Securing AI Using Zero Trust Principles
暫譯: 使用零信任原則保障人工智慧安全

Green-Ortiz, Cindy, Zsiga, Zig, Schröer, Saskia

Securing AI Using Zero Trust Principles
  • 出版商: Cisco Press
  • 出版日期: 2026-04-26
  • 售價: $2,290
  • 貴賓價: 9.5$2,175
  • 語言: 英文
  • 頁數: 704
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 0138363412
  • ISBN-13: 9780138363413
  • 相關分類: AI Coding

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Securing AI Using Zero Trust Principles

Strategic Guidance for Defending AI Systems in a Rapidly Evolving Threat Landscape

Artificial intelligence is reshaping industries, driving innovation in critical sectors such as healthcare, finance, energy, and government. Yet, as organizations integrate AI into business operations, they inherit new risks, many of which conventional security models fail to address. Adversaries are weaponizing AI to automate reconnaissance, bypass defenses, and exploit vulnerable systems. The solution is not more trust, but less.

Zero Trust offers a foundational paradigm shift: no identity, device, system, or interaction is inherently trusted. Security must be continuously enforced, context-aware, and resilient by design. This book demonstrates how Zero Trust, when strategically applied to AI environments, enables organizations to secure data pipelines, mitigate emergent threats, and maintain control over evolving digital ecosystems.

Key insights include

  • AI Through a Security Lens: Demystifies machine learning, generative AI, and large language models with a focus on operational and business impact.
  • Zero Trust Foundations: Provides a historical and architectural overview of Zero Trust, including Cisco's Five Zero Trust Categories.
  • Security by Design for AI: Offers guidance on protecting AI development workflows, from data ingestion and model training to inference and deployment.
  • Threat Mitigation Strategies: Addresses adversarial AI, data poisoning, shadow AI, and insider misuse through identity enforcement, segmentation, and telemetry.
  • Strategic Execution: Maps Zero Trust principles to regulatory frameworks including NIST AI RMF, EU AI Act, DORA, and ISO 27001, and provides actionable templates for running successful Zero Trust Segmentation Workshops.

Who Should Read This Book:

  • CISOs and security architects building AI-resilient architectures
  • AI and data leaders embedding AI into enterprise infrastructure
  • Risk, compliance, and governance professionals navigating regulatory change
  • Technical teams seeking secure-by-design methodologies for AI initiatives

Why This Matters Now:

AI systems are expanding faster than most organizations can govern them. The risks, ranging from operational disruption to model corruption, require proactive, architectural defenses. This book bridges the gap between AI innovation and trusted enterprise security.

Securing AI Using Zero Trust Principles delivers the strategic playbook for building resilient, trustworthy, and standards-aligned AI systems that can withstand the threats of today and tomorrow.

商品描述(中文翻譯)

使用零信任原則保障人工智慧安全

在快速演變的威脅環境中保護人工智慧系統的戰略指導

人工智慧正在重塑各行各業,推動醫療、金融、能源和政府等關鍵領域的創新。然而,隨著組織將人工智慧整合到業務運營中,他們也承擔了新的風險,而許多傳統的安全模型無法應對這些風險。對手正在武器化人工智慧,以自動化偵查、繞過防禦並利用脆弱系統。解決方案不是增加信任,而是減少信任。

零信任提供了一種基礎性的範式轉變:沒有身份、設備、系統或互動是天生可信的。安全必須持續執行、具備上下文意識,並在設計上具有韌性。本書展示了如何將零信任策略應用於人工智慧環境,使組織能夠保護數據管道、減輕新興威脅,並維持對不斷演變的數位生態系統的控制。

關鍵見解包括:


  • 從安全的角度看人工智慧: 揭示機器學習、生成式人工智慧和大型語言模型的奧秘,重點關注其對運營和商業的影響。


  • 零信任基礎: 提供零信任的歷史和架構概述,包括思科的五個零信任類別。


  • 為人工智慧設計的安全: 提供保護人工智慧開發工作流程的指導,涵蓋數據攝取、模型訓練到推理和部署。


  • 威脅緩解策略: 通過身份強制、分段和遙測來應對對抗性人工智慧、數據中毒、影子人工智慧和內部濫用。


  • 戰略執行: 將零信任原則映射到包括NIST AI RMF、EU AI Act、DORA和ISO 27001等監管框架,並提供可行的模板以成功運行零信任分段工作坊。

    • 誰應該閱讀本書:

  • 建立人工智慧韌性架構的CISO和安全架構師

  • 將人工智慧嵌入企業基礎設施的人工智慧和數據領導者

  • 在監管變革中導航的風險、合規和治理專業人士

  • 尋求為人工智慧計劃提供設計安全方法論的技術團隊

    • 為什麼這在現在很重要:

    人工智慧系統的擴展速度超過了大多數組織的治理能力。這些風險從操作中斷到模型損壞,要求主動的架構防禦。本書彌合了人工智慧創新與可信企業安全之間的鴻溝。

    使用零信任原則保障人工智慧安全 提供了建立韌性、可信賴且符合標準的人工智慧系統的戰略手冊,這些系統能夠抵禦當前和未來的威脅。

    作者簡介

    Cindy Green-Ortiz is a globally recognized cybersecurity strategist, principal architect, and trusted advisor to Fortune 100 enterprises and public sector leaders. With 40 years of experience in security and technology leadership, Cindy has guided complex organizations across industries--including financial services, healthcare, hospitality, military, energy, and manufacturing--in transforming their security posture and achieving sustainable business outcomes.

    At Cisco, Cindy is a principal security architect, leading global Zero Trust initiatives. She co-led Cisco's AI program, Wintermute, and co-led the Post Quantum Resistant Cryptography Working Group. As a Cisco Press author, Cindy translates technical depth into practical frameworks that inspire engineers, architects, and executive leaders alike. Her ability to bridge cutting-edge technology with security management has made her a sought-after public speaker and educator.

    Cindy has delivered impactful presentations and workshops at Cisco Live, Offensive Summit, Cisco Secure, ISC2, ISACA, and WiCyS, engaging audiences from the boardroom to the classroom. She is committed to mentoring the next generation of cybersecurity professionals and frequently collaborates with academic institutions to advance cybersecurity education, research, and policy.

    Publications:

    --Cisco Live Speaker: BRKXAR-2008: Navigating the Future of Cybersecurity: AI, Quantum-Resistant Cryptography, and Zero Trust (2025); BRKXAR-2008: Exploring the Paradigm Shift in Security: AI and Quantum Cryptography's Influence on Zero Trust (2025)

    --Co-Author: Zero Trust Architecture (2023)

    --Technical Editor: In Zero Trust We Trust (2024)

    --Cisco Insider Advocate: "Ask Me Anything" (2023)

    --Co-Author of a Cisco Whitepaper: "IPv6 Addressing Analysis for the US Army" (Clearance required, 2023)

    --Cisco Live Speaker: "BRKXAR-2008 Zero Trust Segmentation" (2022-2024)

    --DHS Whitepapers: "Going Dark: Impacts of Encryption" (2017); "Digital Blackmail (Ransomware) as an Emerging Tactic" (2016); Wang Laboratories, Chairman's Golden Circle

    Zig Zsiga, CCDE 2016::32, CCIE #44883, CISSP, has been in the networking industry for 20 years. He is currently a principal architect supporting the Cisco CX U.S. public sector business and customers. Zig holds an active CCDE and two CCIE certifications, one in Routing and Switching and the second in Service Provider. He also holds a BS in computer science from Park University. He is a father, a husband, a United States Marine, a gamer, a nerd, a geek, and a big soccer fan. Zig loves all technology and can usually be found in the lab learning and teaching others. This is his second published book, and he is also the host of the Zigbits Network Design Podcast (ZNDP), where he interviews leading industry experts about network design. All of Zig's content is located at https: //zigbits.tech.

    Publications:

    --Author: Cisco Certified Design Expert (CCDE 400-007) Official Cert Guide (2023)

    --Cisco Insider Advocate: "Ask Me Anything" (2023)

    --Cisco Live Speaker:

    --BRKRST-2044: Enterprise Multi-Homed Internet Edge Architectures (2017-Present)

    --LTRENT-2016: Learning IPv6 in the Enterprise for Fun and (Fake) Profit: A Hands-On Lab (2018-Present)

    --TECCRT-3005: CCDE Techtorial (2019-Present)

    --LTRCRT-3000: CCDE Practical Exam Practice Lab (2020-Present)

    --LTRENT-2016: Learning VxLAN in the Enterprise for Fun and (Fake) Profit: A Hands-On Lab (2024-Present)

    Saskia Laura Schröer holds a PhD with a specialization in Information Systems and an MSc focusing on data science. Saskia is certified in CCNP Enterprise and is a DevNet Associate, a WiCyS speaker, and a Cisco Live speaker. Saskia is a security consulting engineer in Cisco's EMEA Cybersecurity Centre of Excellence with almost 10 years of experience in consulting, IT audit, network engineering, and security. Her focus lies on the technical and organizational aspects of cybersecurity, across various sectors. In her PhD, supervised by Prof. Pavel Laskov, Saskia has developed a core expertise at the intersection of cybersecurity and artificial intelligence, which she is leveraging to drive innovation at Cisco.

    Publications:

    --Cisco Live Speaker: BRKXAR-1009: Exploring the Paradigm Shift in Security: AI and Post-Quantum's Influence on Zero Trust (2026)

    --Schroer, S. L., Apruzzese, G., Human, S., Laskov, P., Anderson, H. S., Bernroider, E. W., & Wang, G. (2025, April). "SoK: On the Offensive Potential of AI." In 2025 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML) (pp. 247-280). IEEE.

    --Schroer, S. L., Pajola, L., Castagnaro, A., Apruzzese, G., & Conti, M. (2025). "Exploiting AI for Attacks: On the Interplay Between Adversarial AI and Offensive AI." IEEE Intelligent Systems.

    --Schroer, S. L., Canevascini, N., Pekaric, I., Widmer, P., & Laskov, P. (2025, June). "The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence." In 2025 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 79-89). IEEE.

    --Schroer, S. L., Seideman, J. D., Luo, S., Apruzzese, G., Dietrich, S., & Laskov, P. (2025). "Using a Stack to Find an AI Needle: Topic Modeling for Cyber Threat Intelligence." Digital Threats: Research and Practice.

    --Weinz, M., Schroer, S. L., & Apruzzese, G. (2024, September). "'Hey Google, Remind Me to Be Phished' Exploiting the Notifications of the Google (AI) Assistant on Android for Social Engineering Attacks." In 2024 APWG Symposium on Electronic Crime Research (eCrime) (pp. 109-122). IEEE.

    作者簡介(中文翻譯)

    Cindy Green-Ortiz 是全球知名的網路安全策略家、首席架構師,以及財富 100 強企業和公共部門領導者的可信顧問。擁有 40 年的安全和技術領導經驗,Cindy 指導了來自金融服務、醫療保健、酒店、軍事、能源和製造等行業的複雜組織,幫助他們轉變安全姿態並實現可持續的商業成果。

    在思科(Cisco),Cindy 擔任首席安全架構師,負責全球的零信任(Zero Trust)倡議。她共同領導了思科的 AI 計劃 Wintermute,並共同領導了後量子抗性密碼學工作組。作為思科出版社的作者,Cindy 將技術深度轉化為實用框架,啟發工程師、架構師和高層領導者。她將尖端技術與安全管理相結合的能力,使她成為備受追捧的公共演講者和教育者。

    Cindy 在思科大會(Cisco Live)、攻擊峰會(Offensive Summit)、思科安全(Cisco Secure)、ISC2、ISACA 和 WiCyS 等活動中發表了影響深遠的演講和工作坊,吸引了從董事會到教室的觀眾。她致力於指導下一代網路安全專業人士,並經常與學術機構合作,推進網路安全教育、研究和政策。

    出版物:
    --思科大會演講者:BRKXAR-2008:導航網路安全的未來:AI、量子抗性密碼學和零信任(2025);BRKXAR-2008:探索安全中的範式轉變:AI 和量子密碼學對零信任的影響(2025)

    --共同作者:《零信任架構》(2023)

    --技術編輯:《在零信任中我們信任》(2024)

    --思科內部倡導者:'隨便問我任何問題'(2023)

    --思科白皮書共同作者:'美國陸軍的 IPv6 地址分析'(需要安全許可,2023)

    --思科大會演講者:'BRKXAR-2008 零信任分段'(2022-2024)

    --DHS 白皮書:'隱匿:加密的影響'(2017);'數位勒索(勒索病毒)作為新興戰術'(2016);王實驗室,主席金圈

    Zig Zsiga,CCDE 2016::32,CCIE #44883,CISSP,在網路行業工作了 20 年。他目前是支持思科 CX 美國公共部門業務和客戶的首席架構師。Zig 擁有有效的 CCDE 和兩個 CCIE 認證,一個是路由和交換,另一個是服務提供者。他還擁有來自公園大學的計算機科學學士學位。他是一位父親、一位丈夫、美國海軍陸戰隊員、一位遊戲玩家、一位書呆子、一位極客,以及一位足球迷。Zig 熱愛所有技術,通常可以在實驗室中學習和教導他人。這是他的第二本出版書籍,他也是 Zigbits 網路設計播客(ZNDP)的主持人,在該播客中他訪問行業領先專家,討論網路設計。Zig 的所有內容都位於 https://zigbits.tech。

    出版物:
    --作者:《思科認證設計專家(CCDE 400-007)官方認證指南》(2023)

    --思科內部倡導者:'隨便問我任何問題'(2023)

    --思科大會演講者:
    --BRKRST-2044:企業多重連接的網際網路邊緣架構(2017-至今)

    --LTRENT-2016:在企業中學習 IPv6 的樂趣與(虛假)利潤:實作實驗室(2018-至今)

    --TECCRT-3005:CCDE 技術講座(2019-至今)

    --LTRCRT-3000:CCDE 實用考試練習實驗室(2020-至今)

    --LTRENT-2016:在企業中學習 VxLAN 的樂趣與(虛假)利潤:實作實驗室(2024-至今)

    Saskia Laura Schröer 擁有資訊系統專業的博士學位和專注於數據科學的碩士學位。Saskia 擁有 CCNP 企業認證,並且是 DevNet 助理、WiCyS 演講者和思科大會演講者。Saskia 是思科 EMEA 網路安全卓越中心的安全顧問工程師,擁有近 10 年的諮詢、IT 審計、網路工程和安全經驗。她的重點在於網路安全的技術和組織方面,涵蓋各個行業。在她的博士研究中,在 Pavel Laskov 教授的指導下,Saskia 在網路安全和人工智慧的交集處發展了核心專業知識,並利用這些知識推動思科的創新。

    出版物:
    --思科大會演講者:BRKXAR-1009:探索安全中的範式轉變:AI 和後量子對零信任的影響(2026)

    --Schroer, S. L., Apruzzese, G., Human, S., Laskov, P., Anderson, H. S., Bernroider, E. W., & Wang, G. (2025年4月)。'SoK: AI 的攻擊潛力。' 收錄於《2025 IEEE 安全與可信機器學習會議(SaTML)》(第 247-280 頁)。IEEE。

    --Schroer, S. L., Pajola, L., Castagnaro, A., Apruzzese, G., & Conti, M. (2025)。'利用 AI 進行攻擊:對抗性 AI 和攻擊性 AI 之間的相互作用。'《IEEE 智能系統》。

    --Schroer, S. L., Canevascini, N., Pekaric, I., Widmer, P., & Laskov, P. (2025年6月)。'網路的黑暗面:理解網路威脅情報中的各種數據來源。' 收錄於《2025 IEEE 歐洲安全與隱私研討會工作坊(EuroS&PW)》(第 79-89 頁)。IEEE。

    --Schroer, S. L., Seideman, J. D., Luo, S., Apruzzese, G., Dietrich, S., & Laskov, P. (2025)。'使用堆疊找到 AI 的針:網路威脅情報的主題建模。'《數位威脅:研究與實踐》。

    --Weinz, M., Schroer, S. L., & Apruzzese, G. (2024年9月)。'嘿 Google,提醒我被釣魚' 利用 Google(AI)助手在 Android 上的通知進行社會工程攻擊。' 收錄於《2024 APWG 電子犯罪研究研討會(eCrime)》(第 109-122 頁)。IEEE。

    類似商品