The Office of Information Technology is tackling AI head-on and exploring all the ways AI can enrich the lives of students, employees, and faculty at Fordham University. As part of our commitment to emerging tech, IT staff are encouraged to pursue AI projects and explore new avenues.
Josephine Law, Senior IT Risk Management, is at the forefront of an AI-driven shift in IT risk management. Having a master’s degree in computer science and years of experience in IT, Josephine has applied her expertise in IT’s new AI Think Tank, which brings together leaders across IT to explore new technology frontiers.
As part of the AI Think Tank, Josephine develops tools to enhance IT security and manage vendor risk. Through projects that combine her expertise in IT security and machine learning, she is developing tools that simplify access to critical security information and improve vendor management. Two AI-driven applications she developed using AWS Business Q highlight her approach to addressing the complex compliance and security needs in today’s digital landscape. Check out her projects below!
Project One: The IT Security Policy Bot
One of Josephine’s projects is the IT Security Policy Bot. This AI-powered virtual assistant is potentially designed to be a one-stop resource. Instead of combing through dense documents or waiting for responses to email queries, users can interact with the bot in real time, asking specific questions and receiving instant guidance. The bot is packed with information on crucial IT security policies, procedures, and best practices, covering areas like:
- Data Classification Guidelines: Assisting users with understanding data types and proper handling practices, reducing risks of misclassification and misuse.
- Password Management: Offering recommendations on secure password creation, storage, and rotation, helping to uphold the organization’s password policies.
- Network Security: Providing protocols and advice to maintain secure access points, detect vulnerabilities, and prevent unauthorized access.
- Incident Response: Supplying guidance on steps to take during security incidents, from reporting to containment, ensuring users have instant support when needed most.
The bot’s conversational interface makes it intuitive, and the real-time responses empower users to make security-minded decisions. The bot helps foster a culture of security awareness across the organization by streamlining access to IT security information. It reduces dependency on Information Security and Assurance staff for routine inquiries and promotes a more self-sufficient approach to policy compliance.
Project Two: AI-Powered Vendor Contract Analysis for Due Diligence
While the IT Security Policy Bot addresses internal policy access, Josephine’s second project takes on the complexities of vendor contract analysis. Vendor relationships are a critical piece of the puzzle when it comes to ensuring the organization’s security, and this tool provides an AI-driven solution to streamline and improve the due diligence process. Here’s how the tool supports vendor management:
- Automated Analysis of Contract Terms: Accelerates contract review, identifies compliance issues, and reduces manual review time. The application scans and analyzes contracts for data protection, compliance, and security obligations clauses. Identifying potential issues or gaps in terms enables proactive risk management before agreements are finalized.
- Amendment Suggestions: Beyond analysis, the tool suggests specific amendments to bolster the contract’s terms. For example, if a data handling clause isn’t compliant with current standards, the tool will recommend language updates better to align the vendor’s obligations with institutional requirements.
- Risk and Compliance Assessment: Each contract is evaluated against risk factors, such as regulatory compliance (GDPR, FERPA) and security alignment. The tool flags potential non-compliance areas, helping the team make informed decisions about vendor relationships.
- Streamlined Documentation and Reporting: The application consolidates contract information, providing the team with a comprehensive overview of each vendor’s compliance status and risk level.
This application doesn’t just streamline the review process—it supports the organization in building more robust, more compliant vendor relationships. With these insights, the team can mitigate risks early, negotiate better terms, and protect sensitive information effectively.