AI340: Efficient Security and Compliance with AI-based RAG Systems

Agenda:

• Introduction and Fundamentals
  • Term definitions and concepts

• RAG System Architecture
  • Architecture and components
  • Vector databases and embeddings
  • Introduction to LangChain
  • Prompt engineering and templates
  • Alternative frameworks (e.g. LlamaIndex)

• Implementation using ISMS example
  • User intents and interaction design
  • Integration of security policies and regulations (e.g. NIS2, CRA, DORA)
  • Chatbot integration in ISMS

• Hands-on exercise: Prototype development
  • Chatbot customization for specific ISMS processes
  • Advanced features: Threat modeling and risk analysis

• Complementary Technologies
  • KAG – Knowledge-Augmented Generation
  • Agent architectures (e.g. LangGraph, CrewAI)
  • Multimodal systems
  • Knowledge validation & trustworthiness
  • Domain-specific fine-tuning and embedding optimization

• Closing discussion: Challenges and solution approaches

Objectives:

The training AI340 Efficient Security and Compliance with AI-based RAG Systems teaches how to develop an intelligent chatbot that automatically reviews complex and specialized data sources, supports employees in real-time and can be seamlessly integrated into management systems. Participants learn to utilize modern AI technologies such as OpenAI, LlamaIndex and vector databases to efficiently map standards, laws and other extensive source materials in an interactive knowledge database. Application examples from the information security domain serve as illustrations of which tasks a RAG system can perform:

• Consulting for audits and preparation for certifications
• Assistance in creation, maintenance and compliance with security policies and risk analyses
• Interactive training and support of new employees in the ISMS domain

RAG-supported systems can be meaningfully deployed in numerous additional domains:

• Legal & Compliance
  • Internal compliance assistants with access to legal guidelines, procedural specifications and internal policies
  • Rapid response to frequently recurring legal issues
  • Support for contract review and risk assessment of legal documents

• Healthcare
  • Legally compliant decision support for medical personnel in clinical daily operations
  • Direct access to medical guidelines, hygiene requirements or coding standards
  • Support of data protection officers in implementing regulatory requirements (e.g. GDPR, KHZG)

• Industry 4.0 & Quality Management
  • Assistance systems for production and quality assurance teams in real-time
  • Access to technical documentation, audit checklists or procedural instructions
  • Documentation and validation of standard compliance according to ISO 9001, ISO 13485 or comparable standards

• Corporate Internal Policies & Operating Agreements
  • Uniform interpretation and enforcement of internal regulations and operating agreements
  • Automated response to frequently asked questions on topics such as home office, IT usage, travel policies
  • Support of HR department in regulation-compliant communication and employee consulting

Target audience:

The course is targeted at those who will implement AI-based assistance systems to support complex rule sets.

• IT Security Officers
• IT Security Experts
• (AI) Developers
• Software Architects
• Subject Matter Experts (with technical background)

Prerequisites:

To be able to follow the content and learning pace of the course AI340 Efficient Security and Compliance with AI-based RAG Systems effectively, we recommend the following prerequisites:

• AI020 AI & Data Science Practitioner (alternatively basic knowledge in Python and a fundamental understanding of LLMs)
• Basic knowledge in IT security

Description:

The course AI340 Efficient Security and Compliance with AI-based RAG Systems is structured into two core areas:

Building a generic AI-based RAG system: In the first part of the training you will receive a comprehensive introduction to the architecture of modern RAG systems (Retrieval-Augmented Generation) and learn hands-on how key components such as Large Language Models, LangChain and vector databases can be combined into a high-performance question-answering system. You will build such a system locally independently and learn to flexibly adapt it to different data sources. In doing so, you will deepen your understanding of how RAG systems specifically retrieve information from vector databases and link it with large language models to consistent and contextually relevant responses.

Domain-specific application scenarios of RAG systems: In the second part of the workshop, concrete application fields are the focus, in which Retrieval-Augmented Generation (RAG) can significantly contribute to efficiency improvement, risk minimization and compliant decision-making. Using the example of information security and ISMS, we demonstrate how AI-based systems support the comprehensible preparation and demand-oriented provision of complex regulatory frameworks such as ISO 27001, DORA, NIS2 or CRA.

Upon completion of the course, you will be able to develop and deploy a customized chatbot that ensures compliance with legal requirements and makes your processes more efficient.