Thank you all for coming to check out my talk. This talk is assessing AI risk.It's going to

be a step by step workshop of how to use the NIST AI RMF framework. So I am going to let's see. I'm gonna first talk about some AI challenges. And then after I talk about those challenges, we'll go into a few AI, regulations and frameworks. We'll talk about the NIST AI, risk management framework. It's just gonna be a really high level overview. And then we'll talk about the elements of a risk assessment, and then we'll go into our case study workshop so I can show you how to utilize the NIST, RMF framework. Right? So the purpose of this talk is in my day to day life, I am a business information security officer. And oftentimes, I'm constantly getting requests about, using AI within our organization for projects. Just everybody wants to use AI. Right?

And with AI accelerating at the speed that it is, I feel like we need to take a step back and be sure to assess the risk with using that AI. Right? And oftentimes, maybe you're an organization that is not heavily regulated or, you know, they don't have specific frameworks they go by. The NIST AI RMF is really, a really good framework to use. It's voluntary. It gives, great guidelines. It's agnostic, so you can use it for any industry that you're in. So, that's why I wanted to do a workshop on it to show, high level how to use it, how to do a risk assessment. So So if you've never done a risk assessment before, today, you will be employed to do one. And then, I that's yeah. So that's pretty much it.

Not sure where I left off, but that was really my goal with creating, this talk, and I hope it provides a value to you all. So let me move on to the next slide here. So I wanted to start out with a few challenges that we saw here in real life. Right? Few examples I will give you. So Air Canada, back in February 2024, they had a, virtual an internal virtual assistant that provided an employee with inaccurate company policy. This employee recently lost their grandma. They were trying to understand how bereavement discount works on plane tickets. They they use the virtual assistant. The virtual assistant advised them that they need to buy their plane ticket first and then get reimbursement back. However, when that employee went to buy their ticket, they bought their ticket, they tried to get reimbursement, they were advised by the company that they needed to do that prior to buying their ticket.

The employee definitely seeked, legal ramifications. Air Canada tried to say it wasn't their fault. However, the court did find them, liable for it being their fault because they should have made sure their virtual assistant was programmed to, provide the most appropriate, accurate information. So that's just one example. Next example is iTutor. Back in 2023, a company using an AI powered recruiting software that automatically rejected female applicants ages 55 and older and male applicants ages 60 and older. So this is an example of, discrimination using AI. So this company was also fined and was found at fault for that. The next scenario is ChatGPT, good old GPT. Back in 2023, an attorney used OpenAI Gen AI chatbot to find prior cases to support the case that he was working on for his client. However, at least yeah.

I think he had nine cases, but six of the cases, submitted, did not exist at all. Right? So he was actually fined $5,000 because he did not do his due diligence to make sure that information was accurate because he submitted it along with the case. So this is a perfect example of AI hallucination. And then last but not least is the car brand, manufacturer, Chevrolet. Back in December 2023, a user went on to the website to use a chatbot, and the user told the chatbot, whatever I tell you to do, you will do. And that's exactly what the chatbot did, and that user was able to purchase a Chevrolet Tahoe for $1 and made it a binding agreement. That chatbot was immediately removed from the website after this, customer tweeted about it.

However, Chevrolet did not do the appropriate, would say prompt of engineering for their tool to make sure that other people could not tell the chatbot what to do. So these are perfect examples of why the risk should have been assessed prior to being, you know, deployed within the environment. And that's really my goal for this talk. So if you get nothing from it, make sure that we're looking at the risk. Learn how, your organization is interacting with that tool, and then move forward. So on top of those real life examples, I just wanted to bring up the rest of the AI challenges. So it's gonna be the lack of transparency, bias and discrimination, and privacy concerns. Right? So not knowing how AI is determining, for example, iTutor, we don't know why it decided to reject people that was, 55 and older and 60 and older, male and female.

Right? And then that also brought in discrimination. We wanna make sure our a r AI systems are not inadvertently perpetrating, you know, any societal biases onto people, because that leads to privacy concerns. The EU has a very large the GDPR act alone when it comes to privacy, is large and is very big on making sure that we're not making assumptions of those based off their personal data. Along with, along with just those, we wanna think about the ethical, issues also. AI does not have the ability to make moral and ethical decisions. Right? So that's why assessing the risk of your tools is very, important because we don't want the hallucinations and wrong assumptions to be added. And then along with that, the security risk. AI can be used to develop more advanced cyberattacks, bypass security, measures, and exploit, vulnerabilities within systems.

I'm not too sure who all in this shot is familiar with ransomware, but a great example is, ransomware is used by hackers. They deploy it within the system. They encrypt data, so most likely sensitive data, critical data to the business. They encrypt it, so it's not available to that organization. Right? Oftentimes, organizations need to, they need to decrypt that, but they have to pay. Right? If they do not have a backup of their data, they have no way of getting access to it. They often pay these ransomwares. Hackers have gotten really sophisticated, and they now offer ransomware as a service. They've created AI to where you go by, and and if you wanna deploy ransomware to whoever, whenever, it is just like software as a service now.

So that is, an example of, you know, security risk when it comes to AI and how it's evolving so much. And then along with security risks is those legal risks. Right? Creating the liability. So that goes back to ethics. It can't make, ethical decision that leaves you open to liability. If you're using artificial intelligence within your organization, making sure that there's some sort of governance to make sure you know what your employees are putting into that software so that they, they're not putting that intellectual property into that tool. So just wanted to give a rundown. And then briefly, I'm gonna go into a few AI regulations and governance frameworks. These are just, the three major players right now here in The United States.

It is on a state by state level for their AI, laws that they have in place. And then, unlike the EU, we do not have a omnibus or overall AI act. Hopefully, that comes in the future. Hopefully, that comes in the future for privacy also, but I just wanted to give you all a heads up, on what's out there just for reference other than the NIST. Alright. So the first one is the EU AI Act. So EU is the European Union, and this, proposes a legal framework for mitigating risk within AI technology. It also provides, categories for how to classify those AI risks, either unacceptable, high, limited, minimal. Also requires transparency for AI that individuals interact with and aims to create, like, a balance between innovation and and protection of, people.

Like I said, that's just high level, but this is what's officially out there for the EU. So if your organization's global, this is something I would definitely, research. The next one is, ISO 4,201. This is a global standard. This is a global standard, and often, organizations look to meet this standard when they're looking to, show compliance, and adherence to, you know, the best practices for AI. Right? High level of what the ISO is asking, they ask that you, identify and know what products and services and what activities are using AI within your organization, making sure leadership is aware and there's some sort of governance around that also. So having the right policies in the place, roles roles and responsibilities with that, and making sure that they're evaluating risk. And then there is the NIST AIRMF. NIST stands for National Institute of Standards and Technology, AI, risk management framework.

At a high level, it is really focused on trustworthiness, responsible governance, safety and security, explainability, continuous monitoring. So this is the one that we're going to do our deep dive on for this presentation. Like I said, because it is voluntary, it's really just a set of guidelines. I figured it would be really good, especially if you're in a space where you're not regulated, that you can use this. Alright. So we will go into it. So there's two parts to the NIST, AI RMF. The first part really is to help organizations identify, address, and reduce AI risk by promoting AI solutions that are transparent, audible, and explainable.

So this one really focused on the trustworthiness of AI. So and that would really focus on making sure the biases have been moved. They're not, violating any policies, and then, security gaps, making sure those are addressed. So this is part one of the framework, and then we're gonna do our deep dive into well, high level deep dive into the, part two, which is made up of four core functions. We're going to use these four core functions to do our, risk assessment today. I will have a list of the specific subcategories for each of these core functions. However, I won't go into details everything. It's really just gonna be a high level because I wanna make sure that we have enough time to go through the risk assessment so I can explain, the process of the risk assessment and how to use it.

So as I said, this is really just a set of guidelines that helps organization manage risk. And, really, if you're looking to add value to your organization, you know, hey. Now you have awareness of how of the, framework, how to use it, and then we'll go ahead and go into each of these different ones. So the first core function is govern. Right? And govern is really where it sets the tone for risk management within the organization. So making sure that the organization has design processes. They have procedures in place. You have it documented how you're gonna govern how AI is used within the organization. Assigning roles and responsibilities. So this is really just governing the foundation of how AI is going to be within the organization. So here I have highlighted, govern four .one.

For our case study today, that's the one that we're going to use specifically, and this one looks at, how organization policies and practices are in place to foster critical thinking and safety first mindset. So just keep that in mind. It's a lot to remember, but I just wanted to call out the specific ones that we're going to be doing our risk assessment against. But when you think of the governed function, think about documentation, think about rules and responsibilities, how they're gonna manage risk. Having all of these things in place in order to govern how AI is going to be used within the organization. K? Now as we move on to the map function, the map function, establishes context for organizations looking to frame risk and understand how AI systems contribute to broader goals. Right?

So the map function here is where you're going to understand your capacity for what the tool is doing. You're gonna check for the assumptions that it's making. Right? So that's what, that's what iTutor should have did in their case. Right? And then this is also where you're gonna determine if it's going to hallucinate just like that lawyer should have did. Right? So here you're going to identify, like, how to improve the limitations, identify constraints for real world systems. Here you're going to anticipate the negative effects that, AI would have. So for our risk assessment, we're gonna be looking at map 1.1, subcategory, and we're gonna be making sure that the case study is gonna be used for its intended purposes. The AI tool will be used for intended purposes. So that's what we'll be testing today.

As I said, I will definitely share these slides if you ask, if you reach out to me so that you can have these full subcategories in detail. The next function is going to be our measure function. Let me see. Okay. So the next function is the measure function, and the measure function focuses on how we're going to quali how we're gonna qualify risk, quantify risk, and having some sort of way to measure the risk and impacts to the organization. Right? Here is where we're going to decide what the impact looks like to the organization, what the likelihood of, the use of the AI to to the organization, what that looks like. So this is where we're actually doing the specific evaluations in this specific function. So subcategory 2.2, that's the one that we're gonna use.

We're gonna make sure that for our case study, we're evaluating, how humans interact with that AI tooling. And then last but not least least is the manage function. When you think of the manage function, I want you to think kind of, continuous monitoring or how you're gonna move forward with, the risk that you've determined. Right? So here is where you're going to be making your mitigation plans. You're gonna be allocating resources to mitigate any risk, things like that. You're gonna be having your risk register. That's what the manage function for. It's here to hold you accountable for any other risks that you have, creating controls around those risks, any compensating controls around that risk for, your AI tool. We're gonna be testing, subcategory 3.3 in the manage function for AI risk and the benefits from third party resources that's regularly monitored and risk controls are applied and documented.

All of this will make sense when we move on to our case study. So, like I said, high level overview of the NIST AI RMF. It is a lot of information, but I really wanted to kind of give you all the information overview of it and then walk you through how you would use it. But before we go through that, I don't want to assume that everyone knows how to do a risk assessment. So I want to let you know the elements of a risk assessment. In order to perform a risk assessment, you need to be able to identify the critical, assets within your organization. Right? So you need to be able to identify what tools, what projects, anything within your organization that's gonna be using, artificial intelligence that needs to be evaluated.

Once you identify those assets, you're going to move on to the detect and detect threats and vulnerabilities portion. Right? Here is where you're actually going to conduct a cybersecurity risk analysis to identify internal, external threats. Here's where you're going to say, you know, these are this is a possible scenario that could happen based on using, the specific AI asset. So once you've identified your asset, once you know what the threat or vulnerability is, you'll be able to assess the overall risk impact and likelihood. Here is where you're going to determine if, you know, what's the likelihood of that threat or vulnerability affecting the organization. Right? Is it low? Is it unrealistic? Is it medium, meaning, like, it could possibly happen, but still on really unrealistic, or is it high? Is it a very high realization that this could happen?

So, now after you've assessed the likelihood that it will happen to the organization, you need to develop and implement mitigation strategies. So we talked about that manage function, and that's kinda where that happens. Right? So, here, you need to be able to say, okay. I know what the risk is. I know what the vulnerability is. The likelihood of it happening to the organization is really high. So we need to make sure that we put in x, y, and z things to make sure it doesn't happen to the organization. Right? Whether that's creating documentation, creating somebody that's responsible, or maybe just removing the tool as a whole to mitigate that risk is your, response. And then after you've developed your mitigation statement strategies, you wanna make sure that you monitor and review regularly. Right?

So it's one thing to say you're going to implement this policy, but you need to make sure that you're following up with that. Have a risk register. Risk register is where you're gonna keep all of your risk within the organization and monitor those things. That could be an Excel sheet. That could be a GRC tool, ServiceNow, whatever you use to be able to track that that that risk is, you know, being mitigated is what's suggested. So I just wanted to give you all that overview so you know what to expect from a risk assessment. And now we are going to go into our case study. Alright. So our risk assessment is gonna be based on this case study, Talent Match. Talent Match is sorry. Talent Match is a startup offering an AI driven platform to help companies automate their initial candidate screening.

This system analyzes resumes and application materials assigned as a, quote, unquote, fit score and recommends the top candidates for human reviews. The AI uses historical hiring data and natural language processing. Right? So this focuses that last line here lets us know the transparency and whether it's using to determine who gets to get reviewed by HR. Right? So this platform is being adopted by a large retail chain that hires thousands of employees annually, including frontline, which will be your store workers, and corporate people. Corporate roles such as, you know, HR, IT, folks like that, financial people. Right? So you all are now a part of that large retail chain, and you have been, assigned to assess the risk of using Talent Match. Right?

So now this is the layout of what our risk assessment is gonna look like. K. So we have our govern, map, measure, and manage. So keep in mind, it's governed, not governance. I'm sorry about that. These are the four core functions of that framework, of the NIST AI framework. I pulled out a subcategory for each of these for us to test, and I'll walk us through the logic of, you know, the risk category, the description, likelihood, impact, and mitigation strategies. So just making sure we're good on time still. Okay. So now the first one we're going to run through is govern. Right? We are going to do, our assessment on talent match. As we're going through, our assessment of talent talent match, we noticed a governance gap was identified where no single entity or role was clearly accountable to overview the system.

Right? So nobody in HR is gonna be looking at this. They're just gonna deploy a system like nobody in IT is gonna be responsible for this. They're just gonna put it out there. Right? We don't have any well defined responsibilities, so to make sure that there's no bias, there's no legal noncompliance, or data misuse. Right? Now HR, you know, we have a really solid HR team, so I'll keep that in mind. I will say the risk category for this is gonna be governance gap. Right? Because there's no governance of the actual tune. And the description of this is because there's no assigned roles and responsibilities to the tool. Now, the likelihood within the organization, right, it seems like the risk is a lot is less likely because we have some sort of documentation.

We just need the documentation to be tailored towards this specific app. So we'll just put that at a medium. Right? It's not low because we don't have, well, it's not high because we don't have any documentation. We do. It just needs to be tailored. And then the impact, impact will be pretty high. Right? The impact the thought of the impact is if it did have any bias, the absence of governance leads to unmanaged risk exposure. Right? So that would have a really big impact for the organization if it did, you know, cause bias in selecting those candidates. The way we're gonna mitigate this is by creating some sort of governance committee. Right? We're gonna have someone from legal.

We're gonna have someone from HR, and we're gonna have somebody from IT to be able to clear to do oversight of this, tool. Right? So that way we can always make sure that there's governance that has been established and that they're gonna be keeping track of this. So that is gonna be our first example. Let me go to chat to make sure that you all don't have any questions. Okay. Good. Hopefully, you all are keeping up. So, let's do the next one. Right? We're gonna go to the map function. The map function, that subcategory is around understanding the context and use of talent match. Right? So in our initial risk assessment, we're focusing on defining the intent and purpose of talent match. Right? We know it's automated. Right? We know it's gonna be automated.

We know it's supposed to select employees for us. However, it can you know, I think the gap here is what is the fit score. Right? We know it's based on hiring data, but we wanna make sure that fit score is in alignment with the organization's mission, with their policies, things like that. So it's not hallucinating or discriminating against people. So that risk category is gonna be misuse of AI. Right? And then I'll bring it up on the screen so you all don't have to wait for me to walk through it. But the description is AI is used beyond, its design. Maybe it's making final decisions on who should be picked versus, you know, bringing a broad set of candidates for us, and then the likelihood is gonna be moderate.

So the misuse of data, lack of clarity, and education because someone is still going to be looking at this in the end. It would be high if we didn't have, like, anybody in HR looking at it. Right? It would be high if it was, like, an automatic determine who would be hired for the job. So So we're gonna set this as, medium. It's not low because, it's still a risk. There's still a chance that misuse can happen. And then the impact is high because the consequence of that. Right? We'll have legal ramifications. We may lose a candidate. We may get sued, you know, for discrimination. That's why the impact is high to the organization. So based on the risk category of the description, our mitigation strategy should be to define the use and limitation and and enforce the terms of service. Right?

We need a comprehensive policy, which will be embedded in the client onboarding. So when we onboard, we'll make sure that there's training to our HR people, to legal, to whoever to make sure that we understand the intent of use for that this and that it's not misused and discriminating against candidates. Alrighty. So let's go through the next category. It's going to be evaluating systems measurement. Right? So now that we know, okay, there's a gap in who's governing it, we may have misuse of data, we need to enforce terms, We need to be able to understand, the effectiveness of the system, and that's what the measure core function is for. So we need to make sure it's accurately identifying candidates' job who fit the job. Right? So it was discovered that, you know, in your assessment, remember, you're an employee at this retail. It was discovered that the model, you know, underperformed for certain jobs.

So, the data is just not accurate for all roles. Right? Maybe for retail people, it had lower expectation, but for corporate people, it had higher expectations. Right? So now this is raising concerns about the qualified people that it is, shortlisting. K. So the risk category for this could be model inaccuracy. So it could be inaccurate as to who's qualified for the growing. The description that we're gonna have for this is that the scores don't actually reflect candidate fit. Right? So remember, talent match has, like, the score fit that it's using, but we've discovered in evaluating that system that that those talent fitters is not really accurate. Right? The likelihood that this is happening is, it's medium. Right? It's medium because it's going off of historical hiring data. So it is using actually sample data. However, it is still just misaligned. It's not high because we it is using data we already have provided. K? The impact, however, would be really high. Right?

So the impact to us is if the score fit did not align. Maybe we hired somebody that was underqualified for the job. Right? Maybe we missed out on really good candidates because the score fit just wasn't accurate, and it automatically pushed them out. So our mitigation strategy is to make sure we're doing some sort of benchmark testing and user testing. We're gonna use a set of resumes to make sure that that fit match is accurate so that we're not, getting anyone underqualified or missing out on really good candidates. Alrighty. And then last but not least, we're going to move on to the manage function. So the manage function here is where I say we are going to be able to put the actual actions and how we're gonna mitigate those risks. Right?

So we're doing subcategory, three dot one. And here, we're gonna make sure that, based on those risks that we've identified, you know, how we're gonna move forward. K? So for this, now that we've observed the gap in the formalized, like, risk identification, we don't have a way, I guess, we would say. We don't have a way to determine if someone misuses the tower badge. Right? So if someone goes in and tries to modify it, what the structure looks like, how do we know if there's known issues in, like, fairness? Like, critical issues will go overlooked and delayed, and we have no way of responding to that with talent match. So it's a medium because we have ways there is a way for people to contact us. Right?

So if they need help filling in an application, things like that, that's why it's set to a medium. So if we had no controls in place, it would be, pretty high. If we had exceptional controls in place, it would be low. But for right now, this is still, in the gray area, so we'll keep it at medium. However, the impact is gonna be high. Right? The delayed response, especially if you are, you know, required to abide by GDPR or the EU act, they have specific time frames for expectations for response, even incident response. You're required to, notify folks within a specific time frame. So now in order to mitigate that, we wanna establish a formal risk registry or some sort of incident response so that we'll have a way to address these risks right away.

So now we've done our risk assessment. Like I said, this is just high level of how you would use the mist.ai framework on how to do a risk assessment. I really hope this helped. And you would take these mitigation strategies, put it in your risk register. So put what the risk is, put what the mitigation strategies, and make sure you're tracking that to, completion. So I know we're running up on time. This is, the last slide. But if you get nothing out of talk, I want you to understand how you would use this within your organization. Right? So the approach is how do you adapt these functions? First, I would tell you gain an understanding. Right? Understand the inventory of all the AI assets and systems and what their function and scope is and the vulnerabilities are.

Once you know the inventory, you can go ahead and start to understand the risk. Right? Using that map functions help you identify the risk across your AI systems, understand what the risk is, determine the risk, govern those risks. Right? So determining the likelihood, the impact, documenting that down, knowing that you have to, based on the risk assessment assessment that you'll need to put a procedure in place, put a policy in place, that govern function is really essential. And then making sure we're doing continuous monitoring. Right? It's one thing to understand the risk in the organization, but it's another thing not to act on mitigating those risks and keeping up. Right? Making sure that you're reviewing your tools annually to understand, if anything has changed with that tool. Maybe we're getting a new set of dataset. Maybe, they're storing information differently.

We wanna make sure that we're keeping up with that.