This podcast explores MITRE's SAFE-AI framework, a comprehensive guide for securing AI-enabled systems, developed by authors such as J. Kressel and R. Perrella. It builds upon established NIST standards and the MITRE Adversarial Threat Landscape for Artificial Intelligence Systems (ATLAS)™ framework, emphasizing the thorough evaluation of risks introduced by AI technologies. The need for SAFE-AI arises from AI's inherent dependency on data and learning processes, contributing to an expanded attack surface through issues like adversarial inputs, poisoning, exploiting automated decision-making, and supply chain vulnerabilities. By systematically identifying and addressing AI-specific threats and concerns across Environment, AI Platform, AI Model, and AI Data elements, SAFE-AI strengthens security control selection and assessment processes to ensure trustworthy AI-enabled systems.

www.compliancehub.wiki/navigating-the-ai-security-landscape-a-deep-dive-into-mitres-safe-ai-framework-for-compliance

Sponsors: https://airiskassess.com

https://cloudassess.vibehack.dev

In today's interconnected world, organizational supply chains stretch far beyond direct vendors, creating complex multi-tiered ecosystems where risks lurk deep within the 'invisible links' of fourth-party providers and beyond. Organizations often "fly blind" regarding these deeper dependencies, yet remain fully responsible for the potential data breaches, operational failures, and reputational damage that can cascade from a compromised supplier's supplier. This podcast explores how comprehensive Cybersecurity Supply Chain Risk Management (C-SCRM) strategies, including robust contractual flow-down requirements and continuous monitoring, can illuminate these hidden risks and build true supply chain resilience.

www.securitycareers.help/beyond-the-known-navigating-cybersecurity-risks-in-your-multi-tiered-supply-chain

Sponsor: https://www.compliancehub.wiki

In today's increasingly complex regulatory landscape, organizations frequently grapple with manual processes, audit fatigue, and duplicated efforts across multiple frameworks, leading to significant costs and inefficiencies. This episode delves into how GRC platforms and automation are fundamentally transforming compliance management by centralizing data, streamlining workflows like evidence collection, and enabling continuous monitoring. Discover how a "Test once, comply many" strategy, supported by technology that harmonizes controls across diverse regulations, can drastically reduce operational burdens and provide real-time insights into your entire compliance program.

www.compliancehub.wiki/navigating-the-regulatory-labyrinth-how-grc-platforms-are-revolutionizing-compliance-management

Sponsors:

https://globalcompliancemap.com

This podcast uncovers China's state-driven campaign to dominate global artificial intelligence, revealing a sweeping national buildout of AI data centers and a strategic fusion of commercial capacity with geopolitical intent. We explore how the People's Republic of China's (PRC) rapid infrastructure expansion, including over 250 AI data centers and projected 750 EFLOPS of compute, directly supports its military modernization and integrates with the People's Liberation Army (PLA). Furthermore, we delve into the profound implications of these developments, including the dual-use nature of PRC AI applications and how leading AI models, even those hosted in the U.S., exhibit bias towards Chinese Communist Party (CCP) narratives and propaganda.

www.compliancehub.wiki/the-dragons-ai-engine-unpacking-chinas-global-ambitions-and-the-rise-of-propaganda-laden-ai

This podcast is your essential guide to building a robust cybersecurity risk management strategy for network and information systems across Europe, as mandated by the NIS2 Directive. We delve into ENISA's Technical Implementation Guidance, breaking down its core components, such as risk management frameworks, incident handling, and supply chain security, to provide actionable advice for relevant entities. Discover how ENISA continuously reviews and updates its guidance, integrating feedback, industry good practices, and the latest standards to remain relevant against evolving cyber threats.

www.compliancehub.wiki/navigating-nis2-compliance-a-deep-dive-into-enisas-technical-implementation-guidance-for-robust-cybersecurity-risk-management

The evolving landscape of cybersecurity now places Chief Information Security Officers (CISOs) at significant personal legal risk, evidenced by landmark cases such as Uber's Joe Sullivan conviction for covering up a data breach and the SEC's charges against SolarWinds' CISO Tim Brown for misrepresenting security practices. This heightened accountability is driving major shifts in corporate governance, with nearly all organizations implementing policy changes, increasing CISO participation in board-level strategic decisions, and demanding greater scrutiny of security disclosure documentation. Crucially, while CISOs face growing exposure, a notable percentage are not covered by their company’s D&O policy, making Directors & Officers (D&O) insurance a critical yet often overlooked component of personal and organizational risk mitigation, necessitating a unified approach to cyber and D&O coverage.

www.securitycareers.help/ciso-under-fire-navigating-personal-liability-in-the-cyber-age