What sorts of guardrails should be considered before making ChatGPT part of your org’s security compliance efforts?

1.6k views1 Upvote6 Comments

Sort by:

Director of Enablement2 years ago

Many vendors are adding OpenAI connectors to their products under the guise that ‘they’re an AI company now’

Check what they’re doing with your data.

Are they issuing new Data Processing Agreements? Do they have your consent to send data to a third party?

When OpenAI has another data breach, what impact will this have on your business?

Global Head of AI, Data & Analytics in Software2 years ago

Is your data being sent back for model training
Is there a reason ChatGPT specifically is being made part of the efforts
What is the nature of the data and who are the users of the chatbot

Director of IT in Energy and Utilities2 years ago

Definition of standards and policies for reference points in compliance efforts.

CISO in Software2 years ago

Your regulatory environment will inform some of this. Production environments should inform most of the rest.

For those opposed to hitting ChatGPT with the ban-hammer I think it's likely you will see some sort of structured review and approval process folded into most corporate governance.

Senior VP & CISO2 years ago

Review existing polices data governance, data protection, acceptable use, infosec, etc. Communicate reminder on those policies. Consider a governance committee.

Content you might like

Are we in a GenAI bubble, and do you expect it to pop soon?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

I'm looking for an open-source IGA solution, has anyone had any experience they can share?

Has cryptocurrency helped to facilitate the ransomware market?

Yes80%

No15%

Unsure4%

View Results

What sorts of guardrails should be considered before making ChatGPT part of your org’s security compliance efforts?

Sort by:

Content you might like

Are we in a GenAI bubble, and do you expect it to pop soon?

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

I'm looking for an open-source IGA solution, has anyone had any experience they can share?

Has cryptocurrency helped to facilitate the ransomware market?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go