SlideShare a Scribd company logo

Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?

Download as PPTX, PDF
PECB
PECB

Generative AI offers great opportunities for innovation in various industries. Hence, by adopting ISO/IEC 27032, you can enhance your cybersecurity resilience and efficiently address the risks associated with generative AI. Amongst others, the webinar covers: • AI & Privacy • Generative AI, Models & Cybersecurity • AI & ISO/IEC 27032 Presenters: Christian Grafenauer Anonymization expert, privacy engineer, data protection officer, LegalTech researcher (GDPR, Blockchain, AI) Christian Grafenauer is an accomplished privacy engineer, anonymization expert, and computer science specialist, currently serving as the project lead for anonymity assessments at techgdpr. With an extensive background as a senior architect in Blockchain for IBM and years of research in the field since 2013, Christian co-founded privacy by Blockchain design to explore the potential of Blockchain technology in revolutionizing privacy and internet infrastructure. As a dedicated advocate for integrating legal and computer science disciplines, Christian’s expertise in anonymization and GDPR compliance enables innovative AI applications, ensuring a seamless fusion of technology and governance, particularly in the realm of smart contracts. In his role at techgdpr, he supports technical compliance, Blockchain, and AI initiatives, along with anonymity assessments. Christian also represents consumer interests as a member of the national Blockchain and DTL standardization committee at din (German standardization institute) in ISO/TC 307. Akin Johnson Akin J. Johnson is a renowned Cybersecurity Expert, known for his expertise in protecting digital systems from potential threats. With over a decade of experience in the field, Akin has developed a deep understanding of the ever-evolving cyber landscape. Akin is an advocate for cybersecurity awareness and frequently shares his knowledge through speaking engagements, workshops, and publications. He firmly believes in the importance of educating individuals and organizations on the best practices for safeguarding their digital assets. Lucas Falivene Lucas is a highly experienced cybersecurity professional with a solid base in business, information systems, information security, and cybersecurity policy-making. A former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards. Date: July 26, 2023 YouTube Link: https://youtu.be/QPDcROniUcc

Education
1 of 52
Agenda ▪ AI & Privacy ▪ Generative AI, Models & Cybersecurity ▪ AI & ISO/IEC 27032
PECB Next events 1. Don’t forget to purchase your ticket regarding PECB’s conference: https://bit.ly/3Sq4nTO ▪ 4-5 October – In-person 2. Don’t miss out on the launching of the Chief Information Security Officer and NIS Directive 2.0 Training Courses, which will be held online, as well as in-person at the PECB Insights Conference 2023, in Paris, France! ▪ 18-19 September – Online ▪ 2-3 October – In-person Purchase your ticket here: https://bit.ly/3JouNDd
Presenting our speakers Lucas is a former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards. He also represents Malta and Argentina as an expert in ISO's Information Security, Cybersecurity, and Privacy Protection subcommittee (ISO/IEC JTC 1/SC 27) and as the Secretary of Argentina's ISO mirror subcommittee. linkedin.com/in/christian-grafenauer
Privacy from A Consumer Perspective
Privacy from A Consumer Perspective
The connection between Law and Standards
Such high-risk AI systems would have to comply with a range of requirements particularly on risk management, testing, technical robustness, data training and data governance, transparency, human oversight, and (Articles 8 to 15). In this regard, providers, importers, distributors and users of high-risk AI systems would have to fulfil a range of obligations. Providers from outside the EU will require an authorized representative in the EU to (inter alia), ensure the conformity assessment, establish a post-market monitoring system and take corrective action as needed. AI systems that conform to the new harmonised EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
AI systems that conform to the new harmonized EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
AI systems that conform to the new harmonised EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems AI Act Standards for AI Compliance Rules
Such high-risk AI systems would have to comply with a range of requirements particularly on risk management, testing, technical robustness, data training and data governance, transparency, human oversight, and cybersecurity (Articles 8 to 15). In this regard, providers, importers, distributors and users of high-risk AI systems would have to fulfil a range of obligations. Providers from outside the EU will require an authorized representative in the EU to (inter alia), ensure the conformity assessment, establish a post-market monitoring system and take corrective action as needed. AI systems that conform to the new harmonized EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
Anonymization and AI Research AI Act
Anonymization and AI AI Act Anonymization is a great PET to protect the rights and freedoms of your users. In the high risk category such assessments are mandatory.
Thank you linkedin.com/in/christian-grafenauer For future cooperation, please get in touch!
Generative A.I ● What it is ● Models & Uses ● What could go wrong ● Risk and Treatments ● Recommendations
Generative AI is a type of artificial intelligence that can produce content such as audio, text, code, video, images, and other data. Generative AI is a type of machine learning, which, at its core, works by training software models to make predictions based on data without the need for explicit programming. Generative AI: what is it?
Artificial intelligence has a surprisingly long history, with the concept of thinking machines traceable back to ancient Greece. Modern AI really kicked off in the 1950s, however, with Alan Turing’s research on machine thinking and his creation of the eponymous Turing test. The first neural networks (a key piece of technology underlying generative AI) that were capable of being trained were invented in 1957 by Frank Rosenblatt, a psychologist at Cornell University. Further development of neural networks led to their widespread use in AI throughout the 1980s and beyond. In 2014, a type of algorithm called a generative adversarial network (GAN) was created, enabling generative AI applications like images, video, and audio. Generative AI: A brief History
• Generative adversarial networks (GANs): best for image duplication and synthetic data generation. • Transformer-based models: best for text generation and content/code completion. Common subsets of transformer-based models include generative pre-trained transformer (GPT) and bidirectional encoder representations from transformers (BERT) models. • Diffusion models: best for image generation and video/image synthesis. • Variational autoencoders (VAEs): best for image, audio, and video content creation, especially when synthetic data needs to be photorealistic; designed with an encoder-decoder infrastructure. • Unimodal models: models that are set up to accept only one data input format; most generative AI models today are unimodal models. Generative AI: Types/Models
• Multimodal models: designed to accept multiple types of inputs and prompts when generating outputs; for example, GPT-4 can accept both text and images as inputs. • Large language models: the most popular and well-known type of generative AI model right now, large language models (LLMs) are designed to generate and complete written content at scale. • Neural radiance fields (NeRFs): emerging neural network technology that can be used to generate 3D imagery based on 2D image inputs. New tools bring extended capabilities, but they also introduce new vulnerabilities. Generative AI: Types
The rise of generative AI have led to a variety of security concerns. According to research by Grammarly and Forrester, most companies still don’t have a clear strategy to deploy generative AI within their organizations at scale. According to the report, generative AI is a critical or important priority for 89% of respondents’ companies, and by 2025, nearly all (97%) will be using the technology to support communication with hurdles like security concerns (32%), lack of a cohesive AI strategy (30%) and lack of internal policies to govern generative AI (27%) prevent adoption. This is one of the reasons to implement ISO 27032 CyberSecurity Standards in the day to day activities of Addressing Internet Security issues / common threats Cyber issues with Generative AI: Industry Readiness
Generative AI technology can be applied in many sectors where human creativity would has been a requirement. There has been series of progressive development in the following industries. Generative AI:examples of uses Images Videos Text Audio Code Generation Data Augmentati on Other Use Cases
• Privacy and security: • Undetected bias • Model Malfunction • Copyrights and Intellectual Property • Hallucination - Data Inaccuracy Cyber issues with Generative AI: what could go wrong?
Cyber issues with Generative AI: what could go wrong? A lot can go wrong here if the proper data protection measures aren’t taken. A company would need to have the right security infrastructure in place. There can be machine malfunction in training and building Generative AI in post production if there is no close monitoring and maintenance architecture in place.
Cyber issues with Generative AI: what could go wrong? Who owns a Generated Content? Who owns the output of a generative AI model—if the output can be owned at all—might be set out by the terms of use for the AI tool (which may be available on the website associated with the tool), or by an implied license if there are no terms. Generative AI won't state that it is unable to provide a correct answer Whenever it generate ANY answer that appears to be correct, this is known as a “hallucination”. It is often unknown where the data used to train generative AI has come from from various sources, such as databases, APIs, social media, websites, etc.
This Ethical standards are not in any order of priority but are the base guidelines for implementing A.I. tools without endangering the CyberSpace. Cyber issues with Generative AI: Ethical Standards and Principles Reliability Fairness Transparency Responsibility Accountability
Cyber issues with Generative AI: Development Architechture
Generative AI: main cyber risks • Data Poisoning • Misinformation • Deep Fakes • Hoax News • Reconnaissance at Scale • Prompt Injection • A.I. Malwares - WormGPT
Generative AI is often patched together by a network of very different creators which makes it hard to achieve the levels of accountability, reliability, and security needed for ethical AI. To become truly secure, we need a unified approach such as the ISO 27032:2023 to secure the entire lifespan of the AI system. Security measures need to be implemented in every step of the development cycle to ensure that sensitive data is accurate, stored and used securely. These measures include data encryption, locating system vulnerabilities and defending against malicious attacks and breach(s). Cyber issues with Generative AI: Recommendation
Cyber issues with Generative AI: Recommendation based on ISO/IEC 27032
Thank you PECB Authorized Partner
AI & ISO
Cybersecurity — Guidelines for Internet Security Focus on (1) Addressing Internet Security issues / common threats (2) Preservation of CIA & other properties Provides (1) Controls to mitigate internet security risks (2) Guidance for Internet Security governance Combines several international standards ISO/IEC 27032
What is Internet Security? Cybersecurity Safeguarding of people, society, organizations and nations from cyber risks Internet security Preservation of CIA of information over the Internet Network security (1) Design, implementation, operation and improvement of networks (2) Identification and treatment of network- related security risks
Interested parties Users Coordinator and standardization organisations Government authorities Law enforcement agencies Internet service providers
Internet security risk assessment & treatment Threats Vulnerabilities Attack vectors Threat scenarios
Audience Objectives Scope Type of frameworks ISO/IEC 27032 vs ISO/IEC 27001
• Less focus on cyberspace security • Less focus on collaboration • Scope reduction • Interested parties enhancement • Improved recommended controls section ISO/IEC 27032:2023 vs ISO/IEC 27032:2012
Title - 2012 version Information technology — Security techniques — Guidelines for cybersecurity - 2023 version Cybersecurity — Guidelines for Internet Security ISO/IEC 27032:2023 version 2023 vs version 2012
Definition of cybersecurity - 2012 version Preservation of confidentiality, integrity and availability of information in the Cyberspace - 2023 version Safeguarding of people, society, organizations and nations from cyber risks Managing Information Security risks when information is in DIGITAL form in computers, storage, and networks ISO/IEC 27032:2023 version 2023 vs version 2012
ISO/IEC 27032:2023 version 2023 vs version 2012 This document provides: — An explanation of the relationship between Internet security, web security, network security and cybersecurity, — An overview of Internet security, — Identification of interested parties and a description of their roles in Internet security, — High level guidance for addressing common Internet security issues. This document does not specifically address controls that organizations can require for systems supporting critical infrastructure or national security. 2012 VERSION 2023 VERSION SCOP E This International Standard provides guidance for improving the state of Cybersecurity, drawing out the unique aspon other security domains, in particular: — Information security, — Network security, — Internet security, and — Critical information infrastructure protection (CIIP)
ISO/IEC 27032:2023 version 2023 vs version 2012 2012 version 2023 version
ISO/IEC 27032:2023 version 2023 vs version 2012 Denominated as interested parties: — Users — Government authorities — Internet service providers — Coordinator and standardization organisations — Law enforcement agencies. 2012 VERSION 2023 VERSION INTERESTE D PARTIES Denominated as stakeholders: — Consumers — Providers
ISO/IEC 27032:2023 version 2023 vs version 2012 17 controls: — Preventive — Detective — Recover — Respond 2012 VERSION 2023 VERSION CONTROL S 6 controls: — Application level controls — Server protection — End-user controls — Controls against social engineering attacks — Cybersecurity Readiness — Other controls
GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training
GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify
GenAI: How can ISO ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify Tehnical Protect / Identify
GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify Tehnical Protect / Identify Detect / Respond / Recover
GenAI: How can ISO/IEC 27032 help? To get the most from this groundbreaking technology, we need to manage its extended landscape of risks while considering the organization / ecosystem as a whole Take an (1) Overarching approach (2) Interdisciplinary approach (3) Collaborative approach will all interested parties Combine (1) Several frameworks (2) Best practices Consider (1) Your individual and organisational requirements / views (2) Stakeholders requirements / views (3) Ecosystem requirements / views
PwC’s Responsible AI framework
EU AI Act (draft) Unacceptable Risk (Art. 5) High Risk (Art. 6) Minimal or No Risk Limited Risk (Art. 52) Prohibited within the EU Permitted subject to (1) conformity assessment (2) market monitoring Permitted Subject to transparency disclosures Permitted No restrictions
Thank you lucas.falivene.org Any doubts / questions?
THANK YOU Q&A grafenauer@protectivecircle.com akinjjohnson@i4globalservices.com lucas@falivene.org https://www.linkedin.com/in/christian-grafenauer/ https://www.linkedin.com/in/akin-j-johnson/ https://www.linkedin.com/in/lucasfalivene/

Recommended

Generative AI and law.pptx
Generative AI and law.pptxGenerative AI and law.pptx
Generative AI and law.pptxChris Marsden
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Generative AI Risks & Concerns
Generative AI Risks & ConcernsGenerative AI Risks & Concerns
Generative AI Risks & ConcernsAjitesh Kumar
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsKrishnaram Kenthapadi
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Generative AI.pptx
Generative AI.pptxGenerative AI.pptx
Generative AI.pptxRohitRadhakrishnan8
 

Recommended

Generative AI and law.pptx
Generative AI and law.pptxGenerative AI and law.pptx
Generative AI and law.pptxChris Marsden
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Generative AI Risks & Concerns
Generative AI Risks & ConcernsGenerative AI Risks & Concerns
Generative AI Risks & ConcernsAjitesh Kumar
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsKrishnaram Kenthapadi
 
HOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYHOW AI CAN HELP IN CYBERSECURITY
HOW AI CAN HELP IN CYBERSECURITYPriyanshu Ratnakar
 
Generative AI.pptx
Generative AI.pptxGenerative AI.pptx
Generative AI.pptxRohitRadhakrishnan8
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
Responsible Generative AI
Responsible Generative AIResponsible Generative AI
Responsible Generative AICMassociates
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityAvantika University
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AIBrussels Legal Hackers
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
ChatGPT in Cybersecurity
ChatGPT in CybersecurityChatGPT in Cybersecurity
ChatGPT in CybersecuritySimplilearn
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Responsible AI
Responsible AIResponsible AI
Responsible AINeo4j
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxMdMofijulHaque
 
Generative AI
Generative AIGenerative AI
Generative AIlutzsuarnaba1
 
ChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptxChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptxJesus Rodriguez
 
Responsible AI
Responsible AIResponsible AI
Responsible AIAnand Rao
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AIDataScienceConferenc1
 

More Related Content

What's hot

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
Responsible Generative AI
Responsible Generative AIResponsible Generative AI
Responsible Generative AICMassociates
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityAvantika University
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AIBrussels Legal Hackers
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
ChatGPT in Cybersecurity
ChatGPT in CybersecurityChatGPT in Cybersecurity
ChatGPT in CybersecuritySimplilearn
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Responsible AI
Responsible AIResponsible AI
Responsible AINeo4j
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxMdMofijulHaque
 
ChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptxChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptxJesus Rodriguez
 
Responsible AI
Responsible AIResponsible AI
Responsible AIAnand Rao
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 

What's hot (20)

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
Responsible Generative AI
Responsible Generative AIResponsible Generative AI
Responsible Generative AI
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
ChatGPT in Cybersecurity
ChatGPT in CybersecurityChatGPT in Cybersecurity
ChatGPT in Cybersecurity
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Responsible AI
Responsible AIResponsible AI
Responsible AI
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptx
 
Generative AI
Generative AIGenerative AI
Generative AI
 
ChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptxChatGPT, Foundation Models and Web3.pptx
ChatGPT, Foundation Models and Web3.pptx
 
Responsible AI
Responsible AIResponsible AI
Responsible AI
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in Cybersecurity
 

Similar to Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?

Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AIDataScienceConferenc1
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTrupti Shiralkar, CISSP
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Global Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way ForwardGlobal Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way ForwardLilian Edwards
 
How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?Lilian Edwards
 
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxTop 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxinfosec train
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdfseotechinator
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurityArjitDas2
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Black Duck by Synopsys
 
Role of artificial intelligence in cyber security | The Cyber Security Review
Role of artificial intelligence in cyber security | The Cyber Security ReviewRole of artificial intelligence in cyber security | The Cyber Security Review
Role of artificial intelligence in cyber security | The Cyber Security ReviewFreelancing
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityTasnim Alasali
 
Issues on Artificial Intelligence and Future (Standards Perspective)
Issues on Artificial Intelligence and Future (Standards Perspective)Issues on Artificial Intelligence and Future (Standards Perspective)
Issues on Artificial Intelligence and Future (Standards Perspective)Seungyun Lee
 
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...Alex G. Lee, Ph.D. Esq. CLP
 
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxArtificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxkellysmith617941
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?FERMA
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaEthical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaRinshad Choorappara
 
IRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET Journal
 

Similar to Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help? (20)

Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AI
 
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdfTru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
Tru_Shiralkar_Gen AI Sec_ ISACA 2024.pdf
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Global Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way ForwardGlobal Governance of Generative AI: The Right Way Forward
Global Governance of Generative AI: The Right Way Forward
 
How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?How to regulate foundation models: can we do better than the EU AI Act?
How to regulate foundation models: can we do better than the EU AI Act?
 
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptxTop 5 EC-Council Certifications That You Should Look Into in 2022.pptx
Top 5 EC-Council Certifications That You Should Look Into in 2022.pptx
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdftechinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
techinator-net-how-ai-use-in-cybersecurity-future-of-hacking-.pdf
 
How AI used in cybersecurity
How AI used in cybersecurityHow AI used in cybersecurity
How AI used in cybersecurity
 
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
Open Source Insight: AI for Open Source Management, IoT Time Bombs, Ready for...
 
Role of artificial intelligence in cyber security | The Cyber Security Review
Role of artificial intelligence in cyber security | The Cyber Security ReviewRole of artificial intelligence in cyber security | The Cyber Security Review
Role of artificial intelligence in cyber security | The Cyber Security Review
 
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurityAI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
AI Cybersecurity: Pros & Cons. AI is reshaping cybersecurity
 
Issues on Artificial Intelligence and Future (Standards Perspective)
Issues on Artificial Intelligence and Future (Standards Perspective)Issues on Artificial Intelligence and Future (Standards Perspective)
Issues on Artificial Intelligence and Future (Standards Perspective)
 
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...
AI, Blockchain, IoT Convergence Use Case System Implementation Insights from ...
 
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptxArtificial Intelligence in Cyber Security Research Paper Writing.pptx
Artificial Intelligence in Cyber Security Research Paper Writing.pptx
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad ChoorapparaEthical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
Ethical Dimensions of Artificial Intelligence (AI) by Rinshad Choorappara
 
IRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber DefenceIRJET- Use of Artificial Intelligence in Cyber Defence
IRJET- Use of Artificial Intelligence in Cyber Defence
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?

  • 1.
  • 2. Agenda ▪ AI & Privacy ▪ Generative AI, Models & Cybersecurity ▪ AI & ISO/IEC 27032
  • 3. PECB Next events 1. Don’t forget to purchase your ticket regarding PECB’s conference: https://bit.ly/3Sq4nTO ▪ 4-5 October – In-person 2. Don’t miss out on the launching of the Chief Information Security Officer and NIS Directive 2.0 Training Courses, which will be held online, as well as in-person at the PECB Insights Conference 2023, in Paris, France! ▪ 18-19 September – Online ▪ 2-3 October – In-person Purchase your ticket here: https://bit.ly/3JouNDd
  • 4. Presenting our speakers Lucas is a former Fulbright scholar with a Master of Science degree in Information Security Policy and Management at Carnegie Mellon University (Highest distinction) and a Master's degree in Information Security at the University of Buenos Aires (Class rank 1st). Lucas has participated in several trainings conducted by the FBI, INTERPOL, OAS, and SEI/CERT as well as in the development of 4 cyber ISO national standards. He also represents Malta and Argentina as an expert in ISO's Information Security, Cybersecurity, and Privacy Protection subcommittee (ISO/IEC JTC 1/SC 27) and as the Secretary of Argentina's ISO mirror subcommittee. linkedin.com/in/christian-grafenauer
  • 5. Privacy from A Consumer Perspective
  • 6. Privacy from A Consumer Perspective
  • 7. The connection between Law and Standards
  • 8. Such high-risk AI systems would have to comply with a range of requirements particularly on risk management, testing, technical robustness, data training and data governance, transparency, human oversight, and (Articles 8 to 15). In this regard, providers, importers, distributors and users of high-risk AI systems would have to fulfil a range of obligations. Providers from outside the EU will require an authorized representative in the EU to (inter alia), ensure the conformity assessment, establish a post-market monitoring system and take corrective action as needed. AI systems that conform to the new harmonised EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
  • 9. AI systems that conform to the new harmonized EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
  • 10. AI systems that conform to the new harmonised EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems AI Act Standards for AI Compliance Rules
  • 11. Such high-risk AI systems would have to comply with a range of requirements particularly on risk management, testing, technical robustness, data training and data governance, transparency, human oversight, and cybersecurity (Articles 8 to 15). In this regard, providers, importers, distributors and users of high-risk AI systems would have to fulfil a range of obligations. Providers from outside the EU will require an authorized representative in the EU to (inter alia), ensure the conformity assessment, establish a post-market monitoring system and take corrective action as needed. AI systems that conform to the new harmonized EU standards, currently under development, would benefit from a presumption of conformity with the draft AI act requirements. AI Act Quote High risk: Regulated high-risk AI systems
  • 13. Anonymization and AI AI Act Anonymization is a great PET to protect the rights and freedoms of your users. In the high risk category such assessments are mandatory.
  • 15. Generative A.I ● What it is ● Models & Uses ● What could go wrong ● Risk and Treatments ● Recommendations
  • 16. Generative AI is a type of artificial intelligence that can produce content such as audio, text, code, video, images, and other data. Generative AI is a type of machine learning, which, at its core, works by training software models to make predictions based on data without the need for explicit programming. Generative AI: what is it?
  • 17. Artificial intelligence has a surprisingly long history, with the concept of thinking machines traceable back to ancient Greece. Modern AI really kicked off in the 1950s, however, with Alan Turing’s research on machine thinking and his creation of the eponymous Turing test. The first neural networks (a key piece of technology underlying generative AI) that were capable of being trained were invented in 1957 by Frank Rosenblatt, a psychologist at Cornell University. Further development of neural networks led to their widespread use in AI throughout the 1980s and beyond. In 2014, a type of algorithm called a generative adversarial network (GAN) was created, enabling generative AI applications like images, video, and audio. Generative AI: A brief History
  • 18. • Generative adversarial networks (GANs): best for image duplication and synthetic data generation. • Transformer-based models: best for text generation and content/code completion. Common subsets of transformer-based models include generative pre-trained transformer (GPT) and bidirectional encoder representations from transformers (BERT) models. • Diffusion models: best for image generation and video/image synthesis. • Variational autoencoders (VAEs): best for image, audio, and video content creation, especially when synthetic data needs to be photorealistic; designed with an encoder-decoder infrastructure. • Unimodal models: models that are set up to accept only one data input format; most generative AI models today are unimodal models. Generative AI: Types/Models
  • 19. • Multimodal models: designed to accept multiple types of inputs and prompts when generating outputs; for example, GPT-4 can accept both text and images as inputs. • Large language models: the most popular and well-known type of generative AI model right now, large language models (LLMs) are designed to generate and complete written content at scale. • Neural radiance fields (NeRFs): emerging neural network technology that can be used to generate 3D imagery based on 2D image inputs. New tools bring extended capabilities, but they also introduce new vulnerabilities. Generative AI: Types
  • 20. The rise of generative AI have led to a variety of security concerns. According to research by Grammarly and Forrester, most companies still don’t have a clear strategy to deploy generative AI within their organizations at scale. According to the report, generative AI is a critical or important priority for 89% of respondents’ companies, and by 2025, nearly all (97%) will be using the technology to support communication with hurdles like security concerns (32%), lack of a cohesive AI strategy (30%) and lack of internal policies to govern generative AI (27%) prevent adoption. This is one of the reasons to implement ISO 27032 CyberSecurity Standards in the day to day activities of Addressing Internet Security issues / common threats Cyber issues with Generative AI: Industry Readiness
  • 21. Generative AI technology can be applied in many sectors where human creativity would has been a requirement. There has been series of progressive development in the following industries. Generative AI:examples of uses Images Videos Text Audio Code Generation Data Augmentati on Other Use Cases
  • 22. • Privacy and security: • Undetected bias • Model Malfunction • Copyrights and Intellectual Property • Hallucination - Data Inaccuracy Cyber issues with Generative AI: what could go wrong?
  • 23. Cyber issues with Generative AI: what could go wrong? A lot can go wrong here if the proper data protection measures aren’t taken. A company would need to have the right security infrastructure in place. There can be machine malfunction in training and building Generative AI in post production if there is no close monitoring and maintenance architecture in place.
  • 24. Cyber issues with Generative AI: what could go wrong? Who owns a Generated Content? Who owns the output of a generative AI model—if the output can be owned at all—might be set out by the terms of use for the AI tool (which may be available on the website associated with the tool), or by an implied license if there are no terms. Generative AI won't state that it is unable to provide a correct answer Whenever it generate ANY answer that appears to be correct, this is known as a “hallucination”. It is often unknown where the data used to train generative AI has come from from various sources, such as databases, APIs, social media, websites, etc.
  • 25. This Ethical standards are not in any order of priority but are the base guidelines for implementing A.I. tools without endangering the CyberSpace. Cyber issues with Generative AI: Ethical Standards and Principles Reliability Fairness Transparency Responsibility Accountability
  • 26. Cyber issues with Generative AI: Development Architechture
  • 27. Generative AI: main cyber risks • Data Poisoning • Misinformation • Deep Fakes • Hoax News • Reconnaissance at Scale • Prompt Injection • A.I. Malwares - WormGPT
  • 28. Generative AI is often patched together by a network of very different creators which makes it hard to achieve the levels of accountability, reliability, and security needed for ethical AI. To become truly secure, we need a unified approach such as the ISO 27032:2023 to secure the entire lifespan of the AI system. Security measures need to be implemented in every step of the development cycle to ensure that sensitive data is accurate, stored and used securely. These measures include data encryption, locating system vulnerabilities and defending against malicious attacks and breach(s). Cyber issues with Generative AI: Recommendation
  • 29. Cyber issues with Generative AI: Recommendation based on ISO/IEC 27032
  • 32. Cybersecurity — Guidelines for Internet Security Focus on (1) Addressing Internet Security issues / common threats (2) Preservation of CIA & other properties Provides (1) Controls to mitigate internet security risks (2) Guidance for Internet Security governance Combines several international standards ISO/IEC 27032
  • 33. What is Internet Security? Cybersecurity Safeguarding of people, society, organizations and nations from cyber risks Internet security Preservation of CIA of information over the Internet Network security (1) Design, implementation, operation and improvement of networks (2) Identification and treatment of network- related security risks
  • 34. Interested parties Users Coordinator and standardization organisations Government authorities Law enforcement agencies Internet service providers
  • 35. Internet security risk assessment & treatment Threats Vulnerabilities Attack vectors Threat scenarios
  • 37. • Less focus on cyberspace security • Less focus on collaboration • Scope reduction • Interested parties enhancement • Improved recommended controls section ISO/IEC 27032:2023 vs ISO/IEC 27032:2012
  • 38. Title - 2012 version Information technology — Security techniques — Guidelines for cybersecurity - 2023 version Cybersecurity — Guidelines for Internet Security ISO/IEC 27032:2023 version 2023 vs version 2012
  • 39. Definition of cybersecurity - 2012 version Preservation of confidentiality, integrity and availability of information in the Cyberspace - 2023 version Safeguarding of people, society, organizations and nations from cyber risks Managing Information Security risks when information is in DIGITAL form in computers, storage, and networks ISO/IEC 27032:2023 version 2023 vs version 2012
  • 40. ISO/IEC 27032:2023 version 2023 vs version 2012 This document provides: — An explanation of the relationship between Internet security, web security, network security and cybersecurity, — An overview of Internet security, — Identification of interested parties and a description of their roles in Internet security, — High level guidance for addressing common Internet security issues. This document does not specifically address controls that organizations can require for systems supporting critical infrastructure or national security. 2012 VERSION 2023 VERSION SCOP E This International Standard provides guidance for improving the state of Cybersecurity, drawing out the unique aspon other security domains, in particular: — Information security, — Network security, — Internet security, and — Critical information infrastructure protection (CIIP)
  • 41. ISO/IEC 27032:2023 version 2023 vs version 2012 2012 version 2023 version
  • 42. ISO/IEC 27032:2023 version 2023 vs version 2012 Denominated as interested parties: — Users — Government authorities — Internet service providers — Coordinator and standardization organisations — Law enforcement agencies. 2012 VERSION 2023 VERSION INTERESTE D PARTIES Denominated as stakeholders: — Consumers — Providers
  • 43. ISO/IEC 27032:2023 version 2023 vs version 2012 17 controls: — Preventive — Detective — Recover — Respond 2012 VERSION 2023 VERSION CONTROL S 6 controls: — Application level controls — Server protection — End-user controls — Controls against social engineering attacks — Cybersecurity Readiness — Other controls
  • 44. GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training
  • 45. GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify
  • 46. GenAI: How can ISO ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify Tehnical Protect / Identify
  • 47. GenAI: How can ISO/IEC 27032 help? Policies for Internet security Access control Security incident management Asset management Business continuity over the Internet Supplier management Network management Vulnerability management Privacy protection over the Internet Protection against malware Change management Identification of applicable legislation and compliance requirements Use of cryptography Application security for Internet-facing applications Endpoint device management Monitoring Education, awareness & training GRC Protect / Identify Tehnical Protect / Identify Detect / Respond / Recover
  • 48. GenAI: How can ISO/IEC 27032 help? To get the most from this groundbreaking technology, we need to manage its extended landscape of risks while considering the organization / ecosystem as a whole Take an (1) Overarching approach (2) Interdisciplinary approach (3) Collaborative approach will all interested parties Combine (1) Several frameworks (2) Best practices Consider (1) Your individual and organisational requirements / views (2) Stakeholders requirements / views (3) Ecosystem requirements / views
  • 50. EU AI Act (draft) Unacceptable Risk (Art. 5) High Risk (Art. 6) Minimal or No Risk Limited Risk (Art. 52) Prohibited within the EU Permitted subject to (1) conformity assessment (2) market monitoring Permitted Subject to transparency disclosures Permitted No restrictions