AI Revolutionizing Governance, Risk, and Compliance (GRC) in the Modern World | Cyber Security

00:00

all right once again thank you everybody

00:01

so what we're going to do is just going

00:02

to be a working session and we're just

00:04

going to see some of those prompts out

00:06

there some of those um best practices

00:07

out there so first I talked about

00:10

security incidents policy changes if

00:12

there are new policies out there we can

00:14

use chut to Baseline and give us some of

00:17

the um recommendations in terms of those

00:19

changes in regulation we talk about

00:22

security incident so if I have a dump of

00:24

security incident I could ask it to give

00:27

me some of the best practice of

00:29

containment strategy for those

00:31

recommendation employee training

00:33

compliance review I can actually look at

00:35

all our compliance data and ask chat J2

00:38

to give me a trend on some of the best

00:41

practices in terms of how to make sure

00:43

people are more in compliance based on

00:45

the data I have I can also look at

00:47

vendor risk assessment report I can look

00:49

at mapping cyber policies to best

00:52

framework out there so I can actually

00:54

take a cyber security policy

00:57

and ask

01:00

GPT or any of those model to Benchmark

01:04

it

01:05

to certain industry framework and that

01:08

can be ISO 27,1 that could be n CSF 2.0

01:12

whatever it is you could actually use it

01:14

for any mapping you choose to do so

01:18

that's really cool another thing out

01:20

there is that we can actually map

01:22

vulnerabilities and say okay based on

01:25

these known vulnerabilities out there

01:27

map it to give me recommendation on how

01:30

to fix those vulnerabilities you know

01:33

incident report incident response report

01:35

you can actually also you know analyze

01:38

an incident response report so let's

01:40

quickly just go through each one of

01:41

these and we can play with it on in real

01:43

time so you can see here this is a

01:45

sample security incident report here you

01:48

can see this is just talking about okay

01:50

this is the incident number this is the

01:52

type of threat this is the affected

01:54

asset remember it to show you the actual

01:57

digital asset affected then look at the

01:59

time of occurrence so I can put a prompt

02:01

to analyze and this is a real prompt I

02:04

can say analyze this data you

02:07

know and help identify the current

02:10

pattern such as specific types of

02:12

threats you know uh targeting certain

02:15

assets or occurring at particular so you

02:17

can prompt it to kind of analyze the

02:19

data for you and look at the times and

02:22

look at the threat pattern in real time

02:25

of course it will not just be 10 they

02:27

will give you right they might give you

02:29

the report might be like a, lines right

02:32

if I have a, line that's a lot to

02:35

analyze so it means it makes sense to

02:37

just you know um use a similar prompt to

02:41

analyze it in real time now look at this

02:44

other one policy change for example this

02:46

is just an example I gave to say okay

02:48

this is an IT policy here in the policy

02:53

I'm telling CH GPT to say look at what I

02:55

asked you to this to do review the

02:58

existing policy and identify any

03:00

deficiency concerning compliance with

03:02

gdpr so what it did here is this it

03:06

reviewed the policy and it went

03:09

to data protection section right which

03:12

is up here this section

03:14

here and it analyzed it and it told me

03:18

he updated gdpr regulation mandate

03:19

organization to implement announc

03:21

encryption standard for protecting

03:23

personal data it actually gave me a

03:26

feedback on what we should had so that

03:30

means if you have a

03:32

policy and you want to check if it

03:36

complies with certain regulation you can

03:38

prompt your policy to check if there was

03:42

a gap as per an existing regulation out

03:46

there it's amazing and it will show you

03:49

yeah it will actually show you you know

03:52

if there's a gap in your policy

03:53

immediately okay that's another thing

03:55

you can use it for now look at another

03:57

one this is a report that comes out of

03:59

so many tools I mean there are many

04:00

tools out there that you can pull this

04:02

report from we use tools to scan in

04:05

cyber security for different incidents

04:08

right so you might be using tools like

04:11

spun qader internal tools pulling logs

04:16

whatever it is Nexus whatever it is that

04:18

is pulling your vulnerabilities or any

04:20

incident that you've seen in your system

04:23

you can

04:24

actually run a prompt to say re review

04:29

each of the

04:31

table and create a column for

04:34

recommendation of the you know

04:37

identified issue how do we contain it if

04:40

you have an issue

04:41

identified like I said many times what

04:44

you would have done historically would

04:45

have been you would have gone to start

04:48

researching from the vendor's

04:50

website from the vendor's website you

04:53

will start doing extra research on

04:56

Google on the best practices but now all

05:01

I need to do is find the dump of all the

05:03

issues and incident and I just run a

05:06

query I don't even need

05:08

to copy and paste it I'll just upload

05:11

the file into chat GPT and it would

05:15

analyze it for me crazy I'll show you

05:17

guys how to do that okay very very

05:19

simple it's one of the most

05:21

underutilized Tools in chat dut we think

05:25

it's mostly just to copy and paste St

05:27

and I mean write prompt data but now you

05:30

can analyze data that is the most

05:32

powerful crazy tool I've seen you can

05:34

analyze real data okay you see today all

05:37

right look at another one you know this

05:39

is just saying the

05:41

employee so we have here the employee

05:44

trading compliance you can see it shows

05:47

the employee ID completion rate which

05:49

score the time spent per model I kept it

05:53

small for the purpose of our exercise in

05:56

real life this report might be a, lines

06:00

because most big organization would have

06:02

many staff so if I have all of this

06:05

large information of all this staff I

06:07

could just ask CH GP to analyze and give

06:10

me you know information about each of

06:14

these specific report and tell me a

06:17

pattern tell me a trend it will do it

06:19

for us amazing amazing all right let me

06:21

show you another one then once I go

06:24

through I'm almost done with this then

06:25

we now get into you'll see the way I do

06:27

it really cool another thing you see is

06:29

the you know vendor risk assessment

06:32

report this is just an example here so

06:34

you can see this report I can say based

06:37

on this vendor assessment report can you

06:39

give me you know tell me the overall

06:41

risk posture and recommendation to

06:44

mitigate the risk so I can ask some

06:46

questions based on this report look at

06:49

the final one I believe mapping cyber

06:53

policy to Industry framework you know so

06:56

this is really getting into you know

06:59

know um

07:01

framework you know so you can see here

07:05

give me one second please all right

07:07

sorry about that okay so um so anyway

07:11

this is just showing how we can map

07:13

different things we can map

07:14

vulnerabilities here you can see here

07:16

you know this is a very nice one because

07:18

what's What's Happening Here is that you

07:20

can see a vulnerability and say okay

07:23

based on all this I think this is a very

07:24

big one actually I've seen this a lot

07:27

some organization would have all of this

07:29

vulnerabilities and the challenge is

07:32

okay what do I do about it man I don't

07:36

know if you've seen those reports before

07:37

and honestly I've seen those and at

07:39

times it will just make you have like a

07:40

brain freeze because what will happen is

07:42

that you just realize okay you have all

07:44

these drunk files um but you just don't

07:49

have okay what do I do about it but our

07:53

world has changed Char say okay don't

07:55

worry we got to come out there's

07:56

something you can do about it so that's

07:58

pretty awesome actually so but anyway so

08:00

you get the gist about that so the other

08:02

thing is you can look at incident

08:03

response report and just ask it to help

08:05

you to analyze stuff all right so now

08:07

your question is okay you've said you've

08:10

said all this fancy Big Talk how does it

08:12

apply to us so you'll see how it applies

08:14

to us now what I'm going to do is you

08:17

guys will see in real time the same

08:19

document we all have we're going to pull

08:22

this document let me share with you real

08:23

quick what we're going to do so I want

08:25

us to go to let's go to

08:30

all right let's all let me share my

08:33

screen so you all can see for those of

08:36

us that never use Str don't stress it

08:39

not a big deal so just come here you

08:41

know go to open Ai and but for you to

08:45

use the tool I want to use you have to

08:46

use the premium version the gp4

08:50

typically in our community I always

08:52

recommend we can actually for the

08:54

purpose of to play around it and Lear

08:56

the to I recommend at least play

09:01

around for like a month just pay $20 for

09:04

one month to kind of play around it I'll

09:07

recommend two months to just invest to

09:09

play around some of these tools honestly

09:10

it will be worthwhile so let me show you

09:12

one of the tools that I love a lot it's

09:14

called analysis so you just come here I

09:17

hope I'm sharing my screen all right so

09:20

under chat GPT make sure it's under chat

09:22

GPT this this is the chuty team there

09:25

are many tools out there we'll use this

09:27

tool called Data anal

09:30

can we all type it if we are seeing it

09:31

data analyst to data analyst can we type

09:35

it and just I want to make sure we get

09:37

it analyst can we all type that if you

09:40

don't mind please that's the tool I want

09:42

you to use data analyst

09:44

to data analyst yep that's the

09:48

tool all right now click on

09:52

it okay we just click on it so once you

09:56

click on it you see this file this

09:58

information here okay okay the file I

10:01

sent to you go pick it up once you pick

10:04

it up ladies and

10:05

gentlemen it has become a tool you can

10:09

analyze all right so for example I'll

10:13

just go pick it up and say you know in

10:16

that tool for example I just go and say

10:19

let's

10:20

say you could say um because the tool is

10:25

already let me quickly pick it up on so

10:28

make sure you put that information there

10:30

let me let me open it on my side also

10:33

all right so you know what let me share

10:35

my whole screen so that you all can have

10:36

access to this actually I'm going to

10:38

share my old screen so you can see what

10:40

I'm doing all right let's share

10:44

everything okay so what I want us to do

10:48

is go to

10:50

the this is our tool right and this is

10:53

our the document I shared with us so for

10:56

example let's start with the first one

10:58

I'm going to ask it to go

11:01

to it already has access to a document I

11:04

would just say for example analyze

11:07

security incident I'll just give you

11:09

this topic analy Securities incident

11:14

provide I'll just keep it simple all

11:16

right so I'm asking you to look at that

11:19

document analyze that section on

11:21

security incident and provide any known

11:24

pattern now look at what this thing is

11:26

doing for us is breaking it down and

11:28

saying okay there are two incident

11:31

involving inside threat there are

11:33

malware multiple so the beautiful thing

11:36

here is that this thing is summarizing

11:38

it for us and giving us some context

11:40

around it all I did was uploaded that

11:43

data now I can prompt it to do analysis

11:46

of that data so imagine me having a

11:48

comprehensive report and I'm asking you

11:50

to just go in and analyze the data

11:52

analyze the pattern check the context

11:55

around it and just give us some historic

11:59

information around it it's crazy stuff

12:02

what do you all think about that let me

12:03

pause first what do you all

12:05

think yeah Joseph said that's

12:07

mindblowing scary and crazy now that's

12:09

one okay that's one let's let's look at

12:12

another one of our other files you know

12:14

policy change yes it has highlighted

12:16

that one that one is easy for me let's

12:18

go to this security inent containment I

12:20

can ask you to look at the security

12:23

stent conment recommendation and give

12:27

me a pattern

12:29

you know I can ask you to identify any

12:32

pattern let's say uh okay I can

12:37

say you know I can ask it to give me a

12:41

pattern

12:42

review the I'm just saying give me the

12:45

pattern analyze it and give me the

12:47

pattern analyze you know and provide

12:49

some of the patterns and best ways to

12:51

mitigate the issues you can see it's

12:54

telling me okay high priority and

12:57

critical impact you know maor include

12:59

this that's the pattern best ways to

13:02

mitigate issues around the pattern so

13:05

it's giving me it's looking at the data

13:07

I provided and it's just analyzing that

13:09

data for us to give us the pattern

13:11

around it so I'm not even doing anything

13:14

besides saying okay you know look at

13:17

this data analyze the pattern tell me

13:19

what's going on just you know keep it

13:21

easy for me the same document is all I'm

13:25

using so let's look at another one

13:28

employee training and compliance review

13:30

I can ask this one to say provide the

13:33

you

13:34

know I can ask you to tell me based on

13:37

this tell me a recommended way to

13:41

increase completion rate okay I can take

13:44

this and say

13:46

okay review and suggest best ways to

13:53

increase ratees based on the data I said

13:57

based on the data provided give me some

13:59

best ways to increase compliance

14:02

rate you know based on the same data

14:04

provided all

14:06

right so it's giv some ideas on things

14:09

we can do based on that same data you

14:13

know it's picking it from that same

14:15

source of materials we have right which

14:19

I think is just

14:21

amazing you know let's look at

14:23

another data point here all right I want

14:26

us the last two put some context around

14:29

vendor risk assessment report and uh

14:32

mapping cyber security mapping

14:34

vulnerability and just you know let's

14:36

see what you guys can come up with so

14:38

I'll make you work as a team just work

14:41

in a team and say okay based on this

14:43

information what do you think you know

14:45

what what are the ways we can prom that

14:47

same data or document to come up with

14:51

some of the analysis for us okay does

14:53

that make sense okay somebody say if I

14:55

upload companies document for chat GPT

14:58

so before we even get into that remember

15:01

what I said earlier on every company

15:03

right now they are working on their own

15:05

lar learning model so in a bit a lot of

15:09

company would actually have access to

15:11

their own version of llm as a matter of

15:14

fact in case you don't know you can

15:16

actually download some of those llm on

15:18

your local drive too yourself and you

15:21

can

15:22

actually use it yourself you as a person

15:25

they large maybe 16 GB or so you can

15:28

actually start using those llm yourself

15:30

but most companies today of course the

15:33

issue is they thinking of the strategy

15:36

around compliance the liability

15:38

everybody's working on something

15:40

guaranteed right now so it will come for

15:44

you you might have to use it on your

15:46

phone to text and just write it out

15:48

manually right for now but I'm just

15:50

saying it will happen um while that

15:53

process is already shaping up it's time

15:56

to start thinking about how to be

15:58

efficient in using this tools I know for

16:00

most of the Consulting guys everybody's

16:02

already using this right they won call

16:04

it CH GP they call it their own internal

16:07

name even though they're using those

16:08

model you know gp4 GPT 3.5 gp5 propos

16:12

soon so they using those model at their

16:15

back end um but they have mechanism and

16:18

controls to make sure there's no buyers

16:20

and there is Safety and Security around

16:22

those large learning model so um I won't

16:26

worry too much about that I'm more

16:29

worried around you know um making sure

16:33

we can understand how to use it ourself

16:36

that's the first thing okay all right

16:39

cool so let's play with it you know and

16:41

remember again the more you pract don't

16:42

ever shy from it just prompt it play

16:45

around it okay that's what I would

16:46

suggest we do so that you get more

16:48

comfortable with it so let's do that for

16:49

the next 10 minutes then we'll come back

16:51

okay um I want to make sure you do it

16:53

make sure you play around it just and

16:55

others some of us are more savy than

16:57

others just take ownership just show

16:59

other people how the best way they

17:01

you've seen it used and let's have fun

17:03

with it for the next 10 minutes then

17:04

we'll come back and wrap it up okay all

17:06

right let's do that for the next 10

17:07

minutes let's do a breakout section and

17:10

I'll see you all in a

17:13

bit let's let me do something okay sorry

17:16

sorry okay I noticed most of us did not

17:18

have access to the paid version can you

17:20

all hear me now am I good I think I

17:23

should be good now okay so yeah okay

17:26

thank you thank you so I'm sorry my

17:27

apologies I I realized most people do

17:28

not have access to the paid version and

17:30

that's the one that will give you the

17:33

ability to analyze actual data Excel

17:37

PowerPoint you know if live happens and

17:41

you have to analyze data just subscribe

17:43

it makes sense okay now we can still use

17:46

it the old fashion chat

17:48

GPT you know somebody say we're able to

17:51

figure out work around yes you know we

17:53

can do a work around copying it manually

17:55

you know so yes so I get it but at least

17:59

the key thing I think is important I

18:01

wanted to make sure we call that out

18:04

is you know the ability is there if you

18:08

need to all right so that's the key

18:10

thing oh somebody said copil can do it

18:12

Bingo that's even awesome you know I

18:14

didn't even know copilot Cod I've used

18:16

copilot but I never used it for anything

18:18

like that okay and we have three more

18:20

minutes and the only thing I would like

18:22

to just showcase a lot of you have

18:23

pinged me 101 and asked me a lot about

18:26

the upcoming GRC CL

18:29

yes registration is still on so when you

18:31

go to ski.com site typically most of you

18:34

come here you go to view all courses

18:36

this is The Internship if you've not

18:38

registered for an internship make sure

18:39

you register because that's the only way

18:41

you can have access to all this ton of

18:42

materials we keep everything there so

18:44

make sure you register so you can have

18:46

access to it very important then this is

18:48

the March second class A lot of you have

18:50

asked me about and you know the people

18:53

ask me is there payment plan yes we can

18:55

select the payment options here for some

18:57

of us you could also go in you have the

19:00

option of using clammer or using air so

19:04

the options are also there so those are

19:06

the popular questions people have asked

19:07

me it's a five weeks program uh this

19:11

week I believe Wednesday we would have

19:13

information session feel free to join

19:16

some of our recent alumni that just got

19:17

a job would be there also I challenge

19:20

you attend our Lions Den section you'll

19:24

see how we prepare our folks for

19:26

interviews if you've never seen it just

19:28

go to our portal you'll see all of those

19:31

information there also it's always there

19:34

so let me see if anyone ask questions

19:35

about the upcoming program I can answer

19:38

that for the next 3 minutes before we

19:39

wrap it up but I think those are the key

19:42

things most of you have asked me the

19:44

content are there online everything is

19:46

there all right so we are very

19:47

transparent nobody anyone that

19:49

guarantees you is just saying nonsense

19:51

really we don't guarantee anybody

19:52

anything you have to put the work

19:54

there's no shortcut I wish I could tell

19:56

you anything is Magic nothing like we

19:58

don't play that game here we'll be

19:59

honest and straight with our guys you

20:00

got to put the work you got to put the

20:02

time the discipline but one thing I know

20:04

is this you hold us accountable and make

20:06

sure that we teach you relevant things

20:08

we do the same thing you know if you

20:10

don't put the work if you like go to Har

20:12

y if you don't put work you it's it's a

20:15

joke right it's not going to happen so

20:17

that's fantasy so we don't play games

20:19

there if you don't put the work you will

20:20

not get anything it will never happen

20:23

but if you put the work put the

20:24

discipline put the time then we stand

20:27

the chance together that's the way it

20:28

works you know but it's an illusion

20:31

anyone anyone that have said it to you

20:33

all you can you know listen to such

20:37

information but mostly they are false

20:39

nobody nobody can guarantee you anything

20:42

all right let's see any other

20:44

question okay good good good good I mean

20:47

and that's the goal in our community we

20:48

just keep empowering our folks just put

20:50

the work for us you know we don't play

20:53

games here we believe in excellence

20:55

quality

20:56

discipline take take pride in your work

21:00

don't find shortcut you know it will

21:02

show people who know and it will

21:05

backfire you know and there are many

21:06

environment that likes mediocrity this

21:09

is just not one of them yeah really we

21:10

don't play that game here we are

21:12

strictly focused on Excellence quality

21:15

we want our folks to be the best in the

21:17

world and we know what it takes you got

21:19

to put time discipline you know um if

21:23

you don't want to put that then they

21:25

just they just playing games and it's PR

21:28

predictable it would not work for you

21:29

even when it works you will lose the job

21:31

you'll be fired most likely because you

21:33

don't put discipline and pride in your

21:35

work but if you put discipline and pride

21:37

in your work you stand a good chance I

21:39

mean you know so yeah it's it's an

21:43

Excellence platform that's what we do

21:45

here we put our best consistently we put

21:48

the work and another thing people have

21:50

asked me let me just be straight with

21:52

you somebody will ask me do you do

21:54

interview for people we don't do that

21:56

game yet please don't even ask me those

21:57

kind of questions if you do I'll

21:59

respectfully just I'll just bounce off

22:02

your bounce the person off my phone you

22:05

know we don't we this not this is not a

22:07

place for stuff like that do you will

22:08

you help me to do your why would you

22:10

even ask that really makes no sense

22:12

really we believe so much in our team

22:14

Your Capacity we believe so much in you

22:16

being able to be leaders in your field

22:20

so and you now come and diminish

22:22

Yourself by telling me stuff don't do

22:24

that please you are more than capable

22:26

and competent so be dis man you know put

22:29

work you get the result I know that you

22:31

know but you saying oh somebody ask me

22:34

do you help people do exam come on guys

22:36

what do you think we are we don't do

22:37

that we don't do we don't do stuff like

22:39

that here don't even ask me stuff like

22:41

that or I'll just cut it up immediately

22:43

so you know put the work put Excellence

22:46

take pride in your work put discipline

22:48

be committed and uh you know what you

22:51

not want your kids to do don't do it

22:54

just put the work

22:55

man all right let's see anyone else for

22:58

the GRC program typically I Le the

23:00

program here now for we have a cyber

23:03

comp coming up we have like three

23:06

different strategic relationship you

23:08

guys will hear about in a few weeks so

23:10

you'll see a lot of other people you

23:13

know you'll work with a lot but for the

23:15

JC I I train and Mentor the JC

23:18

program okay that's all we got thank you

23:21

all and just keep doing great things

23:23

keep showing up um for my folks already

23:24

registered just keep doing great things

23:27

uh they

23:28

you know we have a limit for the March

23:31

second class so just keep registering so

23:33

you don't get caught up for the because

23:34

the next one will be probably two months

23:36

after all right God bless enjoy the

23:38

weekend take time off and enjoy family

23:40

God bless

23:42

bye-bye