IT Examiner School eBook May 2025

A.I. Risk Management Considerations

Fairness and Bias

Governance

Data Security

Transparency

Reliability

• Sensitive data and weakly secured AI models can create vulnerabilities, leading to data exposure or manipulation through data poisoning and adversarial attacks, which can compromise system integrity.

• No formal policy with defined roles in AI decision-making and risks oversight. •Weak governance structures may struggle to identify, monitor, and mitigate risks effectively.

• Feeding

• Complex AI algorithms often lack

• Due to

algorithms with incomplete or incorrect data is the primary cause of unintended

changing data patterns, AI systems may become less accurate over time, leading to poor

explainability, making it difficult to understand or justify decisions.

bias in AI outputs.

decision making.

Recent AI-Related Guidance

• November 2023 – National Cyber Security Centre (NCSC) & US Cybersecurity and Infrastructure Security Agency (CISA) "Joint Guidelines for Secure AI System Development" www.cisa.gov/news events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development

• March 2024 – US Treasury "Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector" https://home.treasury.gov/news/press-releases/jy2212

• October 2024 – NYS DFS "Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks" Industry Letter Industry Letter - October 16, 2024: Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks | Department of Financial Services