Sep 03 2024

AI Risk Management

Category: AI,Risk Assessmentdisc7 @ 8:56 am

The IBM blog on AI risk management discusses how organizations can identify, mitigate, and address potential risks associated with AI technologies. AI risk management is a subset of AI governance, focusing specifically on preventing and addressing threats to AI systems. The blog outlines various types of risks—such as data, model, operational, and ethical/legal risks—and emphasizes the importance of frameworks like the NIST AI Risk Management Framework to ensure ethical, secure, and reliable AI deployment. Effective AI risk management enhances security, decision-making, regulatory compliance, and trust in AI systems.

AI risk management can help close this gap and empower organizations to harness AI systems’ full potential without compromising AI ethics or security.

Understanding the risks associated with AI systems

Like other types of security risk, AI risk can be understood as a measure of how likely a potential AI-related threat is to affect an organization and how much damage that threat would do.

While each AI model and use case is different, the risks of AI generally fall into four buckets:

  • Data risks
  • Model risks
  • Operational risks
  • Ethical and legal risks

The NIST AI Risk Management Framework (AI RMF) 

In January 2023, the National Institute of Standards and Technology (NIST) published the AI Risk Management Framework (AI RMF) to provide a structured approach to managing AI risks. The NIST AI RMF has since become a benchmark for AI risk management.

The AI RMF’s primary goal is to help organizations design, develop, deploy and use AI systems in a way that effectively manages risks and promotes trustworthy, responsible AI practices.

Developed in collaboration with the public and private sectors, the AI RMF is entirely voluntary and applicable across any company, industry or geography.

The framework is divided into two parts. Part 1 offers an overview of the risks and characteristics of trustworthy AI systems. Part 2, the AI RMF Core, outlines four functions to help organizations address AI system risks:

  • Govern: Creating an organizational culture of AI risk management
  • Map: Framing AI risks in specific business contexts
  • Measure: Analyzing and assessing AI risks
  • Manage: Addressing mapped and measured risks

For more details, visit the full article here.

Predictive analytics for cyber risks

Predictive analytics offers significant benefits in cybersecurity by allowing organizations to foresee and mitigate potential threats before they occur. Using methods such as statistical analysis, machine learning, and behavioral analysis, predictive analytics can identify future risks and vulnerabilities. While challenges like data quality, model complexity, and evolving threats exist, employing best practices and suitable tools can improve its effectiveness in detecting cyber threats and managing risks. As cyber threats evolve, predictive analytics will be vital in proactively managing risks and protecting organizational information assets.

Trust Me: ISO 42001 AI Management System is the first book about the most important global AI management system standard: ISO 42001. The ISO 42001 standard is groundbreaking. It will have more impact than ISO 9001 as autonomous AI decision making becomes more prevalent.

Why Is AI Important?

AI autonomous decision making is all around us. It is in places we take for granted such as Siri or Alexa. AI is transforming how we live and work. It becomes critical we understand and trust this prevalent technology:

“Artificial intelligence systems have become increasingly prevalent in everyday life and enterprise settings, and they’re now often being used to support human decision making. These systems have grown increasingly complex and efficient, and AI holds the promise of uncovering valuable insights across a wide range of applications. But broad adoption of AI systems will require humans to trust their output.” (Trustworthy AI, IBM website, 2024)


Trust Me – ISO 42001 AI Management System

Enhance your AI (artificial intelligence) initiatives with ISO 42001 and empower your organization to innovate while upholding governance standards.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: AI Governance, AI Risk Management, artificial intelligence, security risk management


Feb 26 2023

10 Best selling information security risk management books

Here are some of the best-selling books on information security risk management:

  1. Security Risk Management: Building an Information Security Risk Management Program from the Ground Up” by Evan Wheeler
  2. The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice” by Jason Andress and Steven Winterfeld
  3. Security Risk Assessment: Managing Physical and Operational Security” by John M. White
  4. IT Risk: Turning Business Threats into Competitive Advantage” by George Westerman and Richard Hunter
  5. Information Security Risk Management: Understanding ISO 27001” by Alan Calder and Steve Watkins
  6. Risk Management Framework: A Lab-Based Approach to Securing Information Systems” by James Broad and Andrew Green
  7. Cybersecurity and Infrastructure Protection: Background, Policy, and Issues” by Thomas A. Johnson
  8. The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business” by Tari Schreider
  9. NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems” by National Institute of Standards and Technology
  10. Information Security: Principles and Practices” by Mark Merkow and Jim Breithaupt.

InfoSec Risk Assessment

ISO 27001/ISO 22301 RISK ASSESSMENT TOOLKIT

Tags: Security Risk Assessment, security risk management


Oct 06 2019

A CISO’s Guide to Bolstering Cybersecurity Posture

iso27032

When It Come Down To It, Cybersecurity Is All About Understanding Risk

Risk Management Framework for Information Systems

How to choose the right cybersecurity framework

Improve Cybersecurity posture by using ISO/IEC 27032
httpv://www.youtube.com/watch?v=NX5RMGOcyBM

Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture
httpv://www.youtube.com/watch?v=C8WGPZwlfj8

CSET Cyber Security Evaluation Tool – ICS/OT
httpv://www.youtube.com/watch?v=KzuraQXDqMY


Subscribe to DISC InfoSec blog by Email




Tags: cybersecurity posture, security risk management