Download Publication
![AI Organizational Responsibilities - Core Security Responsibilities](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6Mjg2NzYsInB1ciI6ImJsb2JfaWQifX0=--2bef52858354f612e0d17bf171a5a4f54c115e92/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--ed3d8b3503f8660626bf50138e90f4b6f3228621/AI%20Organizational%20Responsibilities%20thumbnail.png)
Who it's for:
- CISOs and Chief AI Officers
- Business leaders, decision makers, and shareholders
- AI engineers, analysts, and developers
- Policymakers and regulators
- Customers and the general public
AI Organizational Responsibilities - Core Security Responsibilities
Release Date: 05/05/2024
This publication from the CSA AI Organizational Responsibilities Working Group provides a blueprint for enterprises to fulfill their core information security responsibilities pertaining to the development and deployment of Artificial Intelligence (AI) and Machine Learning (ML). Expert-recommended best practices and standards, including NIST AI RMF, NIST SSDF, NIST 800-53, and CSA CCM, are synthesized into 3 core security areas: data protection mechanisms, model security, and vulnerability management. Each responsibility is analyzed using quantifiable evaluation criteria, the RACI model for role definitions, high-level implementation strategies, continuous monitoring and reporting mechanisms, access control mapping, and adherence to foundational guardrails.
Key Takeaways:
- The components of the AI Shared Responsibility Model
- How to ensure the security and privacy of AI training data
- The significance of AI model security, including access controls, secure runtime environments, vulnerability and patch management, and MLOps pipeline security
- The significance of AI vulnerability management, including AI/ML asset inventory, continuous vulnerability scanning, risk-based prioritization, and remediation tracking
The other two publications in this series discuss the AI regulatory environment and a benchmarking model for AI resilience. By outlining recommendations across these key areas of security and compliance in 3 targeted publications, this series guides enterprises to fulfill their obligations for responsible and secure AI development and deployment.
Download this Resource
Related Resources
Are you a research volunteer? Request to have your profile displayed on the website here.