top of page
AI


AI security standard 27090
Earlier today I blogged about the tedium and risks of ISO's slow processes, both consequences of the effort needed to align all those involved in standardisation and produce worthwhile, generally-acceptable standards. Here's another topical example. ISO/IEC 27090 "Cybersecurity — Artificial Intelligence — Guidance for addressing security threats and compromises to artificial intelligence systems" is at FDIS stage and will hopefully emerge from the sausage machine "soon-as", m
Jun 62 min read


AI security standard at FDIS
Having now reached F inal D raft I nternational S tandard stage, ISO/IEC 27090 " Guidance for addressing security threats and compromises to artificial intelligence systems " is on-track for publication later this year, hopefully. This is a timely standard, giving the explosion of AI-with-everything at the moment. Hopefully it will prompt smart (and not-so-smart!) organisations to think carefully about the information risks associated with their use of AI, prioritising the
Feb 201 min read


Stakeholding adversaries
I'm intrigued by the notion of 'adversaries' being classed and treated as 'stakeholders' for risk management purposes. Adversaries' interests, concerns, requirements and expectations are (on the whole) diametrically opposed to the organisation's and its more conventional stakeholders. However, as with all stakeholders ( e.g . owners, workers, partners, suppliers, customers, authorities, communities, society ...), they are willing to invest in achieving the outcomes they desir
Dec 23, 20252 min read


ISO 27799 updated - health infosec controls
ISO/TC 215 has updated ISO 27799 to reflect ISO/IEC 27002:2022 , omitting the previous edition's content re ISO/IEC 27001 . The standard now concentrates on the implementation of organisational, people, physical and technological controls within the healthcare industry.
Dec 19, 20251 min read
bottom of page
