terminology

robvanderveer · web-flow · commit 08733c5d9306 · 2026-02-16T11:59:57.000+01:00
diff --git a/content/ai_exchange/content/docs/1_general_controls.md b/content/ai_exchange/content/docs/1_general_controls.md
@@ -141,7 +141,7 @@ Monitoring and incident response are standard elements of security programs and
 **References**  
 Useful standards include:
 
-  - The entire ISO 27000-27005 range is applicable to AI systems in the general sense as they are IT systems. Gap: covers this control fully regarding the processes, with the high-level particularity that there are three AI-specific attack surfaces that need to be taken into account in information security management: 1)AI development-time attacks, 2)attacks through model use and 3)AI Application security attacks. See the controls under the corresponding sections to see more particularities.
+  - The entire ISO 27000-27005 range is applicable to AI systems in the general sense as they are IT systems. Gap: covers this control fully regarding the processes, with the high-level particularity that there are three AI-specific attack surfaces that need to be taken into account in information security management: 1)AI development-time attacks including supply chain, 2)Input attacks, and 3)Runtime conventional security attacks. See the controls under the corresponding sections to see more particularities.
     These standards cover:
 
     - ISO/IEC 27000 – Information security management systems – Overview and vocabulary
