Myrseth has comprehensive experience in digitalization and data-driven value creation, where ensuring quality and trust has been the focus. Myrseth has been involved or responsible for research and development of methods and services within quality assurance and risk management of digital assets (AI/ML, data, digital twins, sensor systems, etc.). Focus the last 2 years has been on cyber security, risk management and cyber security certification.

Title of the Presentation:

AI empowered risk management and certification

Key words:

Quality & Risk Management, new legislation and standards, cyber security

Key message:  

It is a balancing act to harvest the potential of AI while performing high quality risk management and secure legal compliance. AI is now supporting lifecycle processes of both data products and AI systems. When AI is used to support risk processes there is a need to be aware some new dependencies.

In an era of rapidly changing threats, AI advancements, and evolving legislation and standards, risk management has become increasingly complex. The buzz around digitalization and potential of AI is high. However, harvesting AI’s potential while maintaining high-quality risk management and ensuring compliance is hard.

Imagine a scenario where you use one AI system to monitor another AI system’s quality characteristics and risk factors, and your role is to ensure compliance with legislation and maintain ISO 27001 and ISO 42001 certifications.  For some companies this is already the case within cyber security.

AI is now supporting lifecycle processes of both data products and AI systems, and AI is supporting risk processes.

In this context, we explore in two ongoing projects how to integrate risk processes with systematic processes for information and knowledge refinement. We regard this integration as key to achieve the necessary quality, level of automation, explainability, and uncertainty quantification needed for trustworthy and efficient risk management. And, no exception, AI is supporting in these integrated processes. When AI is used to support risk processes there is a need to be aware new dependencies.

The presentation is based on ongoing work from two EU cyber projects: CyberNemo, focusing on cyber risk management when introducing AI into IT/OT, and Certifai, dedicated to cyber certification of IT/AI systems. The presentation will discuss key legislation and harmonized standards related to AI and cyber, and how these two projects aim to address the challenges outlined above.