An examination of AI Policy Frameworks: the NIST AI RMF and others
In recent years, especially with both the impact of ChatGPT and AI artwork, artificial intelligence has come to the forefront for many people. And this includes cybersecurity, especially as people wonder how it may affect them, especially if it takes their jobs! In light of this, many have started working on frameworks that can be applied to AI. NIST, maybe better known for things such as the cybersecurity and privacy frameworks and the like, has in recent years involved itself in AI, in part due to an executive order. This has included the creation of the AI Risk Management Framework (AI RMF), which was rolled out early last year. This framework is intended to help incorporate “trustworthiness” considerations into the design, development, use, and evaluation of AI products, services, and systems. Nor are they alone in this, as there are similar works coming from other countries as well as from international organizations such as ISO/IEC and OECD. With this presentation we will focus on the NIST AI RMF, how it is structured and how it may be used, as well as reviewing the many AI related resources at NIST. We will touch on some of the other frameworks, many of which are already tied with the AI RMF. For any wanting to understand how AI may be improved, understanding these control frameworks may help.
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG. GSNA, is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.