《AI 组织责任：治理、风险管理、合规与文化方面》

© 2025 云安全联盟大中华区版权所有1© 2025 云安全联盟大中华区版权所有2AI 组织责任工作组的永久官方地址是https://cloudsecurityalliance.org/research/working-groups/ai-organizational-sponsibility©2025 云安全联盟大中华区 —— 保留所有权利。你可以在你的电脑上下载、储存、展示、查看及打印，或者访问云安全联盟大中华区官网(https://www.c-csa.cn)。须遵守以下:(a)本文只可作个人、信息获取、非商业用途;(b)本文内容不得篡改;(c)本文不得转发;(d)该商标、版权或其他声明不得删除。在遵循中华人民共和国著作权法相关条款情况下合理使用本文内容，使用时请注明引用于云安全联盟大中华区。© 2025 云安全联盟大中华区版权所有3© 2025 云安全联盟大中华区版权所有4目 录引言.....................................................................................................................................6所有责任的六个跨领域关注点.................................................................................6假设.....................................................................................................................................7目标受众.............................................................................................................................7责任角色定义.....................................................................................................................8管理和策略.................................................................................................................8治理、风险与合规.....................................................................................................9技术与安全.................................................................................................................9运营与开发...............................................................................................................10规范性引用.......................................................................................................................11术语表...............................................................................................................................121. 风险管理.......................................................................................................................121.1 威胁建模.............................................................................................................121.2 风险评估.............................................................................................................141.3 攻击模拟.............................................................................................................191.4 事件响应计划.....................................................................................................231.5 运营弹性.............................................................................................................271.6 审计日志与活动监控.........................................................................................341.7 风险缓解.............................................................................................................381.8 数据漂移监控.....................................................................................................412. 治理与合规...................................................................................................................452.1 AI 安全政策、流程和程序.............................................................