Reconciling AI and Cybersecurity Governance: Legal and Operational Controls

Companies are deploying artificial intelligence systems across business-critical functions. These systems are powered by novel technology, but they are subject to pre-existing cybersecurity and data protection laws and regulations. Yet many companies have begun establishing AI governance programs that are disconnected from enterprise cybersecurity risk management. When governance is siloed, the results include duplicated efforts, conflicting controls and gaps that regulators and adversaries can exploit. 

This session will describe how incidents involving AI systems create regulatory obligations, contractual risks and operational impacts. It will discuss best practices for reconciling the distinct governance requirements for AI with the continuing need for enterprise-wide cybersecurity governance. Speakers will provide a practical framework for integrating AI systems into cybersecurity programs, including through risk assessments, security controls, vendor risk management and incident response. Attendees will learn how to align AI governance with cybersecurity governance and implement defensible, risk-based controls consistent with regulatory expectations.

What you will learn:

• How existing cybersecurity and data protection laws apply to AI systems and how regulators evaluate cybersecurity governance over those systems. 
• How to integrate AI systems into enterprise cybersecurity programs through inventories, risk assessments, access controls and processes to incorporate AI systems into monitoring and incident response processes. 
• What governance, legal and technical controls companies and institutions should implement to manage cybersecurity risks affecting AI systems.