# risk-assessment
標記為「risk-assessment」的 13 篇文章
AI 事件嚴重性評分
對 AI 資安事件進行嚴重性評分的框架與方法論,整合 NIST AI RMF、MITRE ATLAS 與傳統 CVSS 方法。
AI 特定嚴重性評分框架
為 AI 安全事件設計之嚴重性評分框架:模型完整性影響、資料暴露範圍、爆炸半徑分析、可逆性評估與複合評分方法論。
以防禦者視角思考
防禦思維的心智模型、風險評估框架、防禦取捨,以及為何理解防禦者視角能使你成為更好的紅隊。
AI 風險評估方法論
Structured methodologies for assessing AI system risks including quantitative, qualitative, and hybrid approaches.
AI 合規工具概觀
用以維持 AI 合規的工具、方法論與框架概觀,包括風險評估、稽核方法論,以及持續性合規監控。
AI Risk 評量 Methodology
Structured approaches to evaluating AI system risks including identification, scoring frameworks, treatment planning, and templates for conducting comprehensive AI risk assessments.
影響類別
成功 AI 攻擊之真實世界後果的概覽,從錯誤資訊與有害內容到金融詐欺與法規違規。
運用 STRIDE 對 AI 基礎設施進行威脅建模
針對機器學習管線量身打造的 AI/ML 系統威脅建模方法論,使用 STRIDE、資料流圖與攻擊樹。
AI 供應鏈安全概覽
AI/ML 供應鏈攻擊面的完整概覽,涵蓋模型投毒、資料投毒、相依性攻擊與與 OWASP LLM03:2025 對齊的風險評估框架。
Building AI-Specific Threat 模型s
Step-by-step walkthrough for creating threat models tailored to AI and LLM systems, covering asset identification, threat enumeration, attack tree construction, and risk prioritization.
Classifying AI 漏洞 Severity
Framework for consistently classifying the severity of AI and LLM vulnerabilities, with scoring criteria, impact assessment, and examples across common finding categories.
How to Scope an AI 紅隊 Engagement
Comprehensive walkthrough for scoping AI red team engagements from initial client contact through statement of work, covering target enumeration, risk-based prioritization, resource estimation, boundary definition, and legal considerations.
Threat 模型ing for LLM-Powered Applications
Step-by-step walkthrough for conducting threat modeling sessions specifically tailored to LLM-powered applications, covering data flow analysis, trust boundary identification, AI-specific threat enumeration, risk assessment, and mitigation planning.