TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
1. Tata Kelola dan Keamanan Siber
untuk
Kecerdasan Buatan
S A R WON O S U T I K N O, D R . E N G.
K U L I A H U MU M – I T E R A
K A MI S 2 5 A P R I L 2 0 2 4
V 0 2 2
11. CyberSecurity Skills Gap
ISACA researchers identified several core challenges, 2020:
• Shortage of qualified candidates
• Skills gap
• Attrition
• Unrealistic requirements
• Low salaries
• Lack of commitment to training
1 1
13. • Cybersecurity https://s.id/WEF-Cybersecurity:
• Kecerdasan Buatan https://s.id/WEF-AI :
• AI for What Purpose? https://s.id/WEF-AIfWPurp
• Generative AI https://s.id/WEF-GenAI
• Bias and Fairness in AI Algorithms https://s.id/WEF-BiasAI
• AI and the Future Jobs https://s.id/WEF-AIFJob
• Can AI Overcome Its Limitations?
• The Geopolitical Impacts of AI
• Operationalizing Responsible AI https://s.id/WEF-OpRespAI
• AI, Diversity, and Inclusion
1 3
14. AI for What Purpose?
• Corporate Governance
• Justice and Law
• Ocean
• Mobility
• Science
• Digital Identity
• Health and Healthcare
• International Security
• Agile Governance
• Global Governance
• Values
• Global Risks
• Systemic Racism
• Human Rights
• The Digital Economy
• Education
https://s.id/WEF-AIfWPurp
1 4
15. Generative AI
• Fourth Industrial Revolution
• Education
• Future of Work
• Economic Progress
• Arts and Culture
• Civic Participation
• Health and Healthcare
• Internet Governance
• Media, Entertainment and Sport
https://s.id/WEF-GenAI
1 5
17. AI and the Future Jobs:
• Fourth Industrial Revolution
• Human Rights
• Entrepreneurship
• The Digital Economy
• Education
• Future fo Work
• Advanced Manufacturing
• Mental Health
• Economic Progress
• Mining and Metals
• Media, Entertainment and
Sport
https://s.id/WEF-AIFJob 1 7
18. Operationalizing Responsible AI:
• Fourth Industrial Revolution
• The Digital Economy
• Education
• Future of Work
• Corporate Governance
• Justice and Law
• Agile Governance
• Leadership
• Global Governance
https://s.id/WEF-OpRespAI
1 8
27. PP60/2008 Sistem Pengendalian Intern Pemerintah – COSO, COSO ERM:
• Lingkungan Pengendalian
• Penilaian Risiko
• Kegiatan Pengendalian
• Informasi dan Komunikasi
• Pemantauan pengendalian intern
COBIT 2019 – COBIT Focus for Information and Technology Risk
SNI ISO 27001 Information Security Management System series
MITRE ATT&CK
=====
2 7
Keadaan Indonesia sekarang
28. PP60/2008 Sistem Pengendalian Intern Pemerintah – COSO, COSO ERM:
• Lingkungan Pengendalian
• Penilaian Risiko
• Kegiatan Pengendalian
• Informasi dan Komunikasi
• Pemantauan pengendalian intern
COBIT 2019 – COBIT Focus for Information and Technology Risk
SNI ISO 27001 Information Security Management System series
MITRE ATT&CK
=====
• SNI ISO/IEC TR 29119-11:2020 Rekayasa perangkat lunak dan sistem — Pengujian perangkat lunak —
Bagian 11: Panduan pengujian sistem berbasis Kecerdasan Artificial
• ISO/IEC 42001:2023 - Information technology - Artificial intelligence - Management system
• ISO/IEC 23894:2023 - Information technology - Artificial intelligence - Guidance on risk management
• SNI ISO/IEC 23053:2022 - Framework for Artificial Intelligence (AI) Systems Using Machine Learning (ML)
• RSNI ISO/IEC 22989:2022 - Artificial intelligence concepts and terminology
• SNI ISO/IEC 38507:2022 Governance of IT - Governance implications of the use of artificial intelligence
by organizations
2 8
Keadaan Indonesia sekarang + usul
29. Combining COSO ERM, COBIT 2019, SAIF, the ISO/IEC 27001 family, and MITRE ATLAS
Strengths of the Combined Framework:
•Complementary Focus: Each framework addresses a distinct aspect of AI security, creating a layered approach:
• COSO ERM: Identifies AI-related risks within the broader enterprise risk landscape.
• COBIT 2019: Provides IT governance best practices for developing and deploying AI systems securely.
• SAIF (Google Secure AI Framework): Guides securing AI systems themselves, addressing unique AI risks.
• ISO 27001: Defines a structured method for implementing security controls for AI systems.
• MITRE ATLAS: Offers a knowledge base of adversarial tactics, techniques, and case studies (TT&Cs) specifically ta
•Benefits:
• Comprehensive Security: Addresses a wide range of AI security concerns, from enterprise risk to technical contro
• Aligned with Business Goals: COBIT 2019 ensures AI development aligns with business objectives.
• Structured Approach: ISO 27001 provides a structured method for implementing security controls.
• Focus on AI-Specific Risks: SAIF tackles unique security challenges posed by AI systems.
• Proactive Defense: MITRE ATLAS helps anticipate and prevent potential attacks on AI systems.
2 9