AI security standard at FDIS
- Feb 20
- 1 min read
Updated: Mar 12
Having now reached Final Draft International Standard stage, ISO/IEC 27090 "Guidance for addressing security threats and compromises to artificial intelligence systems" is on-track for publication later this year, hopefully.
This is a timely standard, giving the explosion of AI-with-everything at the moment. Hopefully it will prompt smart (and not-so-smart!) organisations to think carefully about the information risks associated with their use of AI, prioritising the most significant risks for urgent action.
By the way, 'their use of AI' means more than just delving into the design and implementation of technological or cybersecurity controls: other factors at least as important include whether to use AI at all, how, under which circumstances, in what manner - in other words there are business and tech strategy, policy, governance, management, conformity, compliance, assurance and accountability aspects to this. Whereas ISO/IEC 27090 mostly concerns cybersecurity (meaning technological controls addressing deliberate attacks), there are numerous (more than 100!) cited references to standards, academic studies and guidance addressing other aspects.
For instance, given the risks, how can inappropriate AI decisions, actions or content be caught in time before serious incidents occur? Since preventive controls cannot be entirely relied upon, what about detection, recovery and resilience controls?
Q: How many teeshirts screenprinted with amusing but inept genAI outputs would we need to sell to offset the damage caused to our brand by AI-related incidents?
A: Raise ten to a large power ...
No Brasil, as apostas ao vivo têm se tornado mais populares porque permitem acompanhar o andamento dos eventos em tempo real e reagir às mudanças durante as partidas. Esse formato é especialmente comum entre quem acompanha futebol e gosta de analisar o jogo enquanto ele acontece. Em muitas plataformas, as informações são atualizadas constantemente, o que ajuda a entender melhor a dinâmica das partidas. No geral, esse tipo de interação torna a experiência mmabet entrar mais dinâmica para alguns usuários que preferem acompanhar os eventos ao vivo.👍
Interessant punt dit. Die
Saí com um prejuízo pequeno de alguns reais, mas o desempenho da plataforma é definitivamente de primeira linha. Ele roda incrivelmente liso direto no navegador do seu celular, sem drenar a bateria ou forçar você a baixar aplicativos duvidosos de terceiros para jogar aqui no Brasil.
Eu estava na fila da padaria do meu bairro logo cedo, esperando sair uma nova fornada de pão francês quente. A fila estava enorme, típica manhã caótica brasileira, e o padeiro avisou que ia demorar mais uns quinze minutos. Para não ficar apenas olhando para as prateleiras, peguei meu celular para encontrar uma distração rápida. Abri https://upbet-brasil.br.com/ e joguei algumas rodadas rápidas. Sinceramente, fez a espera frustrante parecer muito mais…
Interessant punt dit. Die nieuwe ISO/IEC 27090 komt eigenlijk precies op het juiste moment, want AI wordt nu echt overal toegepast zonder dat iedereen goed stilstaat bij de risico’s. Het gaat inderdaad niet alleen om technische beveiliging, maar ook om keuzes op strategisch niveau: wanneer gebruik je AI wel of juist niet.
Wat je zegt over governance en accountability is ook belangrijk. Veel organisaties focussen alleen op tools, maar vergeten beleid en interne processen. In Nederlandt zie je dat bedrijven langzaam serieuzer omgaan met dit soort standaarden, zeker nu regelgeving ook strenger wordt.
Ik denk dat zo’n standaard vooral helpt om structuur te brengen in iets wat nu nog best chaotisch groeit. Niet alles hoeft meteen perfect, maar bewust omgaan…
I see that evaluations of advancements are consistently impartial. The evidence is logically stacked. The webpage provides further contextual information on the problem. Participation models are contextualized via interactive internet services.