In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed.
Amongst others, the webinar covers:
• ISO/IEC 27001 and ISO/IEC 42001 and their key components
• Latest trends in AI Governance
• Ethical AI practices
• Benefits of Certification
Presenters:
Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001
Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001).
Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001
Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations.
Date: February 28, 2024
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/DujXaxBhhRk
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
1.
2. Agenda
ISO 27001 & ISO 42001
Risk Management
& Compliance
AI and Information
Security Risks
Chatbot Manipulation
When the AI Chatbot
Disparages Its Own Company
When Deepfake Tricks Your
CFO out of $25 million
Protection
Putting in Place
ISO 42001
Security Threats
Specific to AI Systems
The AI
Security Triad
Risk
Management
and Compliance
3. Case Study:
When Deepfake Tricks Your CFO out of $25 million
In a recent case study, scammers utilized deepfake
technology to deceive an employee at a
multinational company, resulting in a $25 million
loss. The fraudsters impersonated the company's
UK-based chief financial officer and conducted a
video call with the employee, all through deepfake
manipulation. This incident underscores the
vulnerability of organizations to AI-driven cyber
threats.
12. Security Threats Specific to AI Systems
Data Poisoning
AI model data poisoning is the deliberate
injection of malicious or deceptive data into
training sets, aimed at compromising the
integrity or performance of machine
learning models.
Model Stealing
AI model stealing involves unauthorized access
to or replication of a trained machine learning
model, often for illicit purposes such as
intellectual property theft or model replication
without proper authorization.
Model Inversion Attacks
AI model inversion attacks involve exploiting
a machine learning model's output to infer
sensitive information about the training data it
was trained on, potentially compromising
privacy or security.
13. The AI Security Triad
Security of AI focuses on
fortifying AI systems themselves
against threats. It's about ensuring that
these systems, including their data, are
safeguarded from adversarial attacks,
and their integrity and privacy are
maintained. This is achieved via
implementation of the AI Security
Framework.
Security with AI focuses on
fortifying AI systems themselves against
threats. It's about ensuring that these
systems, including their data, are
safeguarded from adversarial attacks, and
their integrity and privacy are maintained.
Security through AI employs
autonomous AI agents to deliver security
services with minimal human intervention.
14. ISO 27001 helps organizations
ensure information security,
cybersecurity and privacy protection.
ISO 27001 and ISO 42001
ISO 27001 Information Security
Management Systems
ISO 42001 helps organizations
responsibly use, develop, monitor or
provide products or services that
use AI.
ISO 42001 Artificial Intelligence
Management Systems
October
2005
December
2023
15. ISO standards help organizations reach their
objectives by ensuring that risks to the
achievement of objectives are properly treated.
ISO 27001 and ISO 42001
Risk Management and Compliance
Risks dependent
on the AI activities
of the organization
Information security
and AI risks from the
external environment
AI risk management and compliance is
not only for organizations putting in place
operations dependent on AI, but for any
organization with vulnerabilities.
16. Putting in place ISO 42001
Improvement
AIMS
Performance
Evaluation
Support
Operations
Leadership
Planning
Context The ISO 42001 AI
management system is
designed to be a
comprehensive framework
that helps an organization
to manage its AI operations
and risks effectively.
19. Leadership
Planning
Context
Support
Leadership
2
AI Policies and Procedures
Provide management direction and support for AI systems
AI Policy
Alignment of Organizational Policies with AI Risks and System Objectives
Regular Policy Review
Internal Organization
Establish accountability within the organization for AI systems
AI roles and responsibilities
Reporting of concerns
Leadership and commitment
Scope of the AI Management System
AI Policy
Internal organization
20. Planning
Support
Operations
Planning
3 AI Systems Impact Assessment
Management Guidance for AI System
Development and Maintenance
AI System Risk and Impact Assessment
Assess risks and the impacts to those affected by AI systems
Assess risks and plan actions to respond to risks and opportunities
AI system impact on individuals and groups
AI system societal impact
Management Guidance for AI System
Development and Maintenance
Documented Objectives and Processes
Ensure the organization implements processes for the
responsible design and development of AI systems
Documented objectives for responsible development
Documented processes for responsible design and development
Defined Criteria and Requirements in the AI System Life Cycle
Define the criteria and requirements for each stage of the AI system life cycle
21. Management Guidance for AI System
Development and Maintenance
Documented Objectives and Processes
Ensure the organization implements processes for the
responsible design and development of AI systems
Documented objectives for responsible development
Documented processes for responsible design and development
Defined Criteria and Requirements in the AI System Life Cycle
Define the criteria and requirements for each stage of the AI system life cycle
Requirements
and
Specifications
Design and
Development
Verification
and Validation
Deployment
Operations
and
Monitoring
Technical
Documentation
Recording of
Events
22. Leadership
Planning
Context
Support
Support
4
Resources for AI systems
Information for Interested Parties
Resources for AI systems
Ensure that the organization accounts for the resources of the AI system
Data resources
Tooling resources
System and computing resources
Human resources
Information for Interested Parties
Ensure interested parties have the necessary information to
understand and assess the AI system's risks and their
impact
System Documentation and User Information
External reporting
Incident reporting
Information for interested parties
23. Planning
Support
Operations Operations
5
Controls and Procedures
Continuous Risk & Impact Assessment
Data for AI Systems
Use of AI Systems
Third-party and Customer Relationships
Data for AI Systems
Define, document and implement data management processes
related to the development of AI systems
Acquisition
Quality
Provenance
Preparation
Use of AI Systems
Ensure that the organization uses AI systems responsibly and
according to organizational policies
Responsible use of AI systems
Intended use of the AI system
Third-party and Customer Relationships
Ensure that the organization understands its responsibilities and
remains accountable, and 3rd party risks are monitored and treated
Allocating responsibilities between supplier and customer
26. Leadership
Planning
Context
Support
Operations
AIMS
Performance
Evaluation
Improvement
Context of the Organization
Internal and external context
Interested Parties (Stakeholders) Analysis
1
Leadership
Leadership and commitment
Scope of the AI Management System
AI Policy
Internal organization
2
Planning
AI Systems Impact Assessment
Management Guidance for AI System
Development and Maintenance
3
Operations
Controls and Procedures
Continuous Risk & Impact Assessment
Data for AI Systems
Use of AI Systems
Third-party and Customer Relationships
5
AI Management System
Performance Evaluation
Monitoring
Internal audit
Management review 6
Improvement
Continual improvement
Nonconformity and
corrective action
7
Support
Resources for AI systems
Information for Interested Parties
4