Building a Cybersecurity Program to Safeguard AI Systems & Applications

All attendees will receive a signed Certificate of Attendance recognizing six hours of completed coursework. This certificate may be submitted for self-reported CPE credit with applicable certifying bodies. Breakfast and lunch will be provided. This training is ideal for IT and security leaders, finance and business executives, C-level decision-makers, and practitioners seeking to understand the evolving impact of AI on cybersecurity and governance.

Artificial Intelligence (AI) enables computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Applications and devices equipped with AI can see and identify objects, understand, and respond to human language, learn from new information and experience. This class focuses on how the development of AI capabilities, technologies, and tools impact cybersecurity.

Lesson 1: What is AI, Generative AI, Large Language Models (LLMs), AI Agents?

Introduction to Artificial Intelligence (AI) including how AI works, AI architecture components and processes (models, algorithms, workflows). Includes a discussion of Generative AI, LLMs, Foundation Models, Frontier Models, and AI Agents.

Lesson 2: AI Cloud Adoption Frameworks (CAFs)

Developing an AI strategy and AI plan for governing, designing, building, implementing, securing, managing AI workloads (IaaS, PaaS, SaaS) in the cloud. Includes a discussion of Microsoft Azure, AWS, Google Cloud and Oracle AI Cloud Adoption Frameworks (CAFs).

Lesson 3: What are AI Threats and Vulnerabilities?

Overview of AI Threats (i.e., Adversarial AI) the MITRE ATLAS Framework, the OWASP Top 10 for Large Language Model (LLM) applications, and OWASP Agentic AI threats and mitigations.

Lesson 4: What are AI Security Controls Frameworks?

Overview of NIST SP 800-218A Secure Software Development Practices for Generative AI and Dual-use Foundation Models, the Google Secure AI Framework (SAIF), the OWASP Generative AI Security Solutions, and Cloud Security Alliance (CSA): AI Model Risk Management Framework.

Lesson 5: Building an AI System Security Plan (SSP)

Overview of NIST SP 800-18 Rev 2 Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems, Microsoft AI Security Risk Assessment, the OpenAI Security Program for ChatGPT and API services, and Artificial Intelligence TEVV (Testing, Evaluation, Validation, and Verification).

Lesson 6: AI Governance, Risk, Compliance, Audit

Overview of AI Governance and Policies, AI Risk Management, AI Compliance Regulations, and conducting an AI Audit. Includes Overview of AI Governance, Commonwealth of Massachusetts AI Policy, University of Massachusetts Lowell Generative AI Security and Privacy Policy, NIST AI 100-1: AI Risk Management Framework (RMF), Compliance Frameworks (European Union AI Act, State of Colorado AI Act), and European Data Protection Board (EDPB) AI Audit Checklist.

Upon completion of the training, attendees will have a high-level understanding of AI, its impact on cybersecurity, and actions organizations should take to benefit from AI security planning. This includes incorporating AI into their security strategy, plan, design, development, deployment, operations, maintenance, governance, risk, compliance and audit programs.

Speaker:

Larry Wilson, CISSP, CISA, is a current cybersecurity consultant and instructor, and the former CISO of University of Massachusetts (UMass), Worcester Polytechnic Institute (WPI) and Sumitomo Pharma Americas (SMPA). He is an Adjunct Professor at the University of Massachusetts (Lowell) in their MS Cybersecurity Studies program where he teaches classes on Designing a Cybersecurity Program based on the NIST Cybersecurity Framework, and Designing a Ransomware Program based on the CISA #Stop Ransomware Guide. He also teaches classes on Cybersecurity Program Development and Ransomware Defenses tat SecureWorld conferences.

Larry has conducted multiple consulting engagements (20+) across various industry sectors, including Government, Education, Health Care and Financial Services. He has also presented and instructed at industry forums including InfraGard, ISACA New England (including teaching the CISA Certification Class), Educause, Federal Reserve Bank, Advanced Cyber Security Center (ACSC) and many others.