Data Security

 View Only

Data Security Working Group Meeting - 8/29/24

  • 1.  Data Security Working Group Meeting - 8/29/24

    Posted Aug 29, 2024 03:01:00 PM

    Data Security Working Group Meeting - 8/29/24

    Publications in Development:

    Meeting Summary:

    The meeting covered several topics including the transition of the SECtember conference to virtual formats and the release of the Top Threats Report for Cloud Computing 2024. The group is working on two papers related to data security in AI environments. Content development was discussed, with a call for team contributions and concerns about progress due to members' busy schedules. Insights on new healthcare regulatory AI-related content were shared, alongside discussions on AI safety assessments from organizations like NIST, HITRUST, and WHO, with questions regarding similar regulations in the financial sector. The development of a cyber resiliency survey report was also highlighted, with the report releasing expected soon. Finally, the group discussed potential blog ideas to complement ongoing research, encouraging participants to contribute relevant topics.

    1. CSA Events and Research Updates

    2. Content Development and Collaboration

    • Alex expressed concern about the lack of progress in content development, attributing it to team members being busy with their regular jobs and summer activities.
    • Alex suggested that if anyone wants to work on a section, they could indicate their interest by putting their name in parentheses next to the section, which would help in tracking contributions. There can be multiple names attached to a section, with collaboration encouraged.
    • The group is working on two data security-related papers: Data Security within an AI Environment, and Data Lifecycle, with outlines prepared for both ready for further development.

    3. AI Safety Assessments and Regulatory Developments

    • Alex mentioned that organizations such as NIST, HITRUST, and the WHO are releasing AI safety assessments and tools related to AI models and data risk, indicating a growing trend in regulation.

    4. Cyber Resiliency Survey and Report Development

    • Alex indicated that the report from the cyber resiliency survey is expected to be released in the next few weeks, with ongoing design and finalization stages still in progress.

    5. Regulatory Frameworks and Cloud Adoption

    • The main concerns regarding cloud adoption include a skills gap, lack of internal strategy, and issues related to Identity and Access Management (IAM).
    • Data privacy and integrity were highlighted as the top concerns associated with generative AI, emphasizing the risks of misuse, data accuracy, and information bias.

    6. Data Security Group Updates and Blog Ideas

    • Alex mentioned that participants should keep in mind any new topics or ideas related to data security that may arise, indicating an openness to suggestions that could lead to further exploration and development.
    • Alex highlighted the need for blog ideas that could serve as additional content for the group, suggesting that these blogs could be shorter and more specific, potentially related to ongoing research or entirely new topics. 
    • Natural Disasters: A Perfect Storm for Data Breaches written by  Rocco Alfonzetti is a great example of a release on behalf of the Data Security Working Group.


    ------------------------------
    Alex Kaluza
    Research Analyst
    Cloud Security Alliance
    ------------------------------