augustogh/ENISA-AI-Cybersecurity-Matrix

# ENISA-AI-Cybersecurity-Matrix 基于 ENISA（欧盟网络安全局）框架的人工智能 (AI) 系统网络安全威胁分析与矩阵。包括与 CIA 三要素、受影响组件以及 ML 生命周期的映射。 由于原始请求是用西班牙语提出的，我将按要求生成英文描述，但为了与对话语言保持一致，我将保留其余回复为西班牙语（如 GitHub 说明）。 这是针对该仓库的英文描述： ## 仓库描述 ### 简短描述 “基于 **ENISA**（欧盟网络安全局）框架的人工智能 (AI) 系统网络安全威胁分析与矩阵。包括与 CIA 三要素、受影响组件以及 ML 生命周期的映射。” ### README.md (英文版) ``` # 🛡️ AI 系统 Cybersecurity 威胁矩阵 (ENISA) This repository contains the cybersecurity threat matrix for Artificial Intelligence (AI) systems, structured and rationalized based on the framework from the **European Union Agency for Cybersecurity (ENISA)**. The objective is to provide a reference tool for **risk management** in Machine Learning (ML) projects, allowing users to identify, evaluate, and mitigate vulnerabilities throughout the AI lifecycle. ## 📊 核心内容 The main file is `Amenazas_IA_ENISA_racional.json`, which details each threat with the following metrics: | Key Column | Description | | :--- | :--- | | `Threat Category` | General category to which the threat belongs (e.g., Unintentional Damage, Abuse). | | `Threat` | Specific name of the threat (e.g., Data Poisoning, Data Quality Failure). | | `Racional` | Spanish justification and context for the threat, often with references to standards. | | **Confidentiality** | Impact on Confidentiality (CIA triad). | | **Integrity** | Impact on Integrity (CIA triad). | | **Availability** | Impact on Availability (CIA triad). | | **Artefacts/Data/Models/Actors/Environment** | Component of the AI system affected. | | **Lifecycle Phases (1 to 12)** | Indicates the phase of the ML project where the threat is relevant (e.g., Training, Deployment). | ## 🛠️ 如何使用 This dataset can be utilized by: 1. **Machine Learning Engineers (MLOps):** To integrate security controls into the model training and deployment stages. 2. **Risk and Security Analysts:** To perform specific risk assessments for AI systems. 3. **Researchers:** As a foundation for studies on threat taxonomy in AI cybersecurity. ## 📄 许可证 This project is licensed under the **MIT License**. See the `LICENSE` file for more details. ```

标签：AI隐私保护, CIA三元组, DNS 解析, ENISA框架, GPT, Homebrew安装, MLSec, 人工智能安全, 人工智能安全, 合规性, 合规性, 威胁分析, 威胁建模, 威胁矩阵, 机器学习生命周期, 模型对抗攻击, 欧盟网络安全局, 深度学习安全, 漏洞管理, 网络安全, 自动化侦查工具, 配置审计, 配置错误, 防御矩阵, 隐私保护