Security, Compliance and Governance for AI Flashcards
What is a defense in depth security strategy?
Uses multiple redundant defenses to protect your AWS accounts, workloads, data, and assets.
How do you protect data at rest?
Encrypt with AWS Key Management Service (AWS KMS)
How do you protect data in transit?
1) AWS Certificate Manager (ACM) 2)AWS Private Certificate Authority (AWS Private CA).
Amazon service for identity and access management
AWS Identity and Access Management (IAM).
AWS application protection services
measures to protect against various threats, such as unauthorized access, data breaches, denial-of-service (DoS) attacks, and other security vulnerabilities.
AWS Shield
Amazon Cognito
Infrastructure protection services
AWS Identity and Access Management (IAM)
IAM user groups and network access control lists (network ACLs)
AWS services that provide network and edge protection
Amazon Virtual Private Cloud (Amazon VPC)
AWS WAF
Threat detection and incident response services
AWS Security Hub
Amazon GuardDuty
What is Data logging?
Data logging involves the systematic recording of data related to the processing of an AI workload. This can include the following:
Tracking inputs Tracking outputs Model performance metrics System events
What are prompt injections?
In these attacks, adversaries attempt to manipulate the input prompts of generative AI models to generate malicious or undesirable content
The Open Web Application Security Project (OWASP)
Industry standard list of the top 10 vulnerabilities that can impact a generative AI LLM system
The Open Web Application Security Project (OWASP) Top 10
Prompt injection: Malicious user inputs that can manipulate the behavior of a language model
2
Insecure output handling: Failure to properly sanitize or validate model outputs, leading to security vulnerabilities
3
Training data poisoning: Introducing malicious data into a model’s training set, causing it to learn harmful behaviors
4
Model denial of service: Techniques that exploit vulnerabilities in a model’s architecture to disrupt its availability
5
Supply chain vulnerabilities: Weaknesses in the software, hardware, or services used to build or deploy a model
6
Sensitive information disclosure: Leakage of sensitive data through model outputs or other unintended channels
7
Insecure plugin design: Flaws in the design or implementation of optional model components that can be exploited
8
Excessive agency: Granting a model too much autonomy or capability, leading to unintended and potentially harmful actions
9
Overreliance: Over-dependence on a model’s capabilities, leading to over-trust and failure to properly audit its outputs
10
Model theft: Unauthorized access or copying of a model’s parameters or architecture, allowing for its reuse or misuse
What does AWS Security Hub provide?
a single dashboard to view all security findings, and to create and run automated playbooks.
What does AWS Key management service (KMS) do?
AWS KMS encrypts data and gives customers the choice and control of using AWS managed keys or customer-managed keys to protect their data.