AI Security (ASE)
The international standard ISO/IEC 27005:2011 defines information security risk management. In the context of artificial intelligence, and in particular with regard to AI systems that are based on ML approaches, a number of new issues, such as data poisoning, adversarial attacks, and model stealing, as described in ISO/IEC TR 24028:2020, should be considered in addition to traditional information and system security concerns. These new issues include data poisoning, adversarial attacks, and model stealing.
Controls related to this risk category are listed as below:
- ASE 01 - Evaluation of Security
- ASE 02 - Adversarial Attacks Prevention