Somo 1Udhibiti wa upatikanaji na ruhusa za msingi-jukumu, haki ndogo, kufuatilia upatikanaji wa hakiSehemu hii inaelezea jinsi ya kubuni udhibiti wa upatikanaji na ruhusa za msingi-jukumu kwa mifumo ya AI, kutekeleza haki ndogo, na kufuatilia upatikanaji wa haki ili data nyeti na utendaji wa usimamizi ubaki chini ya udhibiti mkali.
Defining AI-specific roles and permissionsImplementing least privilege for AI adminsStrong authentication for privileged usersSession recording and just-in-time accessPeriodic access review and recertificationSomo 2Kurekodi, nyayo za ukaguzi, na kurekodi kisizibadilika kwa rekodi za upatikanaji wa data na masuala ya modeliSehemu hii inashughulikia mikakati ya kurekodi kwa mifumo ya AI, ikiwa ni pamoja na nyayo za ukaguzi za kina na rekodi zisizobadilika kwa upatikanaji wa data na masuala ya modeli, ikiruhusu uchunguzi, uwajibikaji, na ushahidi kwa ukaguzi wa kisheria au wa ndani.
Defining AI logging scope and granularityCapturing user, admin, and system actionsImmutable logging and tamper resistanceLog minimization and pseudonymizationLog review, alerting, and investigationsSomo 3Kupunguza data na uchakataji wa awali: mbinu za kupunguza PII kabla ya kutuma kwa LLMSehemu hii inaelezea mbinu za kupunguza data na uchakataji wa awali unaopunguza data ya kibinafsi kabla ya kuipeleka kwa modeli za AI, ikitumia kufuta, kuunganisha, na kubadilisha ili kupunguza hatari huku ikidumisha manufaa kwa kesi za biashara.
Identifying unnecessary personal data fieldsRedaction and masking of free-text inputsAggregation and generalization techniquesEdge preprocessing before API submissionBalancing utility with minimization dutiesSomo 4Kuchuja pembejeo na uhandisi wa amri: kuondoa data nyeti, kuchafua chenye muundo, vichambuzi vya NLPSehemu hii inazingatia kuchuja pembejeo na uhandisi wa amri ili kuondoa data nyeti kabla ya uchakataji, ikitumia kuchafua chenye muundo na vichambuzi vya NLP ili kugundua maudhui hatari na kutekeleza sera za mfumo kwenye mpaka.
Pattern-based scrubbing of identifiersNLP classifiers for sensitive categoriesPrompt templates that avoid PII captureReal-time input validation and blockingUser guidance and consent at input timeSomo 5Utawala: kuunganisha DPIA, Mikataba ya Uchakataji wa Data (DPAs), sasisho za rekodi na udhibiti wa mabadilikoSehemu hii inaelezea miundo ya utawala kwa AI, ikiwa ni pamoja na kuunganisha DPIAs, kusimamia Mikataba ya Uchakataji wa Data, na kudumisha rekodi na udhibiti wa mabadiliko ili marekebisho ya mfumo yabaki wazi, yatathminiwa, na kufuata sheria.
When and how to run AI-focused DPIAsKey DPA clauses for AI processingMaintaining records of processing for AIChange control for models and datasetsGovernance forums and approval workflowsSomo 6Mbinu za kutambulisha kwa siri na tokenization kwa data ya maandishi huru na nyanja zilizopangwaSehemu hii inachunguza mikakati ya kutambulisha kwa siri na tokenization kwa maandishi huru na nyanja zilizopangwa, ikionyesha jinsi ya kubadilisha vitambulishi kwa token zinazoweza kurejeshwa au zisizoweza huku ikisimamia hatari za kutambua upya na kutenganisha funguo.
Pseudonymization versus anonymization limitsTokenization for structured identifiersHandling names and IDs in free-text dataKey and token vault management controlsRe-identification risk assessment methodsSomo 7Kuchuja matokeo na uchakataji wa baadaye: kugundua unyeti, kugundua maono, alama za uaminifuSehemu hii inashughulikia taratibu zinazochunguza na kurekebisha matokeo ya AI ili kugundua data nyeti, kutambua maono, na kutumia alama za uaminifu ili majibu hatari yazuiliwe, yawekwe alama, au pelekezwe kwa ukaguzi kabla ya kufikia watumiaji wa mwisho.
Detecting personal and sensitive data in model outputsHallucination detection rules and model ensemblesDesigning confidence scores and thresholdsHuman review workflows for risky responsesUser feedback loops to refine output filtersSomo 8Sera za uhifadhi, kufuta kiotomatiki, na uhifadhi wa nakala unaolingana na kupunguza madhumuniSehemu hii inaelezea jinsi ya kufafanua ratiba za uhifadhi kwa data ya AI, kusanidi kufuta kiotomatiki, na kuunganisha nakala za ziada na kupunguza madhumuni ili data ya mafunzo, rekodi, na amri zisihifadhiwe muda mrefu zaidi ya lazima au kutumiwa kwa njia isiyolingana.
Mapping data categories to retention periodsAutomated deletion of prompts and logsBackup retention and restore testingHandling legal holds and exceptionsDocumenting retention decisions for auditsSomo 9Kutenganisha na kupunguza kiwango cha simu za API; kudhibiti, uthibitisho wa ombi, na kuweka foleniSehemu hii inaelezea jinsi ya kutenganisha huduma za AI, kudhibiti kiasi cha trafiki, na kuthibitisha maombi yanayoingia kwa kutumia kutenganisha, mipaka ya kiwango, kudhibiti, na kuweka foleni ili mifumo ibaki thabiti, salama, na sugu dhidi ya matumizi mabaya au kukata huduma.
Designing API rate limits and burst controlsSandbox environments for testing AI featuresRequest validation and schema enforcementQueueing strategies for high-volume workloadsAbuse detection and automated blocking rulesSomo 10Utafiti wa watoa huduma: dodoso la usalama, ripoti za SOC/ISO, mahitaji ya vipimo vya kupenyaSehemu hii inaelezea jinsi ya kutathmini watoa huduma wa AI kwa kutumia utafiti wa kina uliopangwa, ikiwa ni pamoja na dodoso la usalama, ripoti za SOC na ISO, na mahitaji ya vipimo vya kupenya, kuhakikisha wachakataji wanafikia matarajio ya kisheria, usalama, na uimara.
Building AI-specific security questionnairesReviewing SOC 2, ISO 27001, and similar reportsPenetration testing scope for AI integrationsAssessing data residency and subcontractorsOngoing vendor monitoring and reassessmentSomo 11Hatua za kiutendaji: mafunzo ya wafanyakazi, privacy-by-design, vitabu vya majibu ya tukio, taratibu za arifa za uvunjajiSehemu hii inazingatia kinga za kiutendaji kama mafunzo ya wafanyakazi, privacy-by-design, vitabu vya majibu ya tukio, na taratibu za arifa za uvunjaji ili kuhakikisha shughuli za AI zinabaki kufuata sheria, sugu, na zimeandikwa vizuri.
AI-specific security and privacy trainingEmbedding privacy by design in AI projectsIncident detection and triage for AI systemsAI incident response and communication plansBreach notification timelines and contentSomo 12Usifishaji katika usafirishaji na wakati wa kupumzika; udhibiti wa funguo na usifishaji wa bahasha kwa pembejeo/matokeo ya modeliSehemu hii inashughulikia usifishaji katika usafirishaji na wakati wa kupumzika kwa data ya AI, ikiwa ni pamoja na udhibiti wa funguo na miundo ya usifishaji wa bahasha inayolinda amri, matokeo, na rekodi huku ikisaidia udhibiti wa upatikanaji, kuzungusha, na matarajio ya kisheria.
TLS configuration for AI APIs and servicesDisk, database, and object storage encryptionEnvelope encryption for prompts and outputsKey lifecycle, rotation, and segregationHSMs and cloud KMS integration options
