Security, Compliance, and Governance for AI Solutions Flashcards
AWS Audit Manager helps you continually audit your AWS usage to streamline how you manage risk and compliance with regulations and industry standards.
Audit Manager automates evidence collection so you can conveniently assess whether your policies, procedures, and activities (also known as controls) are operating effectively. When it’s time for an audit, Audit Manager helps you manage stakeholder reviews of your controls.
Some tasks you can perform with Audit Manager include the following:
Upload and manage evidence from hybrid or multi-cloud environments.
Support common compliance standards and regulations.
Monitor your active assessments.
Search for evidence.
Ensure evidence integrity.
Trusted Advisor
Use cases for Trusted Advisor include:
Optimizing cost and efficiency
Assessing your AWS environment against security standards and best practices
Improving performance
Improving resilience
The OWASP Top 10 for LLMs
Prompt injection: Malicious user inputs that can manipulate the behavior of a language model
2
Insecure output handling: Failure to properly sanitize or validate model outputs, leading to security vulnerabilities
3
Training data poisoning: Introducing malicious data into a model’s training set, causing it to learn harmful behaviors
4
Model denial of service: Techniques that exploit vulnerabilities in a model’s architecture to disrupt its availability
5
Supply chain vulnerabilities: Weaknesses in the software, hardware, or services used to build or deploy a model
6
Sensitive information disclosure: Leakage of sensitive data through model outputs or other unintended channels
7
Insecure plugin design: Flaws in the design or implementation of optional model components that can be exploited
8
Excessive agency: Granting a model too much autonomy or capability, leading to unintended and potentially harmful actions
9
Overreliance: Over-dependence on a model’s capabilities, leading to over-trust and failure to properly audit its outputs
10
Model theft: Unauthorized access or copying of a model’s parameters or architecture, allowing for its reuse or misuse
AWS Security Hub provides customers with
a single dashboard to view all security findings, and to create and run automated playbooks.
AWS KMS
encrypts data and gives customers the choice and control of using AWS managed keys or customer-managed keys to protect their data.
Amazon GuardDuty is a
threat detection service that monitors for suspicious activity and unauthorized behavior to protect AWS accounts, workloads, and data.
AWS Shield Advanced
helps protect workloads against Distributed Denial of Service (DDoS) events. AWS Shield Advanced includes AWS WAF and AWS Firewall Manager.
Source citation in generative AI
refers to the act of properly attributing and acknowledging the sources of the data used to train the model.
Accurate source citation helps users and stakeholders understand the origins of the information used to generate the AI-produced content. This prepares them to assess the reliability and trustworthiness of the output.
Documenting data origins in the context of generative AI involves
providing detailed information about the provenance, or the place of origin of the data used to train the model.
Documenting the data origins is important for understanding the potential biases, limitations, or quality issues that might be present in the training data. This can ultimately impact the performance and reliability of the generative AI model.
A generative AI application typically includes three kinds of data
customer data, fine-tuning data, and training data
The AWS Privacy Reference Architecture (AWS PRA) offers
a set of guidelines to assist in the design and implementation of privacy-supporting controls within AWS services. This guide can help you make informed decisions regarding the people, processes, and technology that are necessary to ensure privacy in the AWS Cloud environment.
