Home
We've seen AI/GenAI arrive as a capability enhancer to existing products/platforms/apps/etc. To what extent should an organization be proactive and aware of existing or pending "AI" capabilities that otherwise "just arrive" to users. Are organizations now profiling each deployed commercial product/platform/app ? And once known, are these commercial products/platforms/apps designed to disable AI/GenAI features? Could there be a better way - such as having an extended "AI" profile on the FedRAMP marketplace (or equivalent) ? Thoughts ?

We've seen AI/GenAI arrive as a capability enhancer to existing products/platforms/apps/etc. To what extent should an organization be proactive and aware of existing or pending "AI" capabilities that otherwise "just arrive" to users. Are organizations now profiling each deployed commercial product/platform/app ? And once known, are these commercial products/platforms/apps designed to disable AI/GenAI features? Could there be a better way - such as having an extended "AI" profile on the FedRAMP marketplace (or equivalent) ? Thoughts ?

1.3k views1 Upvote2 Comments

Sort By:

Oldest

Director, Global Intelligent Automation CoE in Manufacturing2 months ago

Below points can help with effectively managing AI/GenAI integrations.
Proactive Monitoring: Ensures risks are managed, compliance is maintained, and benefits are optimized.
Profiling Deployed Products: Identifies AI/GenAI integration, unintended functionalities, and impacts on security and user experience.
Disabling AI/GenAI Features: Aligns technology use with policies and regulatory requirements.
Better Approaches (Extended “AI” Profile): Provides a standardized way to evaluate and compare AI/GenAI capabilities, aiding in decision-making.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

AVP of Information Security2 months ago

My thoughts are that organizations are accountable to know where their customer data is being transmitted, processed, or stored at all times. This should include AI and LLM. In certain environments, clients may require approval before submitting data to such platforms.

As to whether there is a better way, there are frameworks already out there for AI but it seems like most of them are still in draft and not finalized. One example is the NIST AI Risk Management framework referenced below.AI Risk Management Framework | NIST. There are some great resources, but it seems like it's very early.

Content you might like

For a medium to large enterprise, we are reviewing options for phishing simulation tools to enhance our security awareness program. Could you share any recommendations or experiences with specific tools that have worked well in your organisations?

Security Security Strategy & Roadmap Awareness & Training

Information Security Analyst in Manufacturing6 days ago

I have experience with a couple of different phishing simulation solutions, from the earlier Wombat phishing simulation platform (now Proofpoint ThreatSim) to KnowBe4. Wombat was always a good solution, but I haven't used ...read more

1 Reply

314 views2 Comments

Who will WIN Generative AI Future (GPT/ChatGPT)?

Data & Analytics Disruptive & Emerging Technologies End-User Services & Collaboration+1 more

Open AI (Game Changer: adoption w/ChatGPT)41%

Google (Game Changer: inventor of Transformers, Bard)19%

Microsoft (Game Changer: real time BingGPT+Search plus enterprise enablement)19%

Meta (Game Changer: LLM that can run on single GPU)6%

Amazon (Game Changer: TBD)4%

X.AI / Elon Musk (Game Changer: TBD)3%

Baidu (Chinese tech giant, with GPT version released in March)2%

Someone completely new6%

View Results

46.7k views49 Upvotes15 Comments

When it comes to managing USB storage devices on your network, what solutions do some of you have in place? We need to manage this better for CMMC (compliance).

Process Management

IT Manager in Telecommunication6 days ago

You can use device control of some endpoint protection solutions, like Kaspersky, but I use Sophos Intercept X because you don´t only can block USB ports, it also has a strong integrated DLP solution in the same product to ...read more

How do you make an architectural proposal? We are working on the creation and storage of documents: reports, user friendly print outs etc. We currently have many ways to create documents and we store them in various places but want to simplify this by first looking at what we actually need as documents etc... but I want to create a paper that talks about where we are today and that we recommend going forward an agreed set of patterns and technologies - decommissioning plans etc. Does anyone do this and have a template or headings they follow? We are calling it our document strategy but when i look at strategy papers they talk manly about IT strategies, or EA strategies (the bigger picture) so perhaps we are starting with the wrong language.

Process Management

IT Enterprise Architect in Telecommunication4 days ago

Just side idea: as an intro to management and wide audience I was always using high level ppt slides to show
* current architecture landscape and
* target scenario
Often there were some migration steps in between. ...read more

298 views1 Comment

What qualities or traits do you believe are most important in a leader? (Select up to three)

People & Leadership

Visionary30%

Communication skills59%

Empathy52%

Accountability38%

Decision-making skills39%

Adaptability20%

Integrity30%

Team-building17%

View Results

35.1k views8 Upvotes1 Comment