Security News > 2023 > June > AI: Interpreting regulation and implementing good practice
In addition to being consistent the principles of regulation should be flexible, both to cater for the speed of technological development and to enable businesses to apply appropriate requirements to their capabilities and risk profile.
Regardless of what regulation is coming, it is worthwhile for every business to understand how the risk is being evaluated, the current exposure level, and how standards and regulation will affect the company.
Not just the risk of accuracy but responsible AI risk.
We should consider where AI risk sits in the context of cybersecurity risk and the broader enterprise risk management framework.
The question of where the responsibility for AI risk should sit within an organization should be: the security team or the board?
It would seem sensible that AI risk should be embedded into innovation and planning - we can address threat modelling now and even strive for a future that includes "ML-Sec-Ops" - as the lifecycle requirements of these systems will also need to be monitored and managed.