Cybersecurity and Generative AI, with guest

We will examine a use case for Generative AI in the cybersecurity space. The interactive workshop will be led by UW Foster Alumni Sam Bradley, and his partners.

Why is this important?

Understanding the impact of AI on cybersecurity is crucial for modern auditors. Cybersecurity compliance has become a cornerstone of organizational integrity, especially for companies engaging with government or large corporate contracts that mandate strict cybersecurity standards. Meeting compliance requirements isn’t just about protecting internal assets; it’s essential for maintaining business continuity, safeguarding reputation, and qualifying for key contracts. The National Institute of Standards and Technology (NIST) frameworks provide a standardized approach to cybersecurity, offering guidelines that help organizations assess and improve their security posture. These frameworks, including NIST’s Cybersecurity Framework (CSF) and Special Publications (such as NIST 800-53 and 800-171), establish best practices for identifying, protecting, detecting, responding to, and recovering from cyber incidents. In this class, students will explore the critical role of NIST frameworks in compliance testing, focusing on how aligning with these standards mitigates security risks and fulfills contractual obligations. Understanding and implementing NIST-aligned controls is increasingly essential, as many contracts now require strict adherence to these frameworks as part of vendor and partner selection. This knowledge empowers students to evaluate compliance status, address gaps, and contribute to a more resilient cybersecurity posture—skills that are crucial as organizations face complex and evolving cyber threats in highly regulated industries.

Materials:

Case: Overview of Classroom Activity.
Case: AeroSync Data.
Case: LuminoGen Data.
Case: MediVault Data.
Case: TerraBloom Solutions Data.
Case: Download the team assignments to each company and links to Google Sheet here.
Slides: will be available for download by the beginning of class in either powerpoint or pdf formats.
Data: A data update may be required for this class. To ensure your files are the most up-to-date, navigate to ACCTG521_Labs folder and run the command git pull.
Analytics Tools: GPT Assisted CyberSecurity Software

Review and Extension:

We transition from risk analytics to cutting-edge topics like AI, which are reshaping the audit field. In this class, we will consider how Generative AI could impact compliance and control testing, especially when considering much of the testing relies even more heavily upon text-based compliance testing, rather than numerical data control testing which we have covered in previous classes.

Preparation:

1. This class is self contained with our guests who have founded a Gen-AI based startup in the area of cybersecurity, there is no required preparation.
2. You are welcome to read the Overview of the Classroom Activity in advance, however, there is plenty of time for you to read this short document in class at the beginning of the activity.
3. Please remember to display your name tents when we have visitors.

Class Plan:

Teams: during this class, please sit in your assessment teams.

1. Our guests will give a brief overview of the GPT-assisted space they are working in and some background material.
2. In assessment teams, students will be assigned to one of four cases based on the fictitious companies, AeroSync, LuminoGen, MediVault, or TerraBloom (3 assessment teams per company).
3. The remainder of the class will be similar to the blockchain exercise, in this case a manual testing for cybersecurity control gaps, and an automated approach using Custom GPTs.
4. There is no need to use the remote labs in today's class
5. At the end of class, there will be time for short presentations of the findings and takeaways for each company.