« Référent sécurité en Intelligence Artificielle/en » : différence entre les versions

De Wiki Campus Cyber
Aller à :navigation, rechercher
(Page créée avec « * Ensures that the data science team implements the security requirements of their organisation and regulators, applicable to their working environment and the AI models produced; * Maintains a culture and reflexes of cybersecurity in the data science team; * Relays the needs of the data science team to the cybersecurity correspondents in his/her organisation. == Day-to-day activities == As a member of (or seconded to) a data science team, the cybersecurity ad... »)
(Page créée avec « * Fundamentals of cybersecurity (threats, risk analysis, needs, mechanisms, architecture, cloudsec) * Ability to organize security intelligence (threats, vulnerabilities, solutions): source, processing... * Knowledge of AI attack types and mitigation principles * Working knowledge of data protection mechanisms, including data pipeline security (transfer, storage, calculation) or dataset extractions. * Practical knowledge of development security, including supply... »)
 
(8 versions intermédiaires par le même utilisateur non affichées)
Ligne 15 : Ligne 15 :
As a member of (or seconded to) a data science team, the cybersecurity advisor for data scientists must :
As a member of (or seconded to) a data science team, the cybersecurity advisor for data scientists must :


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Carrying out a daily security watch on the threats and vulnerabilities of AI models and their working environment (including languages, frameworks, libraries, infrastructure, etc.) so that the team can deal with them;
* Réaliser une veille sécurité quotidienne sur les menaces et les vulnérabilités des modèles IA et de leur environnement de travail (y compris langages, frameworks, bibliothèques, infrastructure...) pour que l'équipe puisse les traiter ;
* Provide the team with the applicable cybersecurity solutions:
* Mettre à disposition de l’équipe les solutions de cybersécurité applicables :
::- Interact with the cybersecurity correspondents in his/her organisation to raise new needs and obtain appropriate solutions;
::- Interagir avec les correspondants cybersécurité de son organisation pour remonter les nouveaux besoins et obtenir des solutions adaptées ;
::- Capitalising on/developing protection mechanisms, security function libraries, scripts, etc. to secure the models developed and their data;
::- Capitaliser sur/Développer les mécanismes de protection, librairies de fonctions sécurité, scripts... qui permettent de sécuriser les modèles développés et leurs données ;
::- Monitor data science security solutions as they mature;
::- Suivre les solutions de sécurité pour la data science qui gagnent en maturité ;
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Train colleagues in the cyber risks to which their environment and models are exposed, as well as in good security practices for development and data handling;
* Former ses collègues aux risques cyber auxquels leur environnement et modèles sont exposés, ainsi qu’aux bonnes pratiques de sécurité de développement et de manipulation de données ;
* Verify the application of security measures in their working environment;
* Vérifier l’application des mesures de sécurité sur leur environnement de travail ;
* Help colleagues to integrate "by design" security into the models they design, in particular by integrating mechanisms to detect critical data leakage or model manipulation/deflection;
* Aider ses collègues à intégrer la sécurité « by design » dans les modèles qu’ils conçoivent, en particulier en intégrant des mécanismes de détection de fuite de données critiques ou de manipulation/déviation des modèles ;
* Carry out code and model security reviews and validate before going into production.
* Réaliser les revues sécurité de code et des modèles et valider avant mise en production.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
== Expected key competencies ==
== Les compétences clés attendues ==
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
=== Organisational skills ===
=== Compétences organisationnelles ===
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Understanding of business issues, providing use cases to be developed to better anticipate harmful deviations from the model and better target dataset protection.
* Compréhension des enjeux des métiers fournissant les cas d’usage à développer pour mieux anticiper les déviations nocives du modèle et mieux cibler la protection des jeux de données
* Good knowledge of the organization's cybersecurity ecosystem/community
* Bonne connaissance de l’écosystème/la communauté cybersécurité de son organisation
* Capitalization and transmission of knowledge;
* Capitalisation et transmission des savoirs;
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
=== Data science skills ===
=== Compétences en data science ===
A data scientist or ML engineer with
Un data scientist ou ingénieur ML avec
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Broad knowledge of the libraries used and available on the market
* Connaissance large des librairies utilisées et disponibles sur le marché
* Extensive knowledge of MLOps development platforms
* Connaissance large des plateformes de développement MLOps  
* Proven experience of ML over the entire cycle: design, development, training/validation, integration
* Pratique confirmée du ML sur tout le cycle : design, développement, entrainement/validation, intégration
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
=== Cybersecurity skills ===
=== Compétences cybersécurité ===
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Fundamentals of cybersecurity (threats, risk analysis, needs, mechanisms, architecture, cloudsec)
* Fondamentaux sur la cybersécurité (menace, analyse des risques, besoins, mécanismes, architecture, cloudsec)
* Ability to organize security intelligence (threats, vulnerabilities, solutions): source, processing...
* Capacité à organiser la veille sécurité (menaces, vulnérabilité, solutions) : source, traitement…
* Knowledge of AI attack types and mitigation principles
* Connaissance des types d’attaques sur l’IA et les principes de mitigation
* Working knowledge of data protection mechanisms, including data pipeline security (transfer, storage, calculation) or dataset extractions.
* Connaissance pratique des mécanismes de protection des données, y compris sécurité du pipeline data (transfert, stockage, calcul) ou des extractions de jeu de données.
* Practical knowledge of development security, including supply chain risks, opensource, git, etc.
* Connaissance pratique de la sécurité des développements, y compris des risques « supply chain », opensource, git…
* Practical knowledge of code security review
* Pratique de la revue sécurité du code
</div>
{{PageSubHeader Commun
{{PageSubHeader Commun
|WorkGroup=IA et cybersécurité
|WorkGroup=IA et cybersécurité
}}
}}

Dernière version du 10 juillet 2024 à 13:52

Le référent cybersécurité pour les data scientists est intégré dans leur environnement de travail. Il est leur point de contact privilégié pour assurer concrètement la prise en compte de la cybersécurité dans les projets IA qu’ils développent.

Catégorie : Commun Statut : ⧼cc-com-idée⧽ 1 : Idée - 2 : Prototype - 3 : Validation - 4 : ProductionMots clés : Formation, Vocation


What role for the cyber security advisor in Artificial Intelligence?

The cybersecurity advisor for data scientists :

  • Ensures that the data science team implements the security requirements of their organisation and regulators, applicable to their working environment and the AI models produced;
  • Maintains a culture and reflexes of cybersecurity in the data science team;
  • Relays the needs of the data science team to the cybersecurity correspondents in his/her organisation.

Day-to-day activities

As a member of (or seconded to) a data science team, the cybersecurity advisor for data scientists must :

  • Carrying out a daily security watch on the threats and vulnerabilities of AI models and their working environment (including languages, frameworks, libraries, infrastructure, etc.) so that the team can deal with them;
  • Provide the team with the applicable cybersecurity solutions:
- Interact with the cybersecurity correspondents in his/her organisation to raise new needs and obtain appropriate solutions;
- Capitalising on/developing protection mechanisms, security function libraries, scripts, etc. to secure the models developed and their data;
- Monitor data science security solutions as they mature;
  • Train colleagues in the cyber risks to which their environment and models are exposed, as well as in good security practices for development and data handling;
  • Verify the application of security measures in their working environment;
  • Help colleagues to integrate "by design" security into the models they design, in particular by integrating mechanisms to detect critical data leakage or model manipulation/deflection;
  • Carry out code and model security reviews and validate before going into production.

Expected key competencies

Organisational skills

  • Understanding of business issues, providing use cases to be developed to better anticipate harmful deviations from the model and better target dataset protection.
  • Good knowledge of the organization's cybersecurity ecosystem/community
  • Capitalization and transmission of knowledge;

Data science skills

A data scientist or ML engineer with

  • Broad knowledge of the libraries used and available on the market
  • Extensive knowledge of MLOps development platforms
  • Proven experience of ML over the entire cycle: design, development, training/validation, integration

Cybersecurity skills

  • Fundamentals of cybersecurity (threats, risk analysis, needs, mechanisms, architecture, cloudsec)
  • Ability to organize security intelligence (threats, vulnerabilities, solutions): source, processing...
  • Knowledge of AI attack types and mitigation principles
  • Working knowledge of data protection mechanisms, including data pipeline security (transfer, storage, calculation) or dataset extractions.
  • Practical knowledge of development security, including supply chain risks, opensource, git, etc.
  • Practical knowledge of code security review

Groupe de travail

IA et cybersécurité