相關主題
商品描述
The aim of this book is to demonstrate the use of business-driven risk assessments to address government regulations and guidelines specific to AI risks, as AI systems often require access to personal data. All aspects of AI, machine learning models, continuous learning, generalization, and predictive and descriptive analytics are dependent on massive datasets. The more diverse and comprehensive the data, the better an AI can perform. Therefore, AI systems require vast amounts of personal data, and should this data be accessed by unauthorized individuals or organizations, it will lead to a privacy breach, which may result in personal harm to citizens, i.e., identity theft.
This book introduces the cyber risk investment model and the cybersecurity risk management framework used within business-driven risk assessments to address government regulations, industry standards, and applicable laws. It can be used by various stakeholders who are involved in the implementation of cybersecurity measures to safeguard sensitive data. This framework facilitates an organization's risk management decision-making process to demonstrate the mechanisms in place to fund cybersecurity measures and demonstrates the application of the process by showcasing two case studies.
Features:
- Aims to strengthen the reader's understanding of industry governance, AI risk, and compliance practices.
- Incorporates an innovative approach to assess business risk management specific to AI systems.
- Explores the strategic decisions made by organizations when implementing cybersecurity measures and leverages an integrated approach to include risk management elements.
商品描述(中文翻譯)
本書的目的是展示如何使用以業務為驅動的風險評估來應對與人工智慧(AI)風險相關的政府法規和指導方針,因為AI系統通常需要訪問個人數據。AI、機器學習模型、持續學習、泛化以及預測性和描述性分析的所有方面都依賴於大量數據集。數據越多樣化和全面,AI的表現就越好。因此,AI系統需要大量的個人數據,如果這些數據被未經授權的個人或組織訪問,將導致隱私洩露,可能對公民造成個人傷害,例如身份盜竊。
本書介紹了網絡風險投資模型和在以業務為驅動的風險評估中使用的網絡安全風險管理框架,以應對政府法規、行業標準和適用法律。各種利益相關者都可以使用此框架,這些利益相關者參與實施網絡安全措施以保護敏感數據。該框架促進了組織的風險管理決策過程,以展示資助網絡安全措施的機制,並通過展示兩個案例研究來演示該過程的應用。
特色:
- 旨在加強讀者對行業治理、AI風險和合規實踐的理解。
- 採用創新的方法來評估特定於AI系統的業務風險管理。
- 探討組織在實施網絡安全措施時所做的戰略決策,並利用綜合方法納入風險管理要素。
作者簡介
Sherita-Tara (Tara) Kissoon is multi-certified I.T. Risk & Security Leader with twenty-five years of technology experience, twenty years of experience in the financial services industry. Tara's educational background encompasses a Master of Science (MSc) in Information Security with Upper Class Honours at the University of London, Royal Holloway College, a Master of Business Administration (MBA) with Distinction at the University of Toronto, Rotman School of Management, a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP). Details are located @ www.thevirtualmall.ca.
作者簡介(中文翻譯)
Sherita-Tara (Tara) Kissoon 是一位多重認證的資訊科技風險與安全領導者,擁有二十五年的技術經驗,以及二十年的金融服務業經驗。Tara 的教育背景包括在倫敦大學皇家霍洛威學院獲得資訊安全碩士學位(MSc)並榮獲優等榮譽,於多倫多大學羅特曼管理學院獲得優異的工商管理碩士學位(MBA),並持有認證資訊系統審計師(CISA)和認證資訊系統安全專業人員(CISSP)資格。詳細資訊請參見 www.thevirtualmall.ca。
