Introduction to AI Security and Risk Management

• An understanding of basic cybersecurity principles
• Experience with IT governance or risk management frameworks
• Familiarity with general AI concepts is helpful but not required

Audience

• IT security teams
• Risk managers
• Compliance professionals

AI Security and Risk Management is the practice of identifying, mitigating, and governing security threats, compliance risks, and operational exposures in AI-driven systems and workflows.

This instructor-led, live training (online or onsite) is aimed at beginner-level IT security, risk, and compliance professionals who wish to understand foundational AI security concepts, threat vectors, and global frameworks such as NIST AI RMF and ISO/IEC 42001.

By the end of this training, participants will be able to:

• Understand the unique security risks introduced by AI systems.
• Identify threat vectors such as adversarial attacks, data poisoning, and model inversion.
• Apply foundational governance models like the NIST AI Risk Management Framework.
• Align AI use with emerging standards, compliance guidelines, and ethical principles.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Foundations of AI and Security

• What makes AI systems unique from a security perspective
• Overview of AI lifecycle: data, training, inference, and deployment
• Basic taxonomy of AI risks: technical, ethical, legal, and organizational

AI-Specific Threat Vectors

• Adversarial examples and model manipulation
• Model inversion and data leakage risks
• Data poisoning during training phases
• Risks in generative AI (e.g., LLM misuse, prompt injection)

Security Risk Management Frameworks

• NIST AI Risk Management Framework (NIST AI RMF)
• ISO/IEC 42001 and other AI-specific standards
• Mapping AI risk to existing enterprise GRC frameworks

AI Governance and Compliance Principles

• AI accountability and auditability
• Transparency, explainability, and fairness as security-relevant properties
• Bias, discrimination, and downstream harms

Enterprise Readiness and AI Security Policies

• Defining roles and responsibilities in AI security programs
• Policy elements: development, procurement, use, and retirement
• Third-party risk and supplier AI tool usage

Regulatory Landscape and Global Trends

• Overview of the EU AI Act and international regulation
• U.S. Executive Order on Safe, Secure, and Trustworthy AI
• Emerging national frameworks and sector-specific guidance

Optional Workshop: Risk Mapping and Self-Assessment

• Mapping real-world AI use cases to NIST AI RMF functions
• Performing a basic AI risk self-assessment
• Identifying internal gaps in AI security readiness

Summary and Next Steps