Generative AI and ChatGPT Enterprise Risks
HTML-код
- Опубликовано: 16 июл 2024
- SANS AI Cybersecurity Summit 2023
Speaker: David B. Cross, CISO, Oracle Cloud
Gadi Evron, CISO-in-Residence, Team8
With Generative AI, and ChatGPT specifically, our industry finds itself behind the technology adoption curve, while employees and business units rapidly adopting the technology.
Key questions CISOs are asking: Who is using the technology in my organization, and for what purpose? How can I protect enterprise information (data) when employees are interacting with GenAI? How can I manage the security risks of the underlying technology? How do I balance the security tradeoffs with the value the technology offers?
In this talk, we will deep-dive into enterprise security risks, threats, and impacts stemming from GenAI, examine how these can be effectively managed, walk through considerations in developing enterprise policy on the topic, and provide examples to that end.
We'll also touch on threat modeling GenAI, discuss how to hold a conversation with product teams and other stakeholders, and raise non-security risks such as legal and regulatory concerns. Lastly, we will provide a sample policy, along with a paper by the same name written with 80 CISOs, released on April 20th.
Takeaways:
- Understanding GenAI enterprise security risks, threats, and impacts.
- Considerations in building a GenAI policy, where it is and isn't necessary, and Risk Exceptions based on Risk Appetite.
- What a threat model for GenAI looks like.
- An understanding of some non-security risks, such as legal and regulatory.
- Heys to having productive conversations with product teams and other stakeholders.
View upcoming Summits: www.sans.org/u/DuS 
Наука
