A Copilot for ISO 27001, a free ChatGPT Security course, and community thoughts on banning AI
Hello there
I hope you had a great week.
Mine was good, but news about what’s going on with AI and cybersecurity can feel overwhelming. Don’t you think so as well? That’s why we’re not gonna be exhaustive. Just trying to cover what makes a better ISMS in the AI age.
Shall we shart?
Every week, I’ll send 3 thoughts on managing an information security system in the AI era.
Here’s what I have for you today:
Personal Insight: ISMS Copilot
Teaching Update: ChatGPT Security course is now free
Community Perception: Banning vs Regulating AI?
1. Personal Insight
I’ve been thinking about some ways to leverage AI tools for preparing ISO 27001 certification without compromising sensitive information.
I think there’s a way.
Let me explain.
When asking a question to AI tools, you can either provide a lot of details or give just what the AI needs to reply something useful.
In the latter case, AI turns out to be a good assistant without necessarily needing any specific information about your business.
Example: “What are information security management actions that must be done perpetually and will never be considered complete due to their cyclical nature?”
This question does not need the user to send any sensitive information but can provide useful guidance.
What if there was an ISO 27001 Copilot for this?
I’ve been experimenting with a low-tech version of an ISO 27001 copilot, that would always remind you what you can accomplish or which document you can work on based on your stage of the certification preparation.
I could turn it into a real assistant, but I just needed your input first.
So, here is the question:
Would you like an AI assistant for ISO 27001 certification preparation and maintenance?
Reply by commenting on this post or filling out this form.
2. Teaching Update
I made a big decision.
I don’t know whether I’m going to regret this or not.
Despite having worked for months on the preparation of a ChatGPT Security Course, I decided to make it free.
This course’s mission is very simple: teaching applicable data protection techniques for anybody using ChatGPT.
I hope that by opening it, many people will take the opportunity to learn how to use AI more safely.
Here’s where I need your help.
Sharing it with your network or suggesting it inside your company would be very beneficial.
It has been done to democratize a use of AI compatible with information security.
Are you with me?
3. Community Perception
I’m curious about whether information security officers prefer banning AI tools or regulating their usage.
I actually launched a poll on LinkedIn, and despite doing dozens of thousands of views with my posts recently, the poll had very little success.
But the answer was clear: 100% responded they preferred regulating AI tool usage to a complete ban.
These are good reasons for this. One has been mentioned in an interesting post by Loic Boutet on Linkedin:
People always find ways to use AI, so a ban might not be effective.
That’s why as of today regulation is an appealing solution to me.
By regulation, I mean:
Education → Teaching people how to use AI securely
Defining rules → Writing a ChatGPT policy that defines Do’s and Dont’s.
Recommending safer tools → ChatGPT is not alone. I just discovered safebrain.ai. They provide an interface similar to ChatGPT, but with a focus on data protection, I let you discover.
Does that seem reasonable to you?
Answers to such questions keep evolving. But this regulation idea has been sticking around ever since I discovered AI.
That’s it!
Thank you for reading today’s edition.
What do you think about this new format?
Reply to this email if you enjoyed it.