The unfulfilled past promises of machine learning in risk, compliance, and information security sectors have been disappointing, though understandable. How on earth do you even begin to look at the mind-boggling labyrinth of tens of thousands of compliance provisions and start threading them together to accelerate efficiency? Forget it.
By Andrew Robinson, Co-Founder and the Head of Cyber Security for 6clicks
Now, the change has officially come. So, how did we get to this undeniably exciting point in time – and what does it mean for risk, legal, and compliance professionals?
What was only possible theoretically has become a reality thanks to advances in computing power, capacity, cleverly designed software, and cloud computing storage capabilities accessible thanks to clever API. Let’s start at the first major step that got us here, the cloud.
Compliance and risk management cloud solutions have given us incredible advantages. Data-driven and human-vetted processes have become the new key. This technology does not just collect the information that is being plugged into it by enterprises and consultants around the world, it is learning from it. Cue the sci-fi suspense music?
Relax, It’s Actually Quite Cool
One can easily find SaaS solutions driven by conscientious entrepreneurs with our best interests (and safety) at heart.
The opportunity to now read and understand the current and imminent risk, compliance, and cyber needs are the keys to unlocking better global management and mitigation. The herculean task that was mapping provisions, standards, and regulations to one-another for risk and governance practitioners is over.
– Anthony Stevens, CEO, 6clicks
Anyone who works in risk and compliance has fantasized about the elimination of repetitive, manual, and tedious tasks. Take those working in large organizations, staring down the barrel of thousands of provisions, taking each standard one by one, tediously achieving compliance, only to face the same nightmare for the next one on the list. No thanks.
Natural Language Learning is Fascinating
Make up your own mind about AI chatbots, but in the compliance world, the maze of provisions issued by regulatory bodies all around the world use different languages that can mean very similar things all the time. And it is slowing us down.
You are already personally benefiting from ML and AI in your home. So why should risk and compliance practitioners not receive the same professional benefits?
The Single Standard Example
In the information security world, it’s likely that you are familiar with ISO/IEC 27001.
Did you know that AI picked up similarities between the mandatory requirement 7.5.3 f) related to “retention and disposition” and Annex A control A.12.3 related to “information backup”?
In the context of documented information, “retention” is required. When we look at operational security as a part of Annex A information “backup” is required. Whilst a human may miss the correlation. Yet, we saw that 6clicks’ AI natural language ML/AI model linked those two together.
Meaning, if A and B are largely the same thing, then the evidence we use to demonstrate compliance to B could be used to demonstrate compliance to A! ML/AI presents this as an incredible opportunity so the “human in the loop” can vet it.
That is just one correlation in a single document! Now, are you ready for this one below?
The Multi-Document Slam Dunk Example
That above example related to “backup” is extremely similar to requirements found in other standards in the NIST Cyber Security Framework, the Australian Signals Directorate’s Essential 8, the Australian Government’s Information Security Manual, the synthesized (but massive) Secure Controls Framework, and many others.
Need I say more to those who have just realized the time and cost savings from this correlation alone? Now amplify the results when this AI/ML natural language feature is running inside a cloud SaaS platform for risk, compliance, and cybersecurity that houses a content library of international standards, laws, and regulations. Are you grinning yet?
Be they local or international, any company or consultancy firm that leverages this type of software has just opened the door to greater proficiency and productivity, as well as more clients and an enormous value proposition. Create more time for the important stuff!
About the Author
Andrew Robinson is a Co-Founder and the Head of Cyber Security for 6clicks. As an internationally recognized cyber and information security expert (policing, intelligence, and counter-terrorism cybersecurity specialist), Andrew has consulted to a diverse range of government and private sector clients around the globe for over 20 years across IT, projects, investigations, telecommunications, energy, legal and financial services.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.