Skip to main content
SpringerLink
Log in

Impact of Artificial Intelligence on Enterprise Information Security Management in the Context of ISO 27001 and 27002: A Tertiary Systematic Review and Comparative Analysis

  • Chapter
  • First Online:
Cybersecurity and Artificial Intelligence

  • 194 Accesses

Abstract

The use of Artificial Intelligence (AI) by enterprises has dramatically increased over the last decade and is estimated to accelerate further. This research aimed to identify, which impact AI will have on enterprise information security and how to address this in the context of the widely used security standards ISO 27001 and 27002. Guided by AI security aspects relating to AI enhanced cyber attacks, AI enhanced cyber defences, attacks against AI systems, AI malfunctions and AI human and societal impact, combined with the context of governance and regulations and additional dimensions of risk management and quantum computing, a systematic literature review was conducted to find current AI security challenges and defences, which were then comparatively analysed with ISO 27001/27002 controls. The results of this analysis confirmed, that existing ISO 27001 ISMS and security controls were not sufficient to address the emerging AI security challenges. To improve this lack of adequate security controls, six new security controls and ten modified existing security controls were proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Copeland BJ (2023) Artificial intelligence. Encyclopædia Britannica. https://www.britannica.com/technology/artificial-intelligence. Accessed 14 Nov 2023

  2. Perri L (2023) What’s new in artificial intelligence from the 2023 Gartner hype CycleTM, Gartner. https://www.gartner.com/en/articles/what-s-new-in-artificial-intelligence-from-the-2023-gartner-hype-cycle. Accessed 2 Sept 2023

  3. Vinsel L (2023) Don’t get distracted by the hype around generative AI, MIT Sloan management review. https://sloanreview.mit.edu/article/dont-get-distracted-by-the-hype-around-generative-ai/. Accessed 2 Sept 2023

  4. Bousquette I (2023) Companies increasingly fear backlash over their AI work. The Wall Street Journal. https://www.wsj.com/articles/companies-increasingly-fear-backlash-over-their-ai-work-53aff47c. Accessed 2 Sept 2023

  5. ISACA (2023) The promise and peril of the AI revolution: managing risk. Schaumburg. https://www.isaca.org/-/media/files/isacadp/project/isaca/resources/white-papers/the-promise-and-peril-of-ai__0923.pdf. Accessed 20 Sept 2023

  6. Financial Reporting Council (2018) The UK CORPORATE GOVERNANCE CODE. Financial Reporting Council, London. https://www.frc.org.uk/document-library/corporate-governance/2018/uk-corporate-governance-code-2018. Accessed 5 Sept 2023

  7. Taylor A et al (2020) Information security management principles, 3rd edn. BCS, Swindon

    Google Scholar 

  8. NIST (2020) Security and privacy controls for information systems and organizations. Gaithersburg, MD. https://doi.org/10.6028/NIST.SP.800-53r5

  9. NIST (2018) Framework for improving critical infrastructure cybersecurity, version 1.1. Gaithersburg, MD. https://doi.org/10.6028/NIST.CSWP.04162018

  10. ISACA (2018) COBIT 2019 framework: introduction and methodology. ISACA, Schaumburg

    Google Scholar 

  11. Mirtsch M, Kinne J, Blind K (2021) Exploring the adoption of the international information security management system standard ISO/IEC 27001: a web mining-based analysis. IEEE Trans Eng Manag 68(1):87–100. https://doi.org/10.1109/TEM.2020.2977815

    Article  Google Scholar 

  12. ISO/IEC (2023) Information security management systems: requirements (BS EN ISO/IEC 27001:2023). BSI Standards, London

    Google Scholar 

  13. ISO/IEC (2022) Information security controls (BS EN ISO/IEC 27002:2022). BSI Standards, London

    Google Scholar 

  14. Huntington C (2022) What do the ISO 27001 updates mean for your business? ISACA Now Blog. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/what-do-the-iso-27001-updates-mean-for-your-business. Accessed 5 Sept 2023

  15. Ahmed HSA (2023) A guide to the updated ISO/IEC 27002:2022 standard, part 1, @ISACA. https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2023/volume-7/a-guide-to-the-updated-iso-iec-27002-2022-standard-part-1. Accessed 5 Sept 2023

  16. NIST (2021) The five functions. https://www.nist.gov/cyberframework/online-learning/five-functions

  17. Kaloudi N, Li J (2021) The AI-based cyber threat landscape. ACM Comput Surv 53(1):1–34. https://doi.org/10.1145/3372823

    Article  Google Scholar 

  18. Hutchins E, Cloppert M, Amin R (2011) Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Armistead L (ed) ICIW2011-proceedings of the 6th international conference on information warfare and security. Academic Publishing International, Reading, pp 113–125

    Google Scholar 

  19. Guembe B et al (2022) The emerging threat of AI-driven cyber attacks: a review. Appl Artif Intell 36(1):e2037254. https://doi.org/10.1080/08839514.2022.2037254

    Article  Google Scholar 

  20. Mirsky Y et al (2023) The threat of offensive AI to organizations. Comput Sec 124:103006. https://doi.org/10.1016/j.cose.2022.103006

    Article  Google Scholar 

  21. MITRE (2023) Enterprise matrix. https://attack.mitre.org/matrices/enterprise/

  22. Kroll JA, Michael JB, Thaw DB (2021) Enhancing cybersecurity via artificial intelligence: risks, rewards, and frameworks. Computer 54(6):64–71. https://doi.org/10.1109/MC.2021.3055703

    Article  Google Scholar 

  23. Kaur R, Gabrijelčič D, Klobučar T (2023) Artificial intelligence for cybersecurity: literature review and future research directions. Inform Fus 97:101804. https://doi.org/10.1016/j.inffus.2023.101804

    Article  Google Scholar 

  24. NIST (2023) Cybersecurity framework components. https://www.nist.gov/cyberframework/online-learning/cybersecurity-framework-components. Accessed 2 Aug 2023

  25. Samoili S et al (2020) AI WATCH. Defining artificial intelligence. European Commission. https://doi.org/10.2760/382730

  26. IBM (2023) Cost of a data breach report 2023. Armonk

    Google Scholar 

  27. Zhang Z et al (2022) Explainable artificial intelligence applications in cyber security: state-of-the-art in research. IEEE Access 10:93104–93139. https://doi.org/10.1109/ACCESS.2022.3204051

    Article  Google Scholar 

  28. Rudin C (2019) Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead. Nat Mach Intell 1(5):206–215. https://doi.org/10.1038/s42256-019-0048-x

    Article  Google Scholar 

  29. Slack D et al (2023) Explaining machine learning models with interactive natural language conversations using TalkToModel. Nat Mach Intell 5(8):873–883. https://doi.org/10.1038/s42256-023-00692-8

    Article  Google Scholar 

  30. Chung MH et al (2023) Implementing data exfiltration defense in situ: a survey of countermeasures and human involvement. ACM Comput Surv 55(14):303. https://doi.org/10.1145/3582077

    Article  Google Scholar 

  31. Wang Z et al (2023) Threats to training: a survey of poisoning attacks and defenses on machine learning systems. ACM Comput Surv 55(7):1–36. https://doi.org/10.1145/3538707

    Article  Google Scholar 

  32. Liu W et al (2021) Two sides of the same coin: boons and banes of machine learning in hardware security. IEEE J Emerg Select Top Circ Syst 11(2):228–251. https://doi.org/10.1109/JETCAS.2021.3084400

    Article  Google Scholar 

  33. Akhtar N, Mian A (2018) Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6:14410–14430. https://doi.org/10.1109/ACCESS.2018.2807385

    Article  Google Scholar 

  34. Shumailov I et al (2021) ‘Sponge examples: energy-latency attacks on neural networks. In: Proceedings of the 2021 IEEE European symposium on security and privacy, Euro S and P 2021, pp 212–231. https://doi.org/10.1109/EUROSP51992.2021.00024

  35. Caviglione L et al (2023) Emerging challenges and perspectives in deep learning model security: a brief survey. Syst Soft Comput 5:200050. https://doi.org/10.1016/J.SASC.2023.200050

    Article  Google Scholar 

  36. Mehrabi N et al (2021) A survey on bias and fairness in machine learning. ACM Comput Surv 54(6):607. https://doi.org/10.1145/3457607

    Article  Google Scholar 

  37. Ji Z et al (2023) Survey of hallucination in natural language generation. ACM Comput Surv 55(12):1–38. https://doi.org/10.1145/3571730

    Article  Google Scholar 

  38. Edwards B (2023) Why ChatGPT and Bing Chat are so good at making things up|Ars Technica, ars technica. https://arstechnica.com/information-technology/2023/04/why-ai-chatbots-are-the-ultimate-bs-machines-and-how-people-hope-to-fix-them/. Accessed 21 Aug 2023

  39. McGowan A et al (2023) ChatGPT and bard exhibit spontaneous citation fabrication during psychiatry literature search. Psych Res 326:115334. https://doi.org/10.1016/j.psychres.2023.115334

    Article  Google Scholar 

  40. Hanif MA et al (2018) Robust machine learning systems: reliability and security for deep neural networks. In: Proceedings of the 2018 IEEE 24th international symposium on on-line testing and robust system design, IOLTS 2018, pp 257–260. https://doi.org/10.1109/IOLTS.2018.8474192

  41. Bankins S, Formosa P (2019) When AI meets PC: exploring the implications of workplace social robots and a human-robot psychological contract. Eur J Work Org Psychol 29(2):215–229. https://doi.org/10.1080/1359432X.2019.1620328

    Article  Google Scholar 

  42. Oravec JA (2023) Rage against robots: Emotional and motivational dimensions of anti-robot attacks, robot sabotage, and robot bullying. Technol Forecast Soc Change 189:122249. https://doi.org/10.1016/J.TECHFORE.2022.122249

    Article  Google Scholar 

  43. Dattathrani S, De R (2023) The concept of agency in the era of artificial intelligence: dimensions and degrees. Inform Syst Front 25(1):29–54. https://doi.org/10.1007/S10796-022-10336-8/FIGURES/4

    Article  Google Scholar 

  44. Salo-Pöntinen H (2021) AI ethics-critical reflections on embedding ethical frameworks in AI technology. Lect Notes Comput Sci 12795:311–329. https://doi.org/10.1007/978-3-030-77431-8_20

    Article  Google Scholar 

  45. Gillespie N et al (2023) Trust in artificial intelligence: a global study. https://doi.org/10.14264/00d3c94

  46. Thieullent A-L et al (2019) Why addressing ethical questions in AI will benefit organizations. https://www.capgemini.com/gb-en/wp-content/uploads/sites/5/2022/05/AI-in-Ethics_Web.pdf. Accessed 3 Oct 2023

  47. Tabassi E (2023) NIST AI 100-1: artificial intelligence risk management framework (AI RMF 1.0). NIST, Gaithersburg

    Google Scholar 

  48. Oprea A, Vassilev A (2023) Adversarial machine learning: a taxonomy and terminology of attacks and mitigations (draft). Gaithersburg. https://doi.org/10.6028/NIST.AI.100-2e2023.ipd

  49. ISO/IEC (2022) Draft BS ISO/IEC 42001 information technology: artificial intelligence—management system. BSI Group, Geneva

    Google Scholar 

  50. ISO/IEC (2022) ISO/IEC AWI 27090: cybersecurity—artificial intelligence—guidance for addressing security threats and failures in artificial intelligence systems. https://www.iso.org/standard/56581.html. Accessed 25 Aug 2023

  51. ISO/IEC (2020) ISO/IEC TR 24028:2020: information technology—artificial intelligence—overview of trustworthiness in artificial intelligence. BSI Standards, London

    Google Scholar 

  52. European Commission (2021) Proposed EU regulation COM/2021/206. European Union, Brussels. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52021PC0206. Accessed 25 Aug 2023

  53. CDEI (2021) The roadmap to an effective AI assurance ecosystem. Centre for Data Ethics and Innovation, London. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1039146/The_roadmap_to_an_effective_AI_assurance_ecosystem.pdf. Accessed 25 Aug 2023

  54. HM Government (2021) National AI strategy. Office for Artificial Intelligence, London. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1020402/National_AI_Strategy_-_PDF_version.pdf. Accessed 25 Aug 2023

  55. DSIT (2023) A pro-innovation approach to AI regulation (CP 815). Crown. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1176103/a-pro-innovation-approach-to-ai-regulation-amended-web-ready.pdf. Accessed 25 Aug 2023

  56. NCSC (2022) Principles for the security of machine learning. https://www.ncsc.gov.uk/collection/machine-learning. Accessed 7 Sept 2023

  57. Zhu Y, Yu K (2023) Artificial intelligence (AI) for quantum and quantum for AI. Opt Quant Electr 55(8):1–26

    Article  Google Scholar 

  58. Kaur D, Uslu S, Durresi A (2023) Quantum algorithms for trust-based AI applications. Lect Notes Data Eng Commun Technol 176:1–12. https://doi.org/10.1007/978-3-031-35734-3_1/COVER

    Article  Google Scholar 

  59. Krenn M et al (2023) Artificial intelligence and machine learning for quantum technologies. Phys Rev A 107(1):010101

    Article  Google Scholar 

  60. Nouioua T, Belbachir AH (2023) The quantum computer for accelerating image processing and strengthening the security of information systems. Chin J Phys 81:104–124. https://doi.org/10.1016/J.CJPH.2022.11.006

    Article  MathSciNet  Google Scholar 

  61. Barker E (2020) Recommendation for key management: part 1—general. https://doi.org/10.6028/NIST.SP.800-57PT1R5

  62. Rosch-Grace D, Straub J (2022) Analysis of the likelihood of quantum computing proliferation. Technol Soc 68:101880. https://doi.org/10.1016/J.TECHSOC.2022.101880

    Article  Google Scholar 

  63. Nicesio OK, Leal AG, Gava VL (2023) Quantum machine learning for network intrusion detection systems, a systematic literature review. In: Proceedings of the 2023 IEEE 2nd international conference on AI in cybersecurity, ICAIC 2023. https://doi.org/10.1109/ICAIC57335.2023.10044125

  64. Sharma N, Ketti Ramachandran R (2021) The emerging trends of quantum computing towards data security and key management. Arch Comput Methods Eng 28(7):5021–5034. https://doi.org/10.1007/S11831-021-09578-7/TABLES/3

    Article  MathSciNet  Google Scholar 

  65. Yavuz AA et al (2022) Distributed cyber-infrastructures and artificial intelligence in hybrid post-quantum era. In: Proceedings of the 2022 IEEE 4th international conference on trust, privacy and security in intelligent systems, and applications, TPS-ISA 2022, pp 29–38. https://doi.org/10.1109/TPS-ISA56441.2022.00014

  66. Serrano MA et al (2023) Towards a quantum world in cybersecurity land. In: Bellucci A et al (eds) Proceedings of the 9th international symposium on end-user development (IS-EUD 2023). CEUR workshop proceedings, Cagliari. https://ceur-ws.org/Vol-3408/short-s3-02.pdf. Accessed 21 Aug 2023

  67. Sanchez LE et al (2023) New frontiers in security risk management. IT Prof 25(3):61–67. https://doi.org/10.1109/MITP.2023.3251720

    Article  Google Scholar 

  68. Erdogan G et al (2021) A systematic mapping study on approaches for Al-supported security risk assessment. In: Proceedings of the 2021 IEEE 45th annual computers, software, and applications conference (COMPSAC). IEEE, pp 755–760. https://doi.org/10.1109/COMPSAC51774.2021.00107

  69. Hosam O (2022) Intelligent risk management using artificial intelligence. In: Proceedings of the 2022 advances in science and engineering technology international conferences, ASET 2022. https://doi.org/10.1109/ASET53988.2022.9734861

  70. Rosado DG et al (2022) Managing cybersecurity risks of cyber-physical systems: the MARISMA-CPS pattern. Comput Ind 142:103715. https://doi.org/10.1016/J.COMPIND.2022.103715

    Article  Google Scholar 

  71. Pickard AJ (2013) Research methods in information, 2nd edn. Facet Publishing, London

    Google Scholar 

  72. Elsevier (2023) Scopus: document search. https://www.scopus.com/search/form.uri. Accessed 7 Sept 2023

  73. IEEE (2023) IEEE Xplore. https://ieeexplore.ieee.org/Xplore. Accessed 19 Sept 2023

  74. Raatikainen M, Tiihonen J, Männistö T (2019) Software product lines and variability modeling: a tertiary study. J Syst Softw 149:485–510. https://doi.org/10.1016/J.JSS.2018.12.027

    Article  Google Scholar 

  75. Kitchenham B et al (2010) Systematic literature reviews in software engineering: a tertiary study. Inform Softw Technol 52(8):792–805. https://doi.org/10.1016/J.INFSOF.2010.03.006

    Article  Google Scholar 

  76. Wohlin C et al (2022) Successful combination of database search and snowballing for identification of primary studies in systematic literature studies. Inform Softw Technol 147:106908. https://doi.org/10.1016/j.infsof.2022.106908

    Article  Google Scholar 

  77. Rihoux B (2006) ‘Qualitative comparative analysis (QCA) and related systematic comparative methods. Int Sociol 21(5):679–706. https://doi.org/10.1177/0268580906067836

    Article  Google Scholar 

  78. Mattke J et al (2021) Qualitative comparative analysis in the information systems discipline: a literature review and methodological recommendations. Internet Res 31(5):1493–1517. https://doi.org/10.1108/INTR-09-2020-0529

    Article  Google Scholar 

  79. AIAAIC (2023) AIAAIC repository. https://www.aiaaic.org/aiaaic-repository

  80. Yuan S, Wu X (2021) Deep learning for insider threat detection: review, challenges and opportunities. Comput Sec 104:2221. https://doi.org/10.1016/J.COSE.2021.102221

    Article  Google Scholar 

  81. Dasgupta D, Akhtar Z, Sen S (2022) Machine learning in cybersecurity: a comprehensive survey. J Def Model Simul 19(1):57–106. https://doi.org/10.1177/1548512920951275

    Article  Google Scholar 

  82. Huang Y, Huang L, Zhu Q (2022) Reinforcement learning for feedback-enabled cyber resilience. Ann Rev Control 53:273–295. https://doi.org/10.1016/J.ARCONTROL.2022.01.001

    Article  MathSciNet  Google Scholar 

  83. Nguyen TT, Reddi VJ (2023) Deep reinforcement learning for cyber security. IEEE Trans Neural Netw Learn Syst 34(8):3779–3795. https://doi.org/10.1109/TNNLS.2021.3121870

    Article  Google Scholar 

  84. Aldoseri A, Al-Khalifa KN, Hamouda AM (2023) Re-thinking data strategy and integration for artificial intelligence: concepts, opportunities, and challenges. Appl Sci 13(12):82. https://doi.org/10.3390/APP13127082

    Article  Google Scholar 

  85. Capuano N et al (2022) Explainable artificial intelligence in cybersecurity: a survey. IEEE Access 10:93575–93600. https://doi.org/10.1109/ACCESS.2022.3204171

    Article  Google Scholar 

  86. Guo Y (2023) A review of machine learning-based zero-day attack detection: challenges and future directions. Comput Commun 198:175–185. https://doi.org/10.1016/J.COMCOM.2022.11.001

    Article  Google Scholar 

  87. Gilpin LH et al (2019) Explaining explanations: an overview of interpretability of machine learning. In: Proceedings of the 2018 IEEE 5th international conference on data science and advanced analytics, DSAA 2018, pp 80–89. https://doi.org/10.1109/DSAA.2018.00018

  88. Berghoff C, Neu M, von Twickel A (2020) Vulnerabilities of connectionist AI applications: evaluation and defense. Front Big Data 3:23. https://doi.org/10.3389/FDATA.2020.00023

    Article  Google Scholar 

  89. Berman DS et al (2019) A survey of deep learning methods for cyber security. Information 10(4):122. https://doi.org/10.3390/INFO10040122

    Article  Google Scholar 

  90. Liu H et al (2023) Trustworthy AI: a computational perspective. ACM Trans Intell Syst Technol 14(1):1–59. https://doi.org/10.1145/3546872

    Article  Google Scholar 

  91. Ramachandran KK et al (2023) Using AI for risk management and improved business resilience, pp 978–982. https://doi.org/10.1109/ICACITE57410.2023.10182662

  92. Biggio B, Roli F (2018) Wild patterns: ten years after the rise of adversarial machine learning. Pattern Recogn 84:317–331. https://doi.org/10.1016/J.PATCOG.2018.07.023

    Article  Google Scholar 

  93. Kaur D et al (2023) Trustworthy artificial intelligence: a review. ACM Comput Surv 55(2):209. https://doi.org/10.1145/3491209

    Article  Google Scholar 

  94. Polemi N, Praça I (2023) Multilayer framework for good cybersecurity practices for AI. Attiki. https://doi.org/10.2824/588830

  95. Feng T et al (2023) A review of speech-centric trustworthy machine learning: privacy, safety, and fairness. APSIPA Trans Sig Inform Process 12(3):84. https://doi.org/10.1561/116.00000084

    Article  Google Scholar 

  96. Liu X et al (2021) Privacy and security issues in deep learning: a survey. IEEE Access 9:4566–4593. https://doi.org/10.1109/ACCESS.2020.3045078

    Article  Google Scholar 

  97. Tayyab M et al (2023) A comprehensive review on deep learning algorithms: security and privacy issues. Comput Sec 131:297. https://doi.org/10.1016/J.COSE.2023.103297

    Article  Google Scholar 

  98. Alotaibi A, Rassam MA (2023) Adversarial machine learning attacks against intrusion detection systems: a survey on strategies and defense. Fut Internet 15(2):62. https://doi.org/10.3390/FI15020062

    Article  Google Scholar 

  99. Tanuwidjaja HC et al (2020) Privacy-preserving deep learning on machine learning as a service-a comprehensive survey. IEEE Access 8:167425–167447. https://doi.org/10.1109/ACCESS.2020.3023084

    Article  Google Scholar 

  100. Li B et al (2023) Trustworthy AI: from principles to practices. ACM Comput Surv 55(9):803. https://doi.org/10.1145/3555803

    Article  Google Scholar 

  101. Sousa S, Kern R (2023) How to keep text private? A systematic review of deep learning methods for privacy-preserving natural language processing. Artif Intell Rev 56(2):1427–1492. https://doi.org/10.1007/S10462-022-10204-6

    Article  Google Scholar 

  102. OWASP (2023) OWASP Top 10 for LLM applications. https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_0_1.pdf. Accessed 7 Sept 2023

  103. Macas M, Wu C, Fuertes W (2022) A survey on deep learning for cybersecurity: progress, challenges, and opportunities. Comput Netw 212:109032. https://doi.org/10.1016/j.comnet.2022.109032

    Article  Google Scholar 

  104. AI HLEG (2019) Ethics guidelines for trustworthy AI. Brussels. https://digital-strategy.ec.europa.eu/en/library/ethics-guidelines-trustworthy-ai. Accessed 9 Aug 2023

  105. van Giffen B, Herhausen D, Fahse T (2022) Overcoming the pitfalls and perils of algorithms: a classification of machine learning biases and mitigation methods. J Bus Res 144:93–106. https://doi.org/10.1016/J.JBUSRES.2022.01.076

    Article  Google Scholar 

  106. Werder K, Ramesh B, Zhang RS (2022) Establishing data provenance for responsible artificial intelligence systems. ACM Trans Manag Inform Syst 13(2):488. https://doi.org/10.1145/3503488

    Article  Google Scholar 

  107. Kortum H et al (2022) Towards the operationalization of trustworthy AI: integrating the EU assessment list into a procedure model for the development and operation of AI-systems. Lect Notes Inform Proceed Gesellschaft fur Informatik 326:283–299. https://doi.org/10.18420/INF2022_26

  108. Qadir J, Islam MQ, Al-Fuqaha A (2022) Toward accountable human-centered AI: rationale and promising directions. J Inform Commun Ethics Soc 20(2):329–342. https://doi.org/10.1108/JICES-06-2021-0059

    Article  Google Scholar 

  109. Equality Act (2010) c. 15. https://www.legislation.gov.uk/ukpga/2010/15/contents. Accessed 2 Nov 2023

  110. Lashkari M, Cheng J (2023) “Finding the magic sauce”: exploring perspectives of recruiters and job seekers on recruitment bias and automated tools. In: Proceedings of the conference on human factors in computing systems, p 16. https://doi.org/10.1145/3544548.3581548

  111. Aiyanyo ID, Samuel H, Lim H (2020) A systematic review of defensive and offensive cybersecurity with machine learning. Appl Sci 10(17):811. https://doi.org/10.3390/APP10175811

    Article  Google Scholar 

  112. Ali A et al (2023) The effect of artificial intelligence on cybersecurity. In: Proceedings of the 2nd international conference on business analytics for technology and security, ICBATS 2023. https://doi.org/10.1109/ICBATS57792.2023.10111151

  113. He K, Kim DD, Asghar MR (2023) Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Commun Surv Tutor 25(1):538–566. https://doi.org/10.1109/COMST.2022.3233793

    Article  Google Scholar 

  114. Jaber A, Fritsch L (2023) Towards AI-powered cybersecurity attack modeling with simulation tools: review of attack simulators. Lect Notes Netw Syst 571:249–257. https://doi.org/10.1007/978-3-031-19945-5_25

    Article  Google Scholar 

  115. Jaber AN, Fritsch L (2021) COVID-19 and global increases in cybersecurity attacks: review of possible adverse artificial intelligence attacks. In: ICSEC 2021—25th international computer science and engineering conference, pp 434–442. https://doi.org/10.1109/ICSEC53205.2021.9684603

  116. Kamoun F et al (2020) AI and machine learning: a mixed blessing for cybersecurity. In: Proceedings of the 2020 international symposium on networks, computers and communications, ISNCC 2020. https://doi.org/10.1109/ISNCC49221.2020.9297323

  117. Laato S et al (2021) How to explain AI systems to end users: a systematic literature review and research agenda. Internet Res 32(7):1–31. https://doi.org/10.1108/INTR-08-2021-0600

    Article  Google Scholar 

  118. Li S et al (2022) Backdoors against natural language processing: a review. IEEE Sec Priv 20(5):50–59. https://doi.org/10.1109/MSEC.2022.3181001

    Article  MathSciNet  Google Scholar 

  119. Liu Q et al (2018) A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 6:12103–12117. https://doi.org/10.1109/ACCESS.2018.2805680

    Article  Google Scholar 

  120. Miao Y et al (2022) Machine learning based cyber attacks targeting on controlled information: a survey. ACM Comput Surv 54(7):171. https://doi.org/10.1145/3465171

    Article  Google Scholar 

  121. Miller DJ, Xiang Z, Kesidis G (2020) Adversarial learning targeting deep neural network classification: a comprehensive review of defenses against attacks. Proceed IEEE 108(3):402–433. https://doi.org/10.1109/JPROC.2020.2970615

    Article  Google Scholar 

  122. Moher D et al (2010) Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement. Int J Surg 8(5):336–341. https://doi.org/10.1016/J.IJSU.2010.02.007

    Article  Google Scholar 

  123. Ntoutsi E et al (2020) Bias in data-driven artificial intelligence systems: an introductory survey. Wiley Interdiscip Rev Data Min Knowl Discov 10(3):1356. https://doi.org/10.1002/WIDM.1356

    Article  Google Scholar 

  124. Rizvi S et al (2022) Application of artificial intelligence to network forensics: survey, challenges and future directions. IEEE Access 10:110362–110384. https://doi.org/10.1109/ACCESS.2022.3214506

    Article  Google Scholar 

  125. Shneiderman B (2020) Bridging the gap between ethics and practice: Guidelines for reliable, safe, and trustworthy human-centered AI systems. ACM Trans Interact Intell Syst 10(4):764. https://doi.org/10.1145/3419764

    Article  Google Scholar 

  126. Tapeh ATG, Naser MZ (2023) Artificial intelligence, machine learning, and deep learning in structural engineering: a scientometrics review of trends and best practices. Arch Comput Methods Eng 30(1):115–159. https://doi.org/10.1007/s11831-022-09793-w

    Article  Google Scholar 

  127. Von Twickel A (2023) Towards secure AI systems: approach and role of the German BSI: ENISA AI cybersecurity conference. https://www.enisa.europa.eu/events/2023-enisa-ai-cybersecurity-conference/20230607-enisa-ai-cybersecurity-conference-bsi-approach-v02_pub.pdf

Download references

Author information

Authors and Affiliations

  1. Northumbria University London, London, UK

    Heiko Kreutz & Hamid Jahankhani

Authors
  1. Heiko Kreutz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hamid Jahankhani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamid Jahankhani .

Editor information

Editors and Affiliations

  1. Northumbria University London, London, UK

    Hamid Jahankhani

  2. School of Business & Law, Anglia Ruskin University, Chelmsford, Essex, UK

    Gordon Bowen

  3. School of Architecture, Comp. and Eng., University of East London, London, UK

    Mhd Saeed Sharif

  4. London, UK

    Osama Hussien

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kreutz, H., Jahankhani, H. (2024). Impact of Artificial Intelligence on Enterprise Information Security Management in the Context of ISO 27001 and 27002: A Tertiary Systematic Review and Comparative Analysis. In: Jahankhani, H., Bowen, G., Sharif, M.S., Hussien, O. (eds) Cybersecurity and Artificial Intelligence. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-52272-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-52272-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-52271-0

  • Online ISBN: 978-3-031-52272-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation