Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

CISO viewpoint part 1: AI’s impact on people, policies & processes

The use of AI in 2024 is swiftly moving in enterprises, transforming and impacting employees and how business gets done across industries. Enterprise CTOs and CISOs understand the need to integrate AI technologies to streamline operations, speed up decision-making, and increase productivity. At the same time, they realize that AI has an impact on people, policies, and processes within their organizations. They want to create the right ethical standards, protect intellectual property, and ensure employees’ (and the company’s) well-being. Finding the right balance is at the top of the list of challenges for C-suite leaders this year.

Managing generative AI in the workplace

Eight months ago, Pat Brans wrote an article on CIO.com titled ‘CIOs still grapple with what gen AI can do for the enterprise.’ Pat found that some company leaders were uncertain about how to move ahead with generative AI practices. Should enterprises work with third-party vendors or build in-house models? And if they build, is the in-house AI expertise sufficient to run the models? Much has changed in the months since then.

Since ChatGPT, Copilot, Gemini, and other LLMs launched, CISOs have had to introduce (or update) measures regarding employee AI usage and data security and privacy, while enhancing policies and processes for their organizations. In many cases, these changes have usually gone above and beyond what already existed for the organization.

To better understand what’s happening with AI usage in enterprises and its impact on people, policies, and processes, I conducted an informal poll in June with several CISOs and CTO peers. What I learned will hopefully shed some light and help support or validate your organizational efforts regarding AI. [NOTE: In next month’s column, I’ll highlight how AI is changing the ways that enterprise technologies are being selected and used.]

People, policies & processes

When I asked a CISO if his organization had made any people, policy, and process changes as a result of AI use in his company, he replied, “Yes, we made several changes at the governance level to set expectations, rules of the road, monitoring, and reporting. We felt it was important to set and enforce standard patterns, models, and usage.”

That insight was comparable to other responses I received. Setting up guidelines and governing principles seems to be a common step for managing AI use in large enterprises.

A CISO for a national healthcare enterprise said their organization had drafted policies and procedures for LLM and its data use. Currently, the team is working to quickly review security and privacy issues, particularly as regulations evolve. The changes “are being implemented and communicated in real-time knowing that we will need to be nimble to move, or change month to month, as the regulations are pushed out and other compliance and security requirements become best practice.”

The CISO of a large online consumer brand informed me of similar moves. This CISO’s team has created a new policy around the use of AI and tied it to the company’s acceptable use policy. The CISO remarked, “We really want people to think about how they’re planning to use AI. In some cases, we will perform a risk assessment and a privacy impact assessment (PIA) if sensitive information is being used.”

Another CISO shared that their organization had made changes to enforce AI measures within their CSP control fabric, including logging, monitoring, and reporting to the key leadership overseeing and governing the deployment and usage. This was critical for the organization to protect data (IP, confidential information, client data, etc.) and understand usage and demand for the business functions and segments.

All of the executives that I spoke to note the importance of communicating these shifts throughout the organization. A CISO in the healthcare industry shared that their team has made recent policy changes. These changes were delegated by a central committee responsible for AI use evaluation and approval. The CISO added that internal communications moved through standard clinical communications channels to be transparent regarding the changes and to de-escalate concerns regarding new AI applications.

Advisory committees

Another important area several CISOs called out regarding AI use with enterprises is the need to create clear guidelines, well-thought-out rules, and ethical principles for AI development and use. As a result, AI advisory boards are popping up everywhere. One recent example is that AI company C3 has hired former U.S. Speaker of the House Kevin McCarthy to its advisory board to help guide its efforts through the labyrinthian levels of the U.S. government and those of allied countries.

Government bodies are also moving in similar directions to clarify ethical AI use. The U.S. government has its own National AI Advisory Committee.  Other organizations have been launched to provide AI guidance, including Northeastern University’s Institute for Experiential AI, and the Center for Artificial Intelligence, a think tank launched by the Future of Privacy Forum.

A CISO and Chief Data Officer of a financial services firm shared that they had created an AI steering team of senior executives (legal, tech, others) to approve AI use, especially if it poses ‘unacceptable risk and unlimited exposure of intellectual property’ for any of the firm’s work. Having such a central governing committee can also help respond to any cybersecurity incidents among its employees and vendors.

The CISO AI mindset: words of advice

Most of the CISOs and CTOs noted how they are dedicating time and resources to stay on top of AI’s growth within their organization. Advice ranged from a simple directive like “sweat the details” to more cautious bullets around AI integration with employees. To wit:

“For your company and industry, find ways to allow LLMs to help you. Get educated on the business impact of hallucinations, bias, and all the unintended yet expected defects that could represent a risk to reputation, brand, privacy, regulations, and operations. Start paying careful attention to these areas listed and continue to search for the business value vs. the risk appetite.” Another more cautious bit of advice was, “Emerging technologies that create business value may also introduce threats and weaknesses. Be aware that these threats will likely require new investments in controls and resiliency.”

A CISO who shared their forward-thinking and optimistic viewpoint advocates that enterprises “Embrace the innovation and use of AI, and create a safe place for people to experiment, like a sandbox within your trusted enterprise or cloud service. I’ve heard of too many CISOs that are blocking AI use in the enterprise. This will only create a stigma that forces people who are curious or want to use AI to make their lives better or more efficient to go outside the enterprise. You’ll be much happier with the use cases and innovation you can learn from your users.  Lay out some guardrails for people so they innovate, and you can be the hero!”

I couldn’t have said it any better myself!

In part 2, I’ll focus on how enterprises are handling existing technologies that are being impacted by AI, the new use of AI technologies, and how those elements of change are impacting the enterprise. Until next time…


Read More from This Article: CISO viewpoint part 1: AI’s impact on people, policies & processes
Source: News

Category: NewsJuly 26, 2024
Tags: art

Post navigation

PreviousPrevious post:ServiceNow: Latest news and insightsNextNext post:Counting the cost of CrowdStrike: the bug that bit billions

Related posts

SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Consejos para abordar la deuda técnica
May 8, 2025
Training data: The key to successful AI models
May 8, 2025
Bankinter acelera la integración de la IA en sus operaciones
May 8, 2025
The gen AI at Siemens Mobility making IT more accessible
May 8, 2025
Recent Posts
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
  • IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
  • Consejos para abordar la deuda técnica
  • Training data: The key to successful AI models
  • Bankinter acelera la integración de la IA en sus operaciones
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.