ISACA: 数字 Trust Ecosystem Framework (DTEF) Beta application to assure AI environments

ISACA的案例研究.

来自:
英国科学、创新和技术部
发表
2023年12月12日
用例:
大数据分析, 数据驱动的分析, 自然语言处理和生成, 图像识别和视频处理, 机器学习, 深度学习, 虚拟代理或人工会话接口, 机器人过程自动化和决策管理, 机器人和自动驾驶汽车/系统
部门:
农业、林业和渔业(SIC代码A节), 采矿及采石业(SIC规则第B部分), 制造(SIC代码C组), 能源 & 公用设施(SIC规范第D部分 & E), 建筑(SIC规范第F部分), 零售业(SIC代码第G组), 运输 & 存储(SIC代码H组), 住宿及食物服务(SIC规则第I节), 数字 & 通讯(SIC代码第J组), 金融及保险(SIC Code K组), 房地产(SIC代码第L组), 专业、科学 & 专业活动(SIC代码M组), 行政 & 支援服务(SIC守则第N组), 公共管理 & 抗辩(SIC规则第O节), 教育(SIC守则第P组), 医疗保健 & 社会工作(SIC守则第Q组), 艺术、娱乐 & 康乐活动(SIC代码R组)
原则:
安全、可靠、稳健, 适当的透明度和可解释性, 问责制和治理
主要功能:
R&D, 产品和服务开发, 制造业, 服务操作, 供应链管理, 人力资源, 市场营销, 客户服务, 风险管理, 战略与澳门赌场官方下载财务
人工智能保障技术:
数据保证, 合规性审计, 风险评估, 影响评估, 影响评估, 偏见的审计
保证技术方法:
程序上的, 教育

Background & 描述

ISACA’s 数字 Trust Ecosystem Framework (DTEF) offers enterprises a holistic framework that applies systems thinking – the notion that a change in one area can have an impact on another area – across an entire organisation. 像这样, 该框架包括六个领域:文化, 出现, 人为因素, 直接和监控, 体系结构, 启用和支持.

The Framework is suitable for mid to senior level executives and practitioners who are either developing a strategy for AI or implementing AI tools, and who are seeking guidance on techniques to establish trust and trustworthiness in AI.

该框架不是规定性的或狭隘的, 包括详细的实践, 活动, 结果, 控制, KPIs and KRIs that a practitioner can use to implement and assess against. 另外, it is aligned to many existing frameworks on the market so an enterprise that has already adopted a framework such as ISO 27001 or NIST CSF, 是否已经完成了DTEF中列出的许多任务.

有关的跨界别规管原则

安全,安全 & 鲁棒性

This Framework encourages adopters of AI to consider risk and mitigations throughout implementation. 例如, 它建议组织应该考虑他们希望实现的目标, 可能发生误用的地方, and how the model should be trained in order to perform safely and securely. It also addresses the elements of human interaction and verification of results to build assurance.

The following interdependent domains should be considered collectively: Culture, 出现, 人为因素, 直接和监控, 体系结构, 启用和支持.

适当的透明度 & Explainability

The DTEF directs organisations to ensure the introduction of AI is understandable through communication with users so that they are aware of the function it is performing. The role of AI actors within processes and the service portfolio should be clearly acknowledged to avoid misunderstanding.

这在本质上类似于GDPR对个人数据的要求, where an organisation must be transparent about how it uses such data and explain this clearly to the data subject. An AI-related implementation following the DTEF should adopt a similar approach with all stakeholders. 选择, 建立, and maintaining digital relationships requires confidence and transparency from all parties involved.

Most relevant domains: Culture, 人为因素, 直接和监控, 启用和支持.

问责制 & 治理

治理 is a key theme running throughout the Framework particularly as there is often a perception that AI, 就其本质而言, 很容易“失控”. The Framework inspires organisations to account for and review all of the stakeholders involved in an AI lifecycle and ensure appropriate 控制 are put in place, 以及相关的监测和更广泛的GRC功能.

最相关的领域:紧急情况,人为因素,直接和监测.

我们为什么采用这种方法

The Framework is designed and can be used to build assurance for a range of emerging technology systems and is particularly pertinent to AI, which is likely to be applied beyond an organisation’s technology or 安全 departments and will therefore have implications that can cut across departments and business units.

Much in the mode of the principles-based approach to AI safety set out in the UK’s AI White Paper, ISACA’s Framework reflects the fluidity of AI systems and encourages organisations to examine proposals across a broad range of different perspectives. The Framework’s breadth means organisations can assess 安全 questions that are technical, 实用, 和伦理, as well as manage and review the business and financial case for their AI use. The DTEF encourages organisations to revisit the metrics and outputs produced in the process of its application, and to continually review their assurance using compatible maturity assessment frameworks.

使用该技术对组织的好处

DTEF enables organisations to take a strategic view on a potential AI deployment. It encourages consideration of the target culture for use and deployment of AI (and thus has the potential to illuminate cultural inhibitors). 此外, 它有助于解决人工智能参与者的预期边界, control the input variables and define the 控制 which will support the user experience and ultimately support the organisation to determine the resource requirements to run, 控制和管理人工智能系统.

Using the Framework enables organisations to think holistically about the business and financial case for AI use. 然后, organisations can decide whether it is appropriate to embed AI within their service value chain. This overtly strategic approach is more likely to surface risk that might not otherwise be identified by solely tactical or technical teams and increases the likelihood of realising the expected benefits of the implementation.

该方法的局限性

而DTEF提供了一个基本的起点, to get the most value from this approach organisations will need to tailor their specific 活动, 对其特定业务和行业的结果和控制. This approach encourages organisations to have appropriate skillsets, 不仅仅是技术上的, 但也有风险, 安全, 业务变更管理和项目管理技能.

ISACA数字信任生态系统框架

理解全数字信任生态系统

使用ISACA的DTEF优化澳门赌场官方下载数据并维护隐私

ISACA的数字信任使命

进一步的人工智能保障信息

2023年12月12日出版
内容