AI Risk Management: Strategies for CISOs in the Age of Innovation

CISOs need to be very aware of all the issues and risks related to their business and the entire corporate and personal ecosystems. With this awareness, they need to provide ongoing guidance and leadership in addressing these new opportunities and their risks. Many CISOs are including AI-based issues in their weekly staff meetings and giving initial guidance as well as updates to Executive Staff. For example, Chat GPT and other AI-based tools are lowering the bar for hackers to create very targeted phishing emails based on previous hack info combined with social media information that are fooling many end users. Staff members in Security, IT, Network and Development as well as Marketing and Sales are all using ChatGPT and that has to be shared and discussed during CISO-led meetings!

CISOs need to review and embrace the significant amount of good guidance that has recently been released. NIST just released the “AI Risk Management Framework” The AI Risk Management Framework (AI RMF) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.

We’ll discuss all the appropriate steps that CISOs can use: Framing the Risk, your Audience, AI Risks and Trustworthiness, Effectiveness of the Benefits, the Risk Management Core that describes “Govern, Map, Measure, and Manage” and describes the Risk Management Profiles.

Key Take Aways:

1. Awareness of current AI tools and the benefits and risks that are happening now
2. Some new ideas on how to leverage AI tools safely
3. How to ensure your team and company do not have incidents based on AI tool attacks and misuse.