• ✔ Best practices for Auditing AI systems
• ✔ Frameworks for AI Governance and Accountability
• ✔ Understanding AI Risk, Controls and Compliance requirements
• ✔ Regulatory readiness for Global AI standards
• ✔ Security assurance for Machine Learning and Automation
• ✔ Practical methodologies for AI Transparency and Oversight

• ✔ Chief Information Officers, CISOs and Technology Executives shaping digital trust strategies
• ✔ Internal and External Auditors responsible for assessing AI-driven controls
• ✔ Risk and Compliance Officers overseeing regulatory alignment
• ✔ Cybersecurity and IT Governance Professionals working with intelligent systems
• ✔ Data Protection Officers and Privacy Specialists ensuring ethical data use
• ✔ AI System Owners, Project Managers and Product Leaders implementing automated decision-making tools
• ✔ Legal, Policy and Ethics Advisors guiding responsible AI adoption
• ✔ Regulators and Public Sector Officials building oversight frameworks

• ✔ Stay ahead of emerging AI regulations and global compliance standards
• ✔ Gain Practical Auditing Tools to evaluate AI systems with confidence
• ✔ Strengthen your organization’s Security Posture in the age of automation
• ✔ Learn how to identify and mitigate AI-Driven Risks and Vulnerabilities
• ✔ Improve governance through Transparent and Accountable AI oversight
• ✔ Enhance your credibility as a Future-Ready Audit and Compliance Leader
• ✔ Understand the Ethics and Trust required for responsible AI operations
• ✔ Connect with peers and experts shaping the Future of Intelligent Systems Assurance

"If you can't audit it, you don't own it."

Day 1 – Governance, Compliance & Strategic Alignment

1. Introduction to AI Security & Risk Landscape

• • 1.1 Understanding the AI Ecosystem
• • Key components: data, models, algorithms, inference layers
• • Enterprise AI use cases and business applications
• • Stakeholder mapping: business, security, compliance, data teams

1.2 AI Security Risks & Threats

• • Conceptual overview: data poisoning, model inversion, prompt injection
• • Attack vectors across AI pipelines
• • Real-world incidents and lessons learned

1.3 Global Framework Overview

• • ISO/IEC 42001:2023 – AI Management System
• • NIST AI Risk Management Framework (RMF)
• • MITRE ATLAS, OECD AI Principles, EU AI Act highlights

1.4 The Need for AI Security Auditing

• • Limitations of traditional ISMS or VAPT approaches
• • Emerging assurance layers: explainability, fairness, governance
• • Business impact of insecure or non-compliant AI systems

2. Governance & Strategy Alignment

2.1 Establishing an AI Governance Model

• • Defining roles: Board, Risk Committee, CISO, DPO, AI Ethics Board
• • AI-specific RACI: ownership of model, data, audit
• • Creating a cross-functional “AI Trust Office”

2.2 Policy & Framework Integration

• • Aligning AI policies with ISMS and data governance frameworks
• • Developing AI Use Policy, Model Lifecycle Policy, Responsible AI Charter Risk acceptance and exception management

2.3 Risk-Based Approach to AI

• • Criticality assessment of AI systems (low/medium/high)
• • Mapping risks to business impact
• • Defining AI risk appetite and tolerance

2.4 Workshop

• • Map an enterprise AI use case to governance and risk domains

3. Regulatory & Legal Compliance

3.1 Global & Indian Regulatory Landscape

• • ISO 42001, NIST AI RMF, EU AI Act, OECD AI Principles
• • Indian DPDP Act 2023: data minimization, consent, accountability
• • Sectoral guidance: RBI, SEBI, MeitY

3.2 Data Protection & AI

• • Sensitive data handling in model training
• • Lawful basis for processing and automated decision-making
• • De-identification, pseudonymization, and anonymization

3.3 Accountability & Transparency

• • Explainability and audit obligations
• • Documentation, traceability, and responsible AI frameworks

3.4 Audit & Reporting Requirements

• • AI impact assessments
• • Records of processing and model governance logs
• • Role of AI assurance and third-party audits

3.5 Case Study Discussion

• • Non-compliance analysis: AI in credit scoring or hiring

4. Cybersecurity & Resilience in AI Systems

4.1 AI Threat Landscape

• • Adversarial inputs, data poisoning, model manipulation
• • Prompt injection vulnerabilities in LLMs
• • Risks from pre-trained and open-source models

4.2 Secure AI Design Principles

• • Security-by-design vs. ethics-by-design
• • Threat modeling for AI pipelines
• • Control families: data, model, interface, infrastructure

4.3 AI Incident Response

• • Identifying AI-specific incidents: model drift, bias exploitation
• • Integration with SIEM/SOC systems

4.4 AI Resilience & Recovery

• • Model versioning, rollback, backup strategies
• • Drift detection and retraining policies

Day 2 – Risk, Lifecycle & Audit Design

5. Data Lifecycle & Model Management

5.1 AI Data Governance

• • Data sourcing, curation, validation
• • Lineage tracking, labeling accuracy, bias mitigation

5.2 Model Lifecycle Management

• • Model registration, validation, deployment
• • Access control, configuration baseline
• • Versioning and rollback strategies

5.3 Monitoring & Maintenance

• • Detecting model drift, retraining triggers
• • Continuous monitoring: accuracy, bias, latency
• • Secure logging and traceability

5.4 Compliance Controls

• • Audit trails for datasets and models
• • Explainability reports and impact documentation
• • Alignment with DPDP/ISO controls

6. AI Audit Framework & Maturity Assessment

6.1 Designing an AI Security Audit Framework

• • Defining scope, objectives, and control domains
• • Governance, data, model, operations, ethics

6.2 Audit Planning & Execution

• • Building ISO 42001 audit checklist
• • Sampling, evidence collection, stakeholder interviews

6.3 Reporting & Assurance

• • Executive dashboards, heatmaps, assurance statements

6.4 Workshop

• • Develop AI audit plan for a BFSI use case

7. Ethics, Emerging Trends & Wrap-Up

7.1 AI Ethics & Responsible AI

• • Fairness, transparency, accountability
• • Human-in-the-loop obligations
• • Avoiding bias and discrimination

7.2 Emerging Trends

• • AI for cyber defense and autonomous security
• • Generative AI governance
• • AI watermarking, provenance tracking, red teaming

7.3 Enterprise Roadmap

• • Building internal AI assurance capabilities
• • Establishing an AI Security Charter
• • Future of AI audit certifications and skill development

7.4 Closing Discussion

• • Recap & key takeaways
• • Participant Q&A & action plan drafting

Sahil Pahwa - Co-founder & Virtual CISO - The Intect

Serve as Virtual CISO for enterprises across energy, BFSI, and technology sectors - Designed incident response playbooks for high-stakes 24x7 operational environments in the energy sector - Directed red team simulations to uncover attack paths against OT/ICS and IT environments - Guided leadership teams in meeting compliance mandates while enabling business growth - Built end-to-end cybersecurity governance programs, linking board priorities to ground-level defenses

Impact Highlights: ✔ Helped an oil & gas client strengthen resilience against ransomware by re-architecting their incident response and patching process ✔ Reduced risk exposure for a critical infrastructure provider by aligning OT/ICS security controls with ISO 27001 & NIST standards.

With over a decade of experience, I’ve helped organizations in oil & gas, energy, BFSI, and other critical sectors secure what matters most — operations, safety, and continuity. My work spans from boardroom advisory to red team operations, giving me a rare ability to translate threats into board-level risk and strategy. As Co-Founder & vCISO at The Intect (CERT-In empanelled), I advise enterprises on: - Defending critical infrastructure & OT/ICS environments from evolving adversaries - Building cyber resilience programs against ransomware, supply-chain threats, and nation-state tactics - Aligning cyber strategy with compliance mandates (ISO 27001, NIST, CSCRF, DPDP, CERT-In) - Creating security-aware cultures through training, phishing simulations, and tabletop exercises In short: I ensure that security fuels continuity instead of slowing it down.

---

Rahul Tyagi, Co-Founder, Safe Security - (Honorable Guest Training)

A global leader in cyber risk quantification and management that empowers enterprises to accurately measure and mitigate cyber risks in real time. With a vision to transform the way organizations approach cybersecurity, Rahul has played a pivotal role in building Safe Security’s platform into one of the most trusted solutions for risk-based decision-making, enabling Fortune 500 companies and governments worldwide to proactively strengthen their security posture. Recognized in Fortune’s 40 Under 40 list, he brings together a unique blend of deep technical expertise, product innovation, and business leadership. At Safe Security, Rahul drives product strategy, market growth, and global partnerships, ensuring the company stays ahead of emerging cyber threats in an evolving digital landscape.

Beyond Safe Security, Rahul is a Technical Advisor to the FAIR Institute, where he contributes to advancing industry-wide standards for cyber risk quantification. He is also a sought-after thought leader, regularly featured in leading publications and media, sharing insights on cybercrime, LinkedIn scams, deepfakes, and AI-driven threats. As a frequent keynote speaker at global conferences and security summits, he is known for translating complex technical issues into actionable strategies for business leaders and policymakers alike. Passionate about spreading cybersecurity awareness, Rahul continues to inspire organizations to move from reactive approaches to a culture of predictive, data-driven cyber resilience, making him a recognized voice in the global cybersecurity ecosystem.