Dr. Mohamed Abdur Rahman

Chairman of Cybersecurity and Forensic Computing Department

University of Prince Mugrin

Dr. Mohammed Abdur Rahman is a full professor and currently the Head of the Department of Cyber Security and Forensic Computing, College of Computer and Cyber Sciences, University of Prince Muqrin, Madinah, KSA.

Speaker sessions

Next-Gen Cyber GRC Agents: Automating ISO 27001, NCA ECC, and AI Ethics Compliance using LLMs and Embedded RAG

Enterprise compliance with cybersecurity and AI governance standards has traditionally relied on static frameworks, manual audits, and document-heavy reporting. This approach is no longer scalable in the age of rapidly evolving threats and regulatory complexity. This session presents a transformative solution: Next-Gen Cyber GRC Agents — autonomous LLM-based systems powered by embedded RAG (Retrieval-Augmented Generation) that can interpret regulations, audit controls, and generate evidence-backed reports in real time.Drawing from live implementations aligned with ISO 27001:2022 (ISMS), NCA ECC, and SDAIA AI Ethics, we demonstrate how LLMs can automate internal audits, cross-reference policies against regulatory clauses, and dynamically track compliance gaps using organizational data stored in secure vector databases.Key features include:-Agentic role separation (e.g., Clause Interpreter, Policy Auditor, Evidence Assembler).-Document ingestion pipelines using enterprise knowledge bases.-Interactive dashboards for human-in-the-loop GRC governance.Support for multi-standard audits and continuous compliance tracking.The session will showcase how embedded RAG enhances traceability and reduces hallucination, and how generative AI can be both regulation-aware and operationally embedded. It also outlines architectural considerations to ensure explainability, reproducibility, and alignment with national compliance expectations.This talk is ideal for CISOs, compliance leads, auditors, and AI governance professionals looking to future-proof GRC operations.

14:20
Thu
04 Dec

Stage: Briefings 1

Sessions Type: Presentation

From Retrieval to Risk: Red Teaming and Securing the RAG-Enabled LLM Stack

Retrieval-Augmented Generation (RAG) is becoming the enterprise standard for deploying intelligent LLM-powered assistants, copilots, and bots — especially for sensitive tasks in finance, legal, healthcare, and national security. But as the adoption of RAG architectures explodes, so does the attack surface. This session explores how adversaries are already red-teaming the RAG stack, and what organizations must do to secure it.We introduce a structured attack taxonomy for RAG systems—covering prompt injection through vector stores, inference-time data poisoning, latent information leakage, and hallucination amplification via low-quality retrieval. Drawing from our security evaluations of real-world RAG deployments, we present offensive demonstrations of how manipulated document embeddings and malicious retrievers can compromise even fine-tuned LLMs.The session also walks through blue-team countermeasures: memory firewalls, query sanitizers, retriever-to-generator alignment scoring, and role-separated inference pipelines. Special focus is given to governance and audit mechanisms to meet AI compliance standards (e.g., ISO 42001, NIST AI RMF, and SDAIA Ethics).By the end of the talk, attendees will be equipped with a blueprint for red-teaming, defending, and continuously monitoring RAG-enabled LLM systems—transforming today’s AI copilots from black-box risk centers into secure enterprise knowledge systems.