.I models • LLM04 : Denial of Service • LLM10 : Model Theft • ML03 : Model inversion attack • ML07: Transfer learning attack • ML08 : Model Stewing Attack • ML10: Model Poisoning • Inadequate A.I alignment • Improper error handling • Robust multi-prompt and multi- models attacks • Traditional attacks Threats From A.I Models • Misidentification (wrongful arrest) • False Information • Misinformation influence elections • Private information used in training • Deepfake • Attack Acceleration • Hallucination squatting • Artificial consciousness • Honey or Poisoned Characters Legal and regulatory threats • Failure to meet regulatory compliance : • EU AI Act • GDPR • Canada GenAI Guardtrails • China GEnAI Measures • Peru Law six core principles • Spain AESIA • South Korea Digital bill of Rights • US State Law Privacy (10) • US State law Biometrics (3) • US law against AI Profiling (8) • US Federal – DOJ, CFPD, FTC, EEOC • Legal : Privacy, legal obligations • * OWASP Top 10 for Large Language Model Applications • * OWASP Machine Learning Security Top Ten
  • 13. Key points Mitigation strategies ▪ Secure AI Development ▪ Favor always trusted vendors – example Microsoft for their OpenIA. ▪ Regular Auditing ▪ Data Protection ▪ Human Oversight ▪ Transparency and Explainability ▪ Awareness ▪ Business Continuity Plan and Crisis management ▪ Policies, roles and responsibilities
  • 14. Agenda ▪ A.I Use Cases ▪ ISO/IEC ISO27001 and ISO27005 approach to manage risks ▪ Focus on A.I Threat Model ▪ ISO/IEC 27001 Relevant controls to manage A.I Risks ▪ Q&A
  • 15. AI Use Cases – AI Development Potential Applicable Remediation – ISO27002:2022 Improvement ISO27002:2022 controls Data Management 5 Information Security Policies (Organizational) 7 Information Security in Project Management (Organizational) Secure Development lifecycle 8 Information Security in Relationship Management (Organizational) 18 System Acquisition, Development and Maintenance (Technological). Bias and Fairness checks 7 Information Security in Project Management (Organizational) 18 System Acquisition, Development and Maintenance (Technological) Explainability and Transparency 5 Information Security Policies (Organizational) 18 System Acquisition, Development and Maintenance (Technological) Testing and Validation 18 System Acquisition, Development and Maintenance (Technological) 19 Information Security Event and Weakness Management (Organizational) Ethical AI Practical 5 Information Security Policies (Organizational) 6 Organization of Information Security (Organizational) Incident Response and Monitoring 19 Information Security Event and Weakness Management (Organizational) 20 Information Security Continuity (Organizational) On going Monitoring and maintenance 18 System Acquisition, Development and Maintenance (Technological) 19 Information Security Event and Weakness Management (Organizational) Regulatory and Compliance 5 Information Security Policies (Organizational) 6 Organization of Information Security (Organizational) User training and awareness 9 Human Resource Security (People) 17 Awareness, Training and Education (People)
  • 16. ISO/IEC 27001 Strategies for AI Risk Management ▪ AI Based OCRs/Document Readers ▪ Information Security Policies (Clause 5.2): Develop policies specifically for the management of OCR data to maintain data integrity. ▪ Organizational Controls (Clauses 5.3 & 7.3): Define roles and responsibilities clearly to prevent unauthorized data access or leaks. ▪ AI-Powered Assistants (Chat GPT/MS Copilot) ▪ Human Resource Security (Clause 7.2): Ensure secure management of personnel who have access to AI assistants to mitigate insider threats. ▪ Technical Controls (Clause 8.1): Implement secure development practices for AI assistant software to address potential exploitation. ▪ AI In Cybersecurity Tools ▪ Operational Security (Clause 8.2): Apply strict controls on the operation of AI tools to manage the generation and handling of false positives. ▪ Compliance (Clause 8.3): Regularly review compliance with legal and technical requirements to prevent ignored real threats.
  • 17. Agenda ▪ A.I Use Cases ▪ ISO/IEC ISO27001 and ISO27005 approach to manage risks ▪ Focus on A.I Threat Model ▪ ISO/IEC 27001 Relevant controls to manage A.I Risks ▪ Q&A