Should infosec leaders approach third-party risk management, or other vendor-related processes, any differently when it comes to GenAI tools?

73 views2 Comments

Sort by:

CISO in Energy and Utilitiesa year ago

Similarly, I do not see a need to alter our third-party risk management processes specifically for GenAI tools. We utilize a dual approach involving questionnaires and technical assessments to understand and manage vendor risks. This method remains effective regardless of whether we are dealing with traditional technologies or new advancements like GenAI.

VP of Information Security in Softwarea year ago

I believe that the approach to third-party risk management should remain consistent, even with the introduction of GenAI tools. The fundamental processes and strategies we employ for assessing and managing risks with vendors do not fundamentally change just because the technology involved is new or different.

Content you might like

What "tells" have you noticed for AI-generated text (i.e., typical words/phrases, or other patterns indicative of GenAI)?

What key learnings has your organization gained from the cloud outages that we’ve seen this year with Azure, AWS or Cloudflare? Have any of these outage events led you to implement additional resilience measures, or make other changes?

Does your org currently provide AI literacy training?

Yes - for all employees49%

Yes - for some employees27%

Not yet - working on this16%

No7%

View Results

What is a "must have" meeting for you or your team? If you can please share why/what makes it so great - topic, frequency, etc. - I'm looking to brainstorm some fresh opportunities for my group.

To your knowledge, does your current board of directors include at least one person with a cyber background?

Yes, more than one22%

Yes, one45%

No, but we plan to add someone with a cyber background18%

No13%

I don’t know