From the course: AI Security Tools and Automation
Join today to access over 25,300 courses taught by industry experts.
GRC and AI classification
From the course: AI Security Tools and Automation
GRC and AI classification
GRC data is not just documents. It is policies, regulations, control mappings, audit evidence, and sometimes sensitive internal findings. Not all that data should ever go into an AI system, especially Cloud-hosted API. Some of it's public, some of it's confidential, some of it's legally restricted. That's why the first step before using AI and compliance is not prompting, it's data classification. The big takeaway here is asking yourself, should I use AI for this? You have to decide what data is safe to send to a model. What must stay on your systems and what can only be used in a tightly controlled workflow? Public data can go straight into the Cloud. Internal data needs a review. Check your data processing agreements and consider local models. Confidential data should only run in on-prem or air-gapped AI systems, and restricted data requires extreme caution. In many cases, it should not be used with AI at all. There are four major categories of data that show up in every GRC…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.