Join Sean Martin as he interviews Jeremy Huval, Chief Innovation Officer at HITRUST, discussing the latest advancements in AI security and risk management. Discover how HITRUST's innovative framework and new AI Security Certification will helping organizations safeguard their AI capabilities and ensuring compliance with the ever-evolving landscape of AI threats.
HITRUST will launch its AI Security Certification in December 2024, addressing the unique security risks of artificial intelligence systems. As AI reshapes the cybersecurity landscape, existing control frameworks, including HITRUST CSF, do not fully address new and evolving threats. The certification offers prescriptive controls to help secure AI deployments effectively.
Targeted at AI platform and product providers, this certification is an optional extension to HITRUST CSF validated assessments. It addresses AI-specific threats alongside traditional cybersecurity risks, focusing on security practices for AI/ML deployments, including generative AI.
The certification integrates with third-party risk management (TPRM) platforms, enabling more efficient workflows for managing AI solution security. This helps organizations manage AI risk, adopt AI solutions with confidence, and reduce complexity, time, and costs.
Designed to enhance third-party AI risk management, the certification allows organizations to identify shared security responsibilities between AI providers and users. It ensures greater trust and security across AI deployments, helping businesses stay ahead of emerging AI threats.
The draft certification specification is open for public comment until October 17, 2024.
To learn more and to provide feedback visit: https://www.manula.com/manuals/hitrust/ai-security-certification-requirements-draft/1/en/topic/about
Learn more about HITRUST: https://itspm.ag/itsphitweb
Note: This story contains promotional content. Learn more.
Guest: Jeremy Huval, Chief Innovation Officer, HITRUST [@HITRUST]
On LinkedIn | https://www.linkedin.com/in/jeremyhuval/
Resources
Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust
Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
HITRUST Announces Industry-Leading AI Security Certification | 7 Minutes on ITSPmagazine | A HITRUST Short Brand Innovation Story with Jeremy Huval
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Here we are, ready for another 7 minutes on ITSB Magazine with a new short brand story. Today I'm joined by the one and only Jeremy Huval, the Chief Innovation Officer at HITRUST, who is leader in Enterprise Risk Management Information Security and Compliance Assurances. Welcome, Jeremy.
Jeremy Huval: Hey, good to be here.
Sean Martin: It's good to see you again. Good to have you on the show. And, uh, no question, I've, uh, Followed high trust and, and, and worked with the team for a long time. And you've continuously been an innovator, uh, an innovator and visionary in the risk management insurance space. And, uh, you continue to develop new things.
And I think we're going to talk a little bit about some of the stuff that you've, uh, you've been working on lately around AI. So give us an overview of what that is.
Jeremy Huval: Yeah, absolutely. Um, and thanks for the opportunity. So high trust says for 17 years now, I've been providing, um, cyber security assurances and privacy assurances to really help organizations.
understand sort of the [00:01:00] threats they face and the risks that they face and guide them toward effective risk mitigation. And we do that through a bunch of ways. One of them is a really robust controls framework, um, that we harmonize authoritative sources, we call them, but we harmonize standards, frameworks, guidance from standard setting bodies.
We bring laws in like HIPAA. Um, we consider NISP special publications and we've been doing this for a long time. And the outcome of that is sort of an assurance in cybersecurity machine that helps organizations really understand what they should be doing to protect themselves and to achieve certifications to demonstrate that outward to key customers in the third party risk management space and even to internal stakeholders like boards of directors and those charged with governance.
And so this machine that we've been building up over. IT assurance and IT compliance and cybersecurity. It was really well poised to help us shift toward doing that same thing on the [00:02:00] AI space. And so we've known AI has been around for a very long time as a field of study decades and predictive AI has been around for a lot of years in corporate America.
But with generative AI, just popping as, as much as it has, we said, we cannot delay, we must help organizations. Understand the risks and threats they face on this AI landscape as well, because the business is pulling AI in and security and risk management and governance need not lag. And so we've over the past year and a half, two years been working on updating this assurance, Sort of offering machine that I've talked about.
So we've updated that harmonized framework by bringing in many AI authoritative sources from the likes of ISO and NIST and OWASP and MITRE Atlas, for example, um, and we continue to add more and more AI security guidance. Um, we're also updating our, what we call our assurance program that issues certifications by standing up.
I'm very happy to announce [00:03:00] this year, probably early December, this year, We're going to roll out an AI security certification. And so, uh, really excited to talk about that with you as well.
Sean Martin: So, for the benefit of the folks listening and watching, you kind of covered both bookends, right? There's the risk that we're going to help mitigate, and then the assurance that we've done that.
But all the hard work in the middle is where high trust really shines as well, right? Understanding, you mentioned the frameworks and getting the controls in place and the policies to support that. And helping teams do that efficiently and effectively, not just for themselves, but their third parties as well.
I don't, do you want to highlight that in the, in the context of AI, um, kind of walking through that, that flow and how that all turns out for, for folks.
Jeremy Huval: Yeah, absolutely. And so we know that you can't achieve AI security without foundational cybersecurity of the overall it system. And so organizations that are doing high trust [00:04:00] AI IT certification for cybersecurity will now have the option to expand their, their assessment.
To include AI security risks. We've got what I think is a really good AI security collection of controls, 44 specifically that are mapped to 15 unique AI cybersecurity threats. And this is meant for AI providers. So organizations who are building AI into their platforms, or maybe cloud service providers who have AI capabilities that they're building them, that they're offering for platform as a service.
And if you are an AI provider. You right now need to start demonstrating to your customers what you were doing to secure that AI capability. And that's what really, this is all about securing the AI capabilities that you're bringing to market and being able to demonstrate that with clarity. And we haven't done this alone.
We've been working with a number of working groups that we've stood up. Um, and I was very happy two days ago. We just kind of bookended. We had our last meeting for very large AI [00:05:00] working group and it felt like graduating a college class. It was so cool. We all learned a lot going through it, but we had the likes of a big cloud service providers like Microsoft and AWS with very large healthcare organizations like Johnson and Johnson and Optum.
We also had a number of professional services firms who are going to be delivering this kind of engagements doing this work dozen over a dozen professional services firms who all had input into what I'm talking about and she helped shaped it and Also that input loop is not done. We've got the Um, specification for the certification I'm talking about.
Our AI cybersecurity certification specification is open right now in draft. So anyone that's interested can see what I'm talking about and give us feedback to help shape this thing and make sure it's right size and it works for everyone. And we've taken a lot of care. To make that as transparent and easy to access and easy to give feedback.
That's open now through, um, October 17th, 2024. Um, and you'll know, as you look through it, you'll [00:06:00] note that it supports a lot of really common AI use cases like rag, uh, use of embeddings and even agents and plugins and small language models. So we really feel like this is something to be excited about.
Sean Martin: Uh, certainly lots to be excited about.
And I, I really wanna highlight the, um, the, the ecosystem that you've built in terms of providers, frameworks, uh, assessors, the, the folks that provide the assurance, and of course, uh, high trusts does all the hard work to, to bring all these folks together and, and to raise the bar for everybody. And then everybody has a chance to, to, uh, work with each other to.
To get that assurance that everybody else wants from them, customers and partners alike. So Jeremy, any, any final thoughts in the last few seconds?
Jeremy Huval: Oh, no. Thanks for the opportunity to share this detail with you.
Sean Martin: I appreciate it. And, uh, everybody please, uh, check out high trust, uh, high trust alliance. [00:07:00] net, uh, connected Jeremy.
And that is seven minutes here on ITSP magazine. Thank you.
Jeremy Huval: Rock out.