https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58078#M834 <P>I personally do not think that&nbsp;<SPAN>embedding it in risk management or best practises should change the way that you currently do that for any other technology/process/application.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>As with any "new" technology, you must determine the risk to your organisation and then implement adequate security.</SPAN></P><P>&nbsp;</P><P><SPAN>Where I see the largest risk to AI of any sort could be the bi-directional flow of information.&nbsp; Much like Cloud Security, one needs to know if they (their firm) are uploading anything to anyplace what protocols are in place.</SPAN></P><P>&nbsp;</P><P><SPAN>Another risk that I see and believe could harm a corporation is plagiarism and privacy (not sure where you are but there are many regulations that need to be taken into account.</SPAN></P><P>&nbsp;</P><P><SPAN>So I would do the following:</SPAN></P><P>&nbsp;</P><DIV class=""><STRONG>Identify the risks</STRONG></DIV><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;</P><P>Assess the security threats (malware/ransomware, accidents. natural disaster and other.&nbsp;</P><P>&nbsp;</P></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><P><STRONG>Analysis</STRONG> <STRONG>and assess the risks</STRONG></P><P>&nbsp;</P><P>What is the probability? and what could the potential income be?</P><P>&nbsp;</P><P>&nbsp;<STRONG>Mitigate and monitor the&nbsp;<SPAN>Risk&nbsp;</SPAN></STRONG></P><P>&nbsp;</P><P><SPAN>&nbsp;Plan and develop options to reduce the threats</SPAN></P><P>&nbsp;</P><P><STRONG><SPAN>Determine the strategy that works for your organization</SPAN></STRONG></P><P>&nbsp;</P><P>- Avoidance</P><P>- Reduction</P><P>- Sharing - not typical in financial situations</P><P>- Transference</P><P>- Acceptance.</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><P>Others?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV> Sun, 26 Mar 2023 19:34:02 GMT dcontesti 2023-03-26T19:34:02Z https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58056#M831 <P>I'd like to know how Artificial Intelligence risks could be embedded in risk management practises, taxonomy and best practises for managing AI cyber/tech risks specially financial sector</P> Sat, 25 Mar 2023 01:27:47 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58056#M831 rami99 2023-03-25T01:27:47Z https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58078#M834 <P>I personally do not think that&nbsp;<SPAN>embedding it in risk management or best practises should change the way that you currently do that for any other technology/process/application.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>As with any "new" technology, you must determine the risk to your organisation and then implement adequate security.</SPAN></P><P>&nbsp;</P><P><SPAN>Where I see the largest risk to AI of any sort could be the bi-directional flow of information.&nbsp; Much like Cloud Security, one needs to know if they (their firm) are uploading anything to anyplace what protocols are in place.</SPAN></P><P>&nbsp;</P><P><SPAN>Another risk that I see and believe could harm a corporation is plagiarism and privacy (not sure where you are but there are many regulations that need to be taken into account.</SPAN></P><P>&nbsp;</P><P><SPAN>So I would do the following:</SPAN></P><P>&nbsp;</P><DIV class=""><STRONG>Identify the risks</STRONG></DIV><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;</P><P>Assess the security threats (malware/ransomware, accidents. natural disaster and other.&nbsp;</P><P>&nbsp;</P></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><P><STRONG>Analysis</STRONG> <STRONG>and assess the risks</STRONG></P><P>&nbsp;</P><P>What is the probability? and what could the potential income be?</P><P>&nbsp;</P><P>&nbsp;<STRONG>Mitigate and monitor the&nbsp;<SPAN>Risk&nbsp;</SPAN></STRONG></P><P>&nbsp;</P><P><SPAN>&nbsp;Plan and develop options to reduce the threats</SPAN></P><P>&nbsp;</P><P><STRONG><SPAN>Determine the strategy that works for your organization</SPAN></STRONG></P><P>&nbsp;</P><P>- Avoidance</P><P>- Reduction</P><P>- Sharing - not typical in financial situations</P><P>- Transference</P><P>- Acceptance.</P><P>&nbsp;</P><DIV class=""><DIV class=""><DIV class=""><P>Others?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><DIV class=""><P>&nbsp;&nbsp;</P></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV></DIV> Sun, 26 Mar 2023 19:34:02 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58078#M834 dcontesti 2023-03-26T19:34:02Z https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58227#M837 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;</P><P>&nbsp;</P><P>My thoughts are how the AI ladder works, if you understand how the data is gathered, cleansed and formatted, you have a good idea of how the process is meant to work.</P><P>&nbsp;</P><P>I strongly suggest a good set of Governance principles and ethics are applied through the organisation itself, this will greatly help everyone use it wisely, and carefully.</P><P>&nbsp;</P><P>Understanding how bias, can be incorporated into the developers mindset, will help you test the outputs and ensure you really a gathering good data, and validating and testing it.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 02 Apr 2023 06:29:53 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Artificial-Intelligence-Risks/m-p/58227#M837 Caute_cautim 2023-04-02T06:29:53Z