In today’s rapidly evolving world, where Artificial Intelligence (AI) not only drives innovation but also presents unique challenges and opportunities, staying ahead means being informed. Amongst others, the webinar covers: • ISO/IEC 27001 and ISO/IEC 42001 and their key components • Latest trends in AI Governance • Ethical AI practices • Benefits of Certification Presenters: Jeffrey Bankard - Cybersecurity & AI Leader, AI Management Systems: ISO/IEC 42001 Jeffrey provides executive leadership for AI product creation through the product incubation unit (PIU). Ensures the timely delivery of AI consulting engagements through cross-functional teams comprised of senior information and network security leaders to establish strategic goals for improving the security architecture and risk posture for clients. Consults with business leaders to define key performance indicators and service levels. Fosters employee development through mentoring and coaching. Decides how to achieve results within the organization’s strategic plans, policies, and guidelines. Develops new products and secures those products through current AI security guidelines (ISO 42001). Adrian Resag - Experienced in Risk and Control - ISO/IEC 27001 and ISO/IEC 42001 Adrian believes a stimulating career can span many disciplines and that leading organizations value versatile professionals. He has enjoyed managing teams spanning the globe by working in world-leading organizations as Chief Audit Executive, Head of Risk Management, Information Systems Auditor, Head of Internal Control, as a consultant, a statutory auditor and an accountant. To allow such a diverse career, his approach has been to pursue certifications in many fields (making him one of the most qualified and certified in some of them). He has written books and created professional certifications in audit & assurance and compliance & ethics, and teaches in subjects from information security to risk management. With a passion for education, Adrian founded an educational institution and has taught tens of thousands of students and professionals online, in companies, universities and in governmental organizations. Date: February 28, 2024 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: ISO/IEC 27001 Information Security Management System - EN | PECB ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ YouTube video: https://youtu.be/DujXaxBhhRk

2. Agenda
ISO 27001 & ISO 42001
Risk Management
& Compliance
AI and Information
Security Risks
Chatbot Manipulation
When the AI Chatbot
Disparages Its Own Company
When Deepfake Tricks Your
CFO out of $25 million
Protection
Putting in Place
ISO 42001
Security Threats
Specific to AI Systems
The AI
Security Triad
Risk
Management
and Compliance

3. Case Study:
When Deepfake Tricks Your CFO out of $25 million
In a recent case study, scammers utilized deepfake
technology to deceive an employee at a
multinational company, resulting in a $25 million
loss. The fraudsters impersonated the company's
UK-based chief financial officer and conducted a
video call with the employee, all through deepfake
manipulation. This incident underscores the
vulnerability of organizations to AI-driven cyber
threats.

4. Case Study:
Chatbot Manipulation

6. Case Study:
Chatbot Manipulation

8. Case Study:
When the AI Chatbot Disparages Its Own Company

10. Case Study:
When the AI Chatbot Disparages Its Own Company

12. Security Threats Specific to AI Systems
Data Poisoning
AI model data poisoning is the deliberate
injection of malicious or deceptive data into
training sets, aimed at compromising the
integrity or performance of machine
learning models.
Model Stealing
AI model stealing involves unauthorized access
to or replication of a trained machine learning
model, often for illicit purposes such as
intellectual property theft or model replication
without proper authorization.
Model Inversion Attacks
AI model inversion attacks involve exploiting
a machine learning model's output to infer
sensitive information about the training data it
was trained on, potentially compromising
privacy or security.

13. The AI Security Triad
Security of AI focuses on
fortifying AI systems themselves
against threats. It's about ensuring that
these systems, including their data, are
safeguarded from adversarial attacks,
and their integrity and privacy are
maintained. This is achieved via
implementation of the AI Security
Framework.
Security with AI focuses on
fortifying AI systems themselves against
threats. It's about ensuring that these
systems, including their data, are
safeguarded from adversarial attacks, and
their integrity and privacy are maintained.
Security through AI employs
autonomous AI agents to deliver security
services with minimal human intervention.

14. ISO 27001 helps organizations
ensure information security,
cybersecurity and privacy protection.
ISO 27001 and ISO 42001
ISO 27001 Information Security
Management Systems
ISO 42001 helps organizations
responsibly use, develop, monitor or
provide products or services that
use AI.
ISO 42001 Artificial Intelligence
Management Systems
October
2005
December
2023

15. ISO standards help organizations reach their
objectives by ensuring that risks to the
achievement of objectives are properly treated.
ISO 27001 and ISO 42001
Risk Management and Compliance
Risks dependent
on the AI activities
of the organization
Information security
and AI risks from the
external environment
AI risk management and compliance is
not only for organizations putting in place
operations dependent on AI, but for any
organization with vulnerabilities.

16. Putting in place ISO 42001
Improvement
AIMS
Performance
Evaluation
Support
Operations
Leadership
Planning
Context The ISO 42001 AI
management system is
designed to be a
comprehensive framework
that helps an organization
to manage its AI operations
and risks effectively.

17. Leadership
Planning
Context
Support
Operations
AIMS
Performance
Evaluation
Improvement
Context of the Organization
1
Leadership
2
Planning
3
Operations
5
AI Management System
Performance Evaluation
6
Improvement
7
Support
4

18. Leadership
Planning
Context
Context of the Organization
1  Internal and external context
 Interested Parties (Stakeholders) Analysis

19. Leadership
Planning
Context
Support
Leadership
2
AI Policies and Procedures
Provide management direction and support for AI systems
 AI Policy
 Alignment of Organizational Policies with AI Risks and System Objectives
 Regular Policy Review
Internal Organization
Establish accountability within the organization for AI systems
 AI roles and responsibilities
 Reporting of concerns
 Leadership and commitment
 Scope of the AI Management System
 AI Policy
 Internal organization

20. Planning
Support
Operations
Planning
3  AI Systems Impact Assessment
 Management Guidance for AI System
Development and Maintenance
AI System Risk and Impact Assessment
Assess risks and the impacts to those affected by AI systems
 Assess risks and plan actions to respond to risks and opportunities
 AI system impact on individuals and groups
 AI system societal impact
Management Guidance for AI System
Development and Maintenance
Documented Objectives and Processes
Ensure the organization implements processes for the
responsible design and development of AI systems
 Documented objectives for responsible development
 Documented processes for responsible design and development
Defined Criteria and Requirements in the AI System Life Cycle
Define the criteria and requirements for each stage of the AI system life cycle

21. Management Guidance for AI System
Development and Maintenance
Documented Objectives and Processes
Ensure the organization implements processes for the
responsible design and development of AI systems
 Documented objectives for responsible development
 Documented processes for responsible design and development
Defined Criteria and Requirements in the AI System Life Cycle
Define the criteria and requirements for each stage of the AI system life cycle
Requirements
and
Specifications
Design and
Development
Verification
and Validation
Deployment
Operations
and
Monitoring
Technical
Documentation
Recording of
Events

22. Leadership
Planning
Context
Support
Support
4
 Resources for AI systems
 Information for Interested Parties
Resources for AI systems
Ensure that the organization accounts for the resources of the AI system
 Data resources
 Tooling resources
 System and computing resources
 Human resources
Information for Interested Parties
Ensure interested parties have the necessary information to
understand and assess the AI system's risks and their
impact
 System Documentation and User Information
 External reporting
 Incident reporting
 Information for interested parties

23. Planning
Support
Operations Operations
5
 Controls and Procedures
 Continuous Risk & Impact Assessment
 Data for AI Systems
 Use of AI Systems
 Third-party and Customer Relationships
Data for AI Systems
Define, document and implement data management processes
related to the development of AI systems
 Acquisition
 Quality
 Provenance
 Preparation
Use of AI Systems
Ensure that the organization uses AI systems responsibly and
according to organizational policies
 Responsible use of AI systems
 Intended use of the AI system
Third-party and Customer Relationships
Ensure that the organization understands its responsibilities and
remains accountable, and 3rd party risks are monitored and treated
 Allocating responsibilities between supplier and customer

24. AIMS
Performance
Evaluation
AI Management System
Performance Evaluation
6
 Monitoring
 Internal audit
 Management review

25. AIMS
Improvement
Improvement
7
 Continual improvement
 Nonconformity and
corrective action

26. Leadership
Planning
Context
Support
Operations
AIMS
Performance
Evaluation
Improvement
Context of the Organization
 Internal and external context
 Interested Parties (Stakeholders) Analysis
1
Leadership
 Leadership and commitment
 Scope of the AI Management System
 AI Policy
 Internal organization
2
Planning
 AI Systems Impact Assessment
 Management Guidance for AI System
Development and Maintenance
3
Operations
 Controls and Procedures
 Continuous Risk & Impact Assessment
 Data for AI Systems
 Use of AI Systems
 Third-party and Customer Relationships
5
AI Management System
Performance Evaluation
 Monitoring
 Internal audit
 Management review 6
Improvement
 Continual improvement
 Nonconformity and
corrective action
7
Support
 Resources for AI systems
 Information for Interested Parties
4

27. THANK YOU
Q&A