topic Security baseline for AI in Tech Talk https://community.isc2.org/t5/Tech-Talk/Security-baseline-for-AI/m-p/86572#M5265 <P>The Canadian Centre for Cyber Security just released some guidance on Security for AI.</P><P>&nbsp;</P><P><A href="https://www.cyber.gc.ca/en/guidance/generative-artificial-intelligence-ai-itsap00041" target="_blank">https://www.cyber.gc.ca/en/guidance/generative-artificial-intelligence-ai-itsap00041</A></P><P>&nbsp;</P><P>I feel this is a great baseline to build on.</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Wed, 17 Dec 2025 21:04:24 GMT dcontesti 2025-12-17T21:04:24Z Security baseline for AI https://community.isc2.org/t5/Tech-Talk/Security-baseline-for-AI/m-p/86572#M5265 <P>The Canadian Centre for Cyber Security just released some guidance on Security for AI.</P><P>&nbsp;</P><P><A href="https://www.cyber.gc.ca/en/guidance/generative-artificial-intelligence-ai-itsap00041" target="_blank">https://www.cyber.gc.ca/en/guidance/generative-artificial-intelligence-ai-itsap00041</A></P><P>&nbsp;</P><P>I feel this is a great baseline to build on.</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>d</P><P>&nbsp;</P> Wed, 17 Dec 2025 21:04:24 GMT https://community.isc2.org/t5/Tech-Talk/Security-baseline-for-AI/m-p/86572#M5265 dcontesti 2025-12-17T21:04:24Z Re: Security baseline for AI https://community.isc2.org/t5/Tech-Talk/Security-baseline-for-AI/m-p/86582#M5267 <P>My thoughts? The Canadian guidance (ITSAP.00.041) is a high-level awareness document, useful for non-technical audiences, but insufficient for cybersecurity and IT professionals seeking deep, operational guidance.&nbsp;&nbsp;<SPAN>It's adequate for awareness – It clearly defines generative AI, high-level risks (e.g., hallucinations, bias, misinformation), and broad mitigation strategies.<BR /><BR /></SPAN></P><P>However, it's weak for practitioners – Lacks specifics on:</P><UL><LI>Secure prompt engineering or guardrails</LI><LI>Detailed threat models (e.g., prompt injection, model poisoning)</LI><LI>Platform hardening, logging, secure deployment patterns</LI><LI>Nothing on operationalizing controls or threat detection</LI></UL><P>For practical, security-heavy GenAI adoption, folks should reference:<BR /><BR /></P><UL><LI>NIST AI RMF + GenAI Profile + Cyber AI Profile</LI><LI>MITRE SAFE‑AI &amp; ATLAS</LI><LI>OWASP GenAI Top 10</LI><LI>CSA Prompt Guardrails</LI><LI>ISO 42001 (governance)</LI><LI>EU AI Act (high-risk model requirements)</LI></UL><P>Just my two-cents.&nbsp;&nbsp;</P><P>Cheers!</P> Thu, 18 Dec 2025 04:40:39 GMT https://community.isc2.org/t5/Tech-Talk/Security-baseline-for-AI/m-p/86582#M5267 riffjim4069 2025-12-18T04:40:39Z