With the 2024.1 release, Security Compass is pleased to announce the addition of new AI security content and training for SD Elements. This includes:
- AWS Sagemaker Security Content
- ENISA Standards/OWASP Top Ten for Machine Learning (ML) Security Content
- Defending AI Just-In-Time Training modules
SD Elements security content library also features:
- NIST AI Risk Management Framework (RMF)
- OWASP Top Ten for Large Language Models (LLMs)
A recent Security Compass survey found that 66% of businesses with over $5B in annual revenue have already integrated AI into their products and services or set it as a high priority to do so. Our goal at Security Compass is to ensure that your organization has the requirements and training to build products and software that are secure-by-design, if you build, manage, or deploy ML models.
AWS Sagemaker Security Content: “Build, train, and deploy your machine learning ML models faster”
AWS Sagemaker is one of the top cloud based services that helps data scientists, machine learning engineers, and developers to build, train, and deploy ML models at scale. SD Elements has added security requirements to address the risks of using AWS Sagemaker.
To access the security requirements for AWS Sagemaker, you must first complete the survey. You will find Sagemaker under Deployment → Cloud Computing → Cloud Providers → AWS Content (Non-Story driven) → Sagemaker.
If you are building a diagram, then you will have the ability to add the AWS Sagemaker component to your canvas.
SD Elements will then generate the necessary requirements that need to be addressed with detailed guidance.
ENISA and OWASP Top Ten for Machine Learning Security Content
In June of 2023, the European Union Agency for Cybersecurity (ENISA) published a framework for security of AI. The goal of the framework is to assist organizations that develop or use AI systems with the standards to secure their AI systems, operations and processes. The OWASP Top Ten for Machine Learning (ML) Project aims to deliver an overview of the top 10 security issues of machine learning systems. This includes Data and Model Poisoning, Model Theft, Supply Chain Attacks, etc.
To support the ENISA AI framework and the OWASP Top Ten for ML, SD Elements now offers a consolidated list of threats, weaknesses and countermeasures that combines and covers the ENISA framework and OWASP Top 10 ML project.
You will be able to access this content within the survey under Application General → Context and Characteristics → Build and deploy machine learning (ML) models. Once you complete the survey, SD Elements will generate the requisite security requirements.
SD Elements will also generate a project report by following the path: Reports → Project Reports → ENISA – Securing Machine Learning Algorithms. The report will break down countermeasure completion status based on ENISA – Securing Machine Learning Algorithms section & phase within the software development lifecycle.
Defending AI
SD Elements now supports 17 micro-modules based on the OWASP Top Ten for LLMs. Topics covered in the modules include:
- AI Cybersecurity Landscape
- Protecting Data Models
- Securing Model Interactions
- Preventing AI Abuse
- AI Governance
If you select, Uses Large Language Models (LLMs), in the survey, then your users will see the modules within the applicable countermeasures.
The module, if applicable, will be available within the countermeasure by following the path Countermeasures → Training → Defending AI. The module will then appear once you click on the link.
Ready to Take The Next Step?
To learn more about SD Elements AI security content and training, schedule a demo with one of our Account Executives.
Learn More
Security Compass enables you to deliver secure & compliant products and software by design.
By taking a proactive approach to threat modeling and secure development, SD Elements improves software security at scale, reduces operational costs, and helps organizations achieve compliance. Application Security Training from Security Compass takes developers from good to great with accredited role-based security eLearning.
Leading organizations across industries are using Security Compass’ developer-centric technologies and expertise to adopt a “security by design” approach and scale their AppSec efforts beyond what was possible with traditional “find and fix” methodologies.
New to SD Elements? Request a demo to explore how our solutions can transform your software security landscape.