Digital Trust: Focus on the Forest Rather Than the Trees

Author: 乔恩·布兰德, Director, Professional Practices and Innovation, ISACA
发表日期: 2023年5月10日
Digital trust has never been more important than it is today. 最近, 人工智能教父 从谷歌辞职. The reasons for his decision are reportedly not singular, but one explanation has captured headlines—to freely warn of AI dangers. 他并不是第一个这样做的人,因为其他人最近也在寻求帮助 delay 在进一步发展中. The problem with this all is we cannot put the technology back in a box. Even if a particular company or country wanted to curtail its development of AI, it is an unreasonable proposition given the AI arms race between prominent world superpowers. 不幸的是, far too many users are starstruck by AI capabilities and are increasingly using it with hopes of decreasing the burden carrying out responsibilities at home or work. The latter is extremely problematic as it puts enterprises at substantial risk.

Digital trust is a concept without a globally accepted, uniform definition. ISACA将其定义为, “the confidence in the integrity of the relationships, interactions and transactions among providers and consumers within an associated digital ecosystem. 这包括人的能力, 组织, 流程, information and technology to create and maintain a trustworthy digital world.有些人可能会质疑ISACA缺乏特异性, but the variants I have seen are too focused on technological aspects and therefore diminish the complex integrations between technology and any business function. The problem with other definitions and the free market is that we end up overlooking the greatest risk: human fallibility. Bias coupled with a slew of documented ethical issues should rightfully result in a reasonable pessimism surrounding the fairness and transparency of AI, 尤其是当算法已经 负面影响的生活.

Not surprisingly, the term “digital trust” has already been hijacked by solution providers. However, there is no single or suite of products that provides digital trust. This is eerily like the Zero Trust (ZT) movement whereby far too many solution providers claim to offer ZT products when, in fact, there are only products that help fulfill components of an overall ZT strategy.

To be clear, digital trust is not just about technology. Behind every service, product and component is human involvement and error. Public alarms now being sounded by tech giants over AI basically amount to responsible parties telling on themselves for insufficient oversight and controls. What we have now is a major mess that further complicates matters for not only businesses and consumers but will heighten geopolitical tensions.

Privacy and fairness remain core to any conversation involving AI, and now we have public awareness of 新兴技术 that can influence how countries conduct military operations. A 最近的演示 一个国防承包商是可怕的. No technology is immune to bugs, breaches and weaponization. The lack of transparency in how technology is developed, operated, 保护是指关心和, 我想说的是, reckless.


美国海豹突击队的口头禅,"慢则顺,顺则快的问题在今天尤为重要. ChatGPT 引起了很多关注,但我们必须记住它只是一种产品. 还有其他人,而且还会有更多. 认识到生成式人工智能就在这里, enterprises must face that employees are likely already using them, 这是影子IT的扩展. As such, business leaders should assume employees have already freely uploaded IP or sensitive information to training models. 在很多情况下, the information users have given generative AI tools will be used to shape future outputs, which creates challenges involving copyright infringement. Accepting these realities serves as ample justification for an ad hoc risk assessment. Ideally, all enterprises have controls in place for handling corporate data and use of unauthorized software and devices. While temporary bans are not unusual, administrative controls (e.g., policies, security and education awareness training, etc.) by themselves will not protect IP or otherwise sensitive data.

To learn more about digital trust, check out related resources on ISACA's website


乔恩·布兰德, CISM, CDPSE, CCISO, CISSP, PMP is director of professional practices and innovation in ISACA’s Content Development and Services department. 在这个角色中, 他领导审计, 新兴技术, GRC, IT, information security and privacy thought leadership initiatives relevant to ISACA’s constituents. He serves ISACA® departments as subject matter expert on infosec, influences innovative workforce readiness solutions and leads development of performance assessments. Brandt is a highly accomplished US Navy veteran with 30 years of experience spanning multidisciplinary security, 网络操作和技术人员的发展. Formal education includes an MSED in Workforce Education and Development from Southern Illinois University and BS in 网络安全 from Champlain College.