Nothing Standard About It: An Analysis of Minimum Security Standards in Organizations

Weidman, Jake; Bilogrevic, Igor; Großklags, Jens

doi:10.1007/978-3-030-66504-3_16

Cited by 1 publication

(1 citation statement)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We look to the field of information security as one potential model for success due to similarities between the two fields. In particular, information security deals with a number of competing theories [45] and standards [56,65,68] that make it challenging to harmonize controls. Moreover, information security, like ethical AI, aims to find heuristics, stopgaps, and proxies for computationally intractable problems [14,17] with important human impacts.…”

Section: Introductionmentioning

confidence: 99%

Towards a Responsible AI Development Lifecycle: Lessons From Information Security

Galinkin

2022

Preprint

View full text Add to dashboard Cite

Legislation and public sentiment throughout the world have promoted fairness metrics, explainability, and interpretability as prescriptions for the responsible development of ethical artificial intelligence systems. Despite the importance of these three pillars in the foundation of the field, they can be challenging to operationalize and attempts to solve the problems in production environments often feel Sisyphean. This difficulty stems from a number of factors: fairness metrics are computationally difficult to incorporate into training and rarely alleviate all of the harms perpetrated by these systems. Interpretability and explainability can be gamed to appear fair, may inadvertently reduce the privacy of personal information contained in training data, and increase user confidence in predictions -even when the explanations are wrong. In this work, we propose a framework for responsibly developing artificial intelligence systems by incorporating lessons from the field of information security and the secure development lifecycle to overcome challenges associated with protecting users in adversarial settings. In particular, we propose leveraging the concepts of threat modeling, design review, penetration testing, and incident response in the context of developing AI systems as ways to resolve shortcomings in the aforementioned methods. CCS CONCEPTS• Security and privacy → Human and societal aspects of security and privacy; • Social and professional topics → User characteristics; Computing / technology policy.

show abstract

Section: Introductionmentioning

confidence: 99%

Towards a Responsible AI Development Lifecycle: Lessons From Information Security

Galinkin

2022

Preprint

View full text Add to dashboard Cite

show abstract

Nothing Standard About It: An Analysis of Minimum Security Standards in Organizations

Cited by 1 publication

References 34 publications

Towards a Responsible AI Development Lifecycle: Lessons From Information Security

Towards a Responsible AI Development Lifecycle: Lessons From Information Security

Contact Info

Product

Resources

About