Alexis B.’s Post

In the next 5 minutes, you will learn how to use a free model coded in #R to quantify IT and #AIrisks. These particular risks are broken down into components to cover from immediate data recovery costs to potential fines, legal costs, contractual compensations, and societal impacts like discrimination and fraud. With new regulations and SEC disclosures, increased threat attacks, and cyber insurance requirements, this area is 🔥 fuego in #RiskManagement. With hella money flowing in, there's no shortage of new 🐂💩 artists, self-proclaimed "AI experts" or "risk gurus", who can't explain basic terms like correlation or data poisoning. 😬 If you're tired of "wet finger in the air" assessments for paper compliance, here's what you can do: 1️⃣ Get familiar with the model's lingo and approach by reading the presentation 2️⃣ Open a free R compiler like https://rdrr.io/snippets/. 3️⃣ Grab my code from GitHub and tweak it to fit your data: https://lnkd.in/dX9HeMD3. 4️⃣ Show some love 💛 by liking, commenting, and sharing this post, and throw in a skill endorsement if you dig what I'm doing! 🚀 You don't need a #GRC software to assess #cyber and AI risks. No software can replace the lack of talent in facilitating data-driven discussions on threat vectors, and compliance obligations. Start by mastering the basics of probabilities, coding, and key controls like #ISO27001, #ISO42001, and #NIST 800 53 and 100. If you're keen on exploring the nexus of cyber, AI, and compliance risks, follow these pros: Katharina Koerner, Toju Duke, Valentine Goddard, Theodore Bruckbauer, Somil Gupta, Martin Moeller, Bhagyashree Pancholy, Irudhaya Rajesh Johnsam , Ketaki Sodhi, PhD, Kim Lucy, Piotr Kluczwajd ツ , Paolo Giudici, Steven O'Sullivan MBA, SCCISP, CISSP, Andrea Bonime-Blanc, JD/PhD, Samrah Kazmi, Laurent De Grauwe, Ed Sewell and Walter Haydock. They're the real deal in #artificialintelligence #airisks #modelrisk #digitalbusiness #digitalcommerce #decisionintelligence #genai and #decisionanalysis

Just a quick PSA: LLMs don’t have memory, they don’t learn from your data, this is a VERY common misunderstanding. The information security danger goes like this: User-> input database-> LLM -> output database -> User Basically all of the commercial chat bot products have these input/output databases(ChatGPT, Bard, Claude, etc), the LLM itself is has no memory. They do it for a few good reasons: 1. Quality control (output vs. input) 2. Ethical guards (avoid offensive outputs) 3. Future training (yeah, that’s how they tune and train future model) Most quality paid tools (like Rogue) protect and keep all the data private to you. If you’re paying for a tool, all the question.

I've been thinking about digital forensic tools recently. When I started off in the late 90's there were very few "forensic" tools around. "Expert Witness" was my first exposure to a dedicated tool, but back then I knew of nothing else. I had heard of TCT (The Coronor's Toolkit) but at that time, Unix may as well have been formal Klingon to me! My very first "forensic" examination of a computer was to recover evidence of international money laundering from a laptop. I was given the assignment because 1. I worked in the Forensic Services Division for a Federal Agency (as a Chemist!), and 2. I had demonstrated more than a casual interest in understanding computers. So here I was, facing a laptop with possible evidence on it, no tools or experience to rely on, and a ticking clock. Conventional forensics is built on Locard's exchange principle which in essence says every contact will leave a trace. The challenge for me now was to get at the data on this hard drive without writing to it (did I also mention, this was before the days of write blockers too?) I did a lot of reading, and discovered that the commands used in booting up a device from a floppy disk (yup, 3.5 inch floppy disks, no USB devices back then either!) included multiple reverences to a labelled partition. I learned that commands needed to access a storage device, read from a particular area from that device, interpret the information read, and then interact with the interpreted region. I could not control the device access, or reading, but if I could control the interaction, I could hopefully prevent any data alteration. In short, I learned about the environment I was working in. Those lessons helped me form a plan of action, and that plan of action formed the basis of test trials. Those test trials confirmed my hypothesis, I was able to then use my developed process to successfully complete the data recovery and bring the investigation to a conclusion. In doing so, I learned a lot along the way. If you're starting out in digital forensics, don't get hung up on having this tool or that dongle, they are all nothing more than means to meet an objective. Take the time instead to understand the environment you're investigating, be it a dead box examination or a large scale network. Learn how it is supposed to work. Learn the steps that take place when something starts up, when something is plugged, in, when something is mounted or unmounted, learn, learn, LEARN! Anyone can swing a hammer. It takes knowledge and understanding to know which hammer to use for a given situation, where to swing it and how! If you are interested in learning more about a flying by the seat of your pants digital investigation and the importance of understanding, find a copy of Cliff Stohl's "The Cuckoo's Egg". It opened my eyes to what could be done if you take the time to learn, and it started a fire in me to learn what could be done from a Unix command line. Maybe it will start a fire in you too!

Obtaining IPDR/CDR Evidence from VoIP in “BHARAT” Legal Framework - The Telegraph Act, 1885   - Sections 3, 4, 7 govern telecom licensees  - Sections 125, 126 deal with call data disclosure - The Information Technology Act, 2000  - Section 69 allows lawful interception of data  - Sections 85-87 cover cyber forensic processes Procedure for Law Enforcement Agencies 1. Identification   - Determine service providers and target accounts 2. Formal Request   - File under CrPC S. 91 or IT Act S. 69    - Mention designated authority as Secretary, DIT 3. Request Details  - Target details, suspected offence    - Specify data required: IPDR, CDR, content  - Provide date range: 30 days min as per rules 4. Service Provider Response  - Provide requested data securely to agency   - Data should be in electronic form for processing 5. Judicial Oversight  - Designated authority will oversee compliance  - Orders are to be reviewed by Review Committee  - Data to be produced in court if required Processing & Analysis of Data 1. Data Extraction  - Extract IPDR/CDR files from encrypted archives  - Parse into usable formats: CSV, JSON etc.  2. Link & Pattern Analysis  - Identify associated numbers, IPs, locations  - Analyze communication patterns over time 3. Visualization  - Construct network graphs, call timelines  - Map locations, correlate with other evidence 4. Documentation  - Write forensic reports detailing findings   - Maintain audit trail of entire process Posts related to IPDR and CDR : IPDR: Part-1 https://lnkd.in/gMdr3eSD Part-2 https://lnkd.in/gCDrca5H CDR: https://lnkd.in/gecyHPJF #cybersecurity #soc #socanalyst #digitalforensics #foreniscscience #foreniscs #ipdr #cdr #law #forensicinvestigation

We're diving deep into the critical topic of security in AI, particularly within legal operations. As AI technologies become increasingly integral to our workflows, understanding how to safeguard sensitive data and comply with regulations is paramount.

Thriving in a privacy-aware world is a challenge for most organizations. Thankfully, PII redaction models and APIs can help them navigate the challenge. #PIIPrivacySustainability #DataProtectionLongTermCompliance #DataPrivacySustainabilityStrategies #DataAnonymizationSustainability #PrivacySustainedCompliance #CybersecurityContinuousMonitoring #DataProtectionContinuousImprovement #DataPrivacySustainabilityFrameworks https://bit.ly/3sKGMWF

50 useful Forensic Tools.

Are you inundated with the Tsunami of interest around GAI at your company? Wondering how you can mitigate the plethora of ever-growing risks that come with allowing its usage? There are no silver bullets but here's five steps to get started: 1. Create a comprehensive GAI policy, complete with coverage for all GAI types, listing highly relevant examples of DOs & Don'ts. Then train every employee on it with specialized training for your developers 2. Deploy what technical controls that currently exist; e.g., DLP and CASB, and BOLO for new ones 3. Extend your 3rd party vendor management program and controls around GAI and its related supply chain 4. Perform continuous threat modeling as the GAI usage/reliance evolves in your environment 5. Acquire a locally hosted model #gai #artificialintelligence

The extraction of data is a pretty curious task in itself. As the process is systematic and very careful, and the sources for the data range from actual digital devices to networks and online platforms, the choice of forensic tools is often critical to the success of evidence acquisition. These tools include software applications specifically designed to collect, preserve, and analyze digital data without altering the original content. Besides, such software if to be reputable, well-established (recognized within the digital forensics community), and to be kept regularly updated to keep up with technological advancements and emerging digital threats. In some cases though, acquiring live data from running systems may be necessary to capture volatile evidence that would be lost upon shutdown. #psychology #cyberpsychology #digitalforensics #forensiccyberpsychology

We are pleased to see that analyst again conclude that SAS is the leader in Enterprise Fraud Management platforms. "SAS’s productized, out-of-the-box supervised and unsupervised machine learning models for banking transaction monitoring are ahead of the competition and require less effort to train than those of competitors. Analyst investigation screens are intuitive and customizable. Reporting is versatile, visually pleasing, and easy to configure." #SAS #Fraud #Banking #AI