Course Outline
AI in the Enterprise: Strategic and Legal Perspectives
- AI adoption in core business functions: opportunities and risks.
- Executive responsibility in AI governance.
- High-risk AI systems and organizational exposure.
AI Risk Classification and Global Regulatory Landscape
- EU AI Act: risk tiers, requirements, penalties.
- U.S. Executive Order on AI and emerging federal/state rules.
- AI-related compliance within GDPR, HIPAA, and other frameworks.
- Overview of ISO/IEC 42001, NIST AI RMF, OECD AI Principles.
Security and Oversight of AI Systems
- AI security posture: threats, vulnerabilities, and safeguards.
- Incident response and breach notification in AI-driven workflows.
- Auditing and traceability of model inputs, decisions, and outputs.
Responsible AI Procurement and Vendor Risk
- Due diligence when sourcing AI tools (including LLMs and APIs).
- Key contract elements: data ownership, model explainability, SLAs.
- Evaluating vendor claims: bias mitigation, privacy guarantees, safety.
Internal Governance Frameworks and Organizational Controls
- Creating AI use policies across departments.
- Ethics committees, risk review boards, and cross-functional oversight.
- Training, documentation, and compliance integration.
Use Case Evaluation and Risk Scenarios
- Assessing high-impact use cases (e.g., HR screening, finance scoring, customer service bots).
- Tools and templates for AI risk assessments.
- Scenarios: misalignment, drift, hallucination, discrimination.
Emerging Trends and Future Considerations
- Anticipating regulatory evolution and global convergence.
- GenAI-specific risks and governance extensions.
- Responsible scaling of AI operations in the enterprise.
Summary and Next Steps
Requirements
- A foundational understanding of enterprise risk, legal, or technology frameworks.
- Experience in executive leadership, cybersecurity, or compliance oversight.
- No prior technical knowledge of AI development is required.
Audience
- Chief Information Security Officers (CISOs)
- Legal counsel and compliance officers.
- Chief Technology Officers (CTOs).
Testimonials (2)
I really enjoyed learning about AI attacks and the tools out there to begin practicing and actively using for security testing. I took a lot of knowledge away which I didn't have at the beginning and the course met what I hoped it would be. My favorite part shown from the training was Comet Browser and was amazed at what it could do. Definitely something will be looking into more. Overall it was a great course and enjoyed learning all OWASP GenAI Top 10.
Patrick Collins - Optum
Course - OWASP GenAI Security
The profesional knolage and the way how he presented it before us
