SlideShare a Scribd company logo

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance

Download as PPTX, PDF
PECB
PECB

In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed. Amongst others, the webinar covers: • ISO/IEC 27001 and ISO/IEC 42001 and their key components • Latest trends in AI Governance • Ethical AI practices • Benefits of Certification Presenters: Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001 Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001). Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001 Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations. Date: February 28, 2024 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: ISO/IEC 27001 Information Security Management System - EN | PECB ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ YouTube video: https://youtu.be/DujXaxBhhRk

Education
1 of 27
Agenda ISO 27001 & ISO 42001 Risk Management & Compliance AI and Information Security Risks Chatbot Manipulation When the AI Chatbot Disparages Its Own Company When Deepfake Tricks Your CFO out of $25 million Protection Putting in Place ISO 42001 Security Threats Specific to AI Systems The AI Security Triad Risk Management and Compliance
Case Study: When Deepfake Tricks Your CFO out of $25 million In a recent case study, scammers utilized deepfake technology to deceive an employee at a multinational company, resulting in a $25 million loss. The fraudsters impersonated the company's UK-based chief financial officer and conducted a video call with the employee, all through deepfake manipulation. This incident underscores the vulnerability of organizations to AI-driven cyber threats.
Case Study: Chatbot Manipulation
Case Study: Chatbot Manipulation
Case Study: When the AI Chatbot Disparages Its Own Company
Case Study: When the AI Chatbot Disparages Its Own Company
Security Threats Specific to AI Systems Data Poisoning AI model data poisoning is the deliberate injection of malicious or deceptive data into training sets, aimed at compromising the integrity or performance of machine learning models. Model Stealing AI model stealing involves unauthorized access to or replication of a trained machine learning model, often for illicit purposes such as intellectual property theft or model replication without proper authorization. Model Inversion Attacks AI model inversion attacks involve exploiting a machine learning model's output to infer sensitive information about the training data it was trained on, potentially compromising privacy or security.
The AI Security Triad Security of AI focuses on fortifying AI systems themselves against threats. It's about ensuring that these systems, including their data, are safeguarded from adversarial attacks, and their integrity and privacy are maintained. This is achieved via implementation of the AI Security Framework. Security with AI focuses on fortifying AI systems themselves against threats. It's about ensuring that these systems, including their data, are safeguarded from adversarial attacks, and their integrity and privacy are maintained. Security through AI employs autonomous AI agents to deliver security services with minimal human intervention.
ISO 27001 helps organizations ensure information security, cybersecurity and privacy protection. ISO 27001 and ISO 42001 ISO 27001 Information Security Management Systems ISO 42001 helps organizations responsibly use, develop, monitor or provide products or services that use AI. ISO 42001 Artificial Intelligence Management Systems October 2005 December 2023
ISO standards help organizations reach their objectives by ensuring that risks to the achievement of objectives are properly treated. ISO 27001 and ISO 42001 Risk Management and Compliance Risks dependent on the AI activities of the organization Information security and AI risks from the external environment AI risk management and compliance is not only for organizations putting in place operations dependent on AI, but for any organization with vulnerabilities.
Putting in place ISO 42001 Improvement AIMS Performance Evaluation Support Operations Leadership Planning Context The ISO 42001 AI management system is designed to be a comprehensive framework that helps an organization to manage its AI operations and risks effectively.
Leadership Planning Context Support Operations AIMS Performance Evaluation Improvement Context of the Organization 1 Leadership 2 Planning 3 Operations 5 AI Management System Performance Evaluation 6 Improvement 7 Support 4
Leadership Planning Context Context of the Organization 1  Internal and external context  Interested Parties (Stakeholders) Analysis
Leadership Planning Context Support Leadership 2 AI Policies and Procedures Provide management direction and support for AI systems  AI Policy  Alignment of Organizational Policies with AI Risks and System Objectives  Regular Policy Review Internal Organization Establish accountability within the organization for AI systems  AI roles and responsibilities  Reporting of concerns  Leadership and commitment  Scope of the AI Management System  AI Policy  Internal organization
Planning Support Operations Planning 3  AI Systems Impact Assessment  Management Guidance for AI System Development and Maintenance AI System Risk and Impact Assessment Assess risks and the impacts to those affected by AI systems  Assess risks and plan actions to respond to risks and opportunities  AI system impact on individuals and groups  AI system societal impact Management Guidance for AI System Development and Maintenance Documented Objectives and Processes Ensure the organization implements processes for the responsible design and development of AI systems  Documented objectives for responsible development  Documented processes for responsible design and development Defined Criteria and Requirements in the AI System Life Cycle Define the criteria and requirements for each stage of the AI system life cycle
Management Guidance for AI System Development and Maintenance Documented Objectives and Processes Ensure the organization implements processes for the responsible design and development of AI systems  Documented objectives for responsible development  Documented processes for responsible design and development Defined Criteria and Requirements in the AI System Life Cycle Define the criteria and requirements for each stage of the AI system life cycle Requirements and Specifications Design and Development Verification and Validation Deployment Operations and Monitoring Technical Documentation Recording of Events
Leadership Planning Context Support Support 4  Resources for AI systems  Information for Interested Parties Resources for AI systems Ensure that the organization accounts for the resources of the AI system  Data resources  Tooling resources  System and computing resources  Human resources Information for Interested Parties Ensure interested parties have the necessary information to understand and assess the AI system's risks and their impact  System Documentation and User Information  External reporting  Incident reporting  Information for interested parties
Planning Support Operations Operations 5  Controls and Procedures  Continuous Risk & Impact Assessment  Data for AI Systems  Use of AI Systems  Third-party and Customer Relationships Data for AI Systems Define, document and implement data management processes related to the development of AI systems  Acquisition  Quality  Provenance  Preparation Use of AI Systems Ensure that the organization uses AI systems responsibly and according to organizational policies  Responsible use of AI systems  Intended use of the AI system Third-party and Customer Relationships Ensure that the organization understands its responsibilities and remains accountable, and 3rd party risks are monitored and treated  Allocating responsibilities between supplier and customer
AIMS Performance Evaluation AI Management System Performance Evaluation 6  Monitoring  Internal audit  Management review
AIMS Improvement Improvement 7  Continual improvement  Nonconformity and corrective action
Leadership Planning Context Support Operations AIMS Performance Evaluation Improvement Context of the Organization  Internal and external context  Interested Parties (Stakeholders) Analysis 1 Leadership  Leadership and commitment  Scope of the AI Management System  AI Policy  Internal organization 2 Planning  AI Systems Impact Assessment  Management Guidance for AI System Development and Maintenance 3 Operations  Controls and Procedures  Continuous Risk & Impact Assessment  Data for AI Systems  Use of AI Systems  Third-party and Customer Relationships 5 AI Management System Performance Evaluation  Monitoring  Internal audit  Management review 6 Improvement  Continual improvement  Nonconformity and corrective action 7 Support  Resources for AI systems  Information for Interested Parties 4
THANK YOU Q&A

Recommended

ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AI
NUS-ISS
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Bernard Marr
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 

Recommended

ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
AI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AIAI Governance – The Responsible Use of AI
AI Governance – The Responsible Use of AI
NUS-ISS
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Artificial Intelligence In The Workplace: How AI Is Transforming Your Employe...
Bernard Marr
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
Hernan Huwyler, MBA CPA
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
Ilesh Dattani
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
Manoj Agarwal
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
Rishabh Software
 
AI Redefines Insurance
AI Redefines InsuranceAI Redefines Insurance
AI Redefines Insurance
Accenture Insurance
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
Hernan Huwyler, MBA CPA
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
Iskcon Ahmedabad
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 

More Related Content

What's hot

Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
Rishabh Software
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 

What's hot (20)

All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
Compliance framework
Compliance frameworkCompliance framework
Compliance framework
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
AI Redefines Insurance
AI Redefines InsuranceAI Redefines Insurance
AI Redefines Insurance
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
10 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 3730110 Mistakes in Implementing the ISO 37301
10 Mistakes in Implementing the ISO 37301
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 

Similar to Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
GrapesTech Solutions
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
ShyamMishra72
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 

Similar to Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance (20)

Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptxBusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
 
Role of AI Safety Institutes in Trustworthy AI.pdf
Role of AI Safety Institutes in Trustworthy AI.pdfRole of AI Safety Institutes in Trustworthy AI.pdf
Role of AI Safety Institutes in Trustworthy AI.pdf
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in india
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
An Overview of IT Risk and Control
An Overview of IT Risk and ControlAn Overview of IT Risk and Control
An Overview of IT Risk and Control
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Isms2
Isms2Isms2
Isms2
 
Top 10 use cases for Microsoft Purview.pptx
Top 10 use cases for Microsoft Purview.pptxTop 10 use cases for Microsoft Purview.pptx
Top 10 use cases for Microsoft Purview.pptx
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
Enhancing Cybersecurity with VAPT for IT Industries and ISO 27001 Compliant O...
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
PECB
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 

Recently uploaded (20)

psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance

  • 1.
  • 2. Agenda ISO 27001 & ISO 42001 Risk Management & Compliance AI and Information Security Risks Chatbot Manipulation When the AI Chatbot Disparages Its Own Company When Deepfake Tricks Your CFO out of $25 million Protection Putting in Place ISO 42001 Security Threats Specific to AI Systems The AI Security Triad Risk Management and Compliance
  • 3. Case Study: When Deepfake Tricks Your CFO out of $25 million In a recent case study, scammers utilized deepfake technology to deceive an employee at a multinational company, resulting in a $25 million loss. The fraudsters impersonated the company's UK-based chief financial officer and conducted a video call with the employee, all through deepfake manipulation. This incident underscores the vulnerability of organizations to AI-driven cyber threats.
  • 5.
  • 7.
  • 8. Case Study: When the AI Chatbot Disparages Its Own Company
  • 9.
  • 10. Case Study: When the AI Chatbot Disparages Its Own Company
  • 11.
  • 12. Security Threats Specific to AI Systems Data Poisoning AI model data poisoning is the deliberate injection of malicious or deceptive data into training sets, aimed at compromising the integrity or performance of machine learning models. Model Stealing AI model stealing involves unauthorized access to or replication of a trained machine learning model, often for illicit purposes such as intellectual property theft or model replication without proper authorization. Model Inversion Attacks AI model inversion attacks involve exploiting a machine learning model's output to infer sensitive information about the training data it was trained on, potentially compromising privacy or security.
  • 13. The AI Security Triad Security of AI focuses on fortifying AI systems themselves against threats. It's about ensuring that these systems, including their data, are safeguarded from adversarial attacks, and their integrity and privacy are maintained. This is achieved via implementation of the AI Security Framework. Security with AI focuses on fortifying AI systems themselves against threats. It's about ensuring that these systems, including their data, are safeguarded from adversarial attacks, and their integrity and privacy are maintained. Security through AI employs autonomous AI agents to deliver security services with minimal human intervention.
  • 14. ISO 27001 helps organizations ensure information security, cybersecurity and privacy protection. ISO 27001 and ISO 42001 ISO 27001 Information Security Management Systems ISO 42001 helps organizations responsibly use, develop, monitor or provide products or services that use AI. ISO 42001 Artificial Intelligence Management Systems October 2005 December 2023
  • 15. ISO standards help organizations reach their objectives by ensuring that risks to the achievement of objectives are properly treated. ISO 27001 and ISO 42001 Risk Management and Compliance Risks dependent on the AI activities of the organization Information security and AI risks from the external environment AI risk management and compliance is not only for organizations putting in place operations dependent on AI, but for any organization with vulnerabilities.
  • 16. Putting in place ISO 42001 Improvement AIMS Performance Evaluation Support Operations Leadership Planning Context The ISO 42001 AI management system is designed to be a comprehensive framework that helps an organization to manage its AI operations and risks effectively.
  • 17. Leadership Planning Context Support Operations AIMS Performance Evaluation Improvement Context of the Organization 1 Leadership 2 Planning 3 Operations 5 AI Management System Performance Evaluation 6 Improvement 7 Support 4
  • 18. Leadership Planning Context Context of the Organization 1  Internal and external context  Interested Parties (Stakeholders) Analysis
  • 19. Leadership Planning Context Support Leadership 2 AI Policies and Procedures Provide management direction and support for AI systems  AI Policy  Alignment of Organizational Policies with AI Risks and System Objectives  Regular Policy Review Internal Organization Establish accountability within the organization for AI systems  AI roles and responsibilities  Reporting of concerns  Leadership and commitment  Scope of the AI Management System  AI Policy  Internal organization
  • 20. Planning Support Operations Planning 3  AI Systems Impact Assessment  Management Guidance for AI System Development and Maintenance AI System Risk and Impact Assessment Assess risks and the impacts to those affected by AI systems  Assess risks and plan actions to respond to risks and opportunities  AI system impact on individuals and groups  AI system societal impact Management Guidance for AI System Development and Maintenance Documented Objectives and Processes Ensure the organization implements processes for the responsible design and development of AI systems  Documented objectives for responsible development  Documented processes for responsible design and development Defined Criteria and Requirements in the AI System Life Cycle Define the criteria and requirements for each stage of the AI system life cycle
  • 21. Management Guidance for AI System Development and Maintenance Documented Objectives and Processes Ensure the organization implements processes for the responsible design and development of AI systems  Documented objectives for responsible development  Documented processes for responsible design and development Defined Criteria and Requirements in the AI System Life Cycle Define the criteria and requirements for each stage of the AI system life cycle Requirements and Specifications Design and Development Verification and Validation Deployment Operations and Monitoring Technical Documentation Recording of Events
  • 22. Leadership Planning Context Support Support 4  Resources for AI systems  Information for Interested Parties Resources for AI systems Ensure that the organization accounts for the resources of the AI system  Data resources  Tooling resources  System and computing resources  Human resources Information for Interested Parties Ensure interested parties have the necessary information to understand and assess the AI system's risks and their impact  System Documentation and User Information  External reporting  Incident reporting  Information for interested parties
  • 23. Planning Support Operations Operations 5  Controls and Procedures  Continuous Risk & Impact Assessment  Data for AI Systems  Use of AI Systems  Third-party and Customer Relationships Data for AI Systems Define, document and implement data management processes related to the development of AI systems  Acquisition  Quality  Provenance  Preparation Use of AI Systems Ensure that the organization uses AI systems responsibly and according to organizational policies  Responsible use of AI systems  Intended use of the AI system Third-party and Customer Relationships Ensure that the organization understands its responsibilities and remains accountable, and 3rd party risks are monitored and treated  Allocating responsibilities between supplier and customer
  • 24. AIMS Performance Evaluation AI Management System Performance Evaluation 6  Monitoring  Internal audit  Management review
  • 26. Leadership Planning Context Support Operations AIMS Performance Evaluation Improvement Context of the Organization  Internal and external context  Interested Parties (Stakeholders) Analysis 1 Leadership  Leadership and commitment  Scope of the AI Management System  AI Policy  Internal organization 2 Planning  AI Systems Impact Assessment  Management Guidance for AI System Development and Maintenance 3 Operations  Controls and Procedures  Continuous Risk & Impact Assessment  Data for AI Systems  Use of AI Systems  Third-party and Customer Relationships 5 AI Management System Performance Evaluation  Monitoring  Internal audit  Management review 6 Improvement  Continual improvement  Nonconformity and corrective action 7 Support  Resources for AI systems  Information for Interested Parties 4