Download Publication
Who it's for:
- CISOs and Chief AI Officers
- Business leaders, decision makers, and shareholders
- AI engineers, analysts, and developers
- Policymakers and regulators
- Customers and the general public
AI Organizational Responsibilities - Core Security Responsibilities
Release Date: 05/05/2024
This publication from the CSA AI Organizational Responsibilities Working Group provides a blueprint for enterprises to fulfill their core information security responsibilities pertaining to the development and deployment of Artificial Intelligence (AI) and Machine Learning (ML). Expert-recommended best practices and standards, including NIST AI RMF, NIST SSDF, NIST 800-53, and CSA CCM, are synthesized into 3 core security areas: data protection mechanisms, model security, and vulnerability management. Each responsibility is analyzed using quantifiable evaluation criteria, the RACI model for role definitions, high-level implementation strategies, continuous monitoring and reporting mechanisms, access control mapping, and adherence to foundational guardrails.
Key Takeaways:
- The components of the AI Shared Responsibility Model
- How to ensure the security and privacy of AI training data
- The significance of AI model security, including access controls, secure runtime environments, vulnerability and patch management, and MLOps pipeline security
- The significance of AI vulnerability management, including AI/ML asset inventory, continuous vulnerability scanning, risk-based prioritization, and remediation tracking
The other two publications in this series discuss the AI regulatory environment and a benchmarking model for AI resilience. By outlining recommendations across these key areas of security and compliance in 3 targeted publications, this series guides enterprises to fulfill their obligations for responsible and secure AI development and deployment.
Download this Resource
Are you a research volunteer? Request to have your profile displayed on the website here.