{"id":3569,"date":"2024-05-15T09:00:00","date_gmt":"2024-05-15T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/3-tips-for-becoming-champion-of-your-organization-ai-committee"},"modified":"2024-05-15T09:00:00","modified_gmt":"2024-05-15T14:00:00","slug":"3-tips-for-becoming-the-champion-of-your-organizations-ai-committee","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/15\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee\/","title":{"rendered":"3 Tips for Becoming the Champion of Your Organization&#8217;s AI Committee"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt0ca078a65602fd53\/6644ba2f3fe48cf23a02d033\/AI%281800%29_marcos_alvarado_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">COMMENTARY<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">We are now deep in the age of&nbsp;artificial intelligence (AI). Much more than a passing trend, this transformative technology is set to fundamentally alter the way we do business. As organizations get a handle on how AI can benefit their specific offerings, and while they try to ascertain&nbsp;<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/responsibly-implementing-ai-unstoppable-force\" rel=\"noopener\">the risks&nbsp;inherent&nbsp;in AI adoption<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, many forward-thinking companies have already set up dedicated AI stakeholders within their organization to ensure they are well-prepared for this revolution. Chief information security officers (CISOs) are the heart of this committee, and those ultimately responsible for implementing its recommendations. Therefore, understanding its priorities, tasks, and potential challenges is pivotal for CISOs who want to be business enablers instead of obstructors.&nbsp;<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Introducing: The AI Committee\">Introducing: The AI Committee<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">An AI committee, sometimes referred to as the AI governance&nbsp;committee, is a&nbsp;group within an enterprise, responsible for overseeing the safety, legal, and security implications of that organization&#8217;s AI use. Its main purpose is to ensure that AI technologies are developed, deployed, and used to boost business benefits like streamlined productivity, while making sure the organization considers the risks inherent in this use and takes active measures to safeguard the company&#8217;s assets, customers, brand, and reputation accordingly.&nbsp;<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Who Sits on an AI Committee?&nbsp;\">Who Sits on an AI Committee?&nbsp;<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The AI committee ideally represents a diverse group of internal and external organizational stakeholders, including:&nbsp;<\/span><\/p>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"12\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Executive leadership:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;Representatives from senior management or executive leadership, such as the CEO, CIO, or CTO, who provide strategic direction and support for AI initiatives.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"10\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">General counsel:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;Legal counsel or compliance officers who advise on regulatory requirements, legal risks, and contractual obligations related to AI technologies.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.6324786324786\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"9.1196581196581\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Security leadership:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;Specialists in data privacy, cybersecurity, and information security who ensure that <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyber-risk\/building-ai-that-respects-our-privacy\" rel=\"noopener\">AI systems adhere to privacy regulations<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> and security best practices. (This blog post will mostly focus on the CISO persona.)&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"10\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Data&nbsp;scientists and AI engineers:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;Professionals with expertise in data science, machine learning, and AI technologies who are responsible for developing and implementing AI systems.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"10\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"15\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">External parties:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&nbsp;External consultants, academics, or industry experts who provide independent perspectives and expertise on AI governance best practices. Other external parties can include stakeholder representatives, such as customers, partners, and advocacy groups who can provide input from the &#8220;outside&#8221; perspective.&nbsp;<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"How the CISO Can Become the AI Committee Champion\">How the CISO Can Become the AI Committee Champion<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Here are three fundamentals CISOs can use as a guide to being the pivotal asset in the AI committee and ensuring its success.&nbsp;<\/span><\/p>\n<h3 class=\"ContentText ContentText_variant_h3 ContentText_align_left\" data-testid=\"content-text\" id=\"1. Begin with a comprehensive assessment.&nbsp;\">1. Begin with a comprehensive assessment.&nbsp;<\/h3>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The age-old saying in security applies to AI as well \u2014 you can&#8217;t protect what you don&#8217;t know. Before you get started in building a strategy for how to secure AI use across your organization, first understand who, what, and how AI has already been adopted. An AI gap analysis will allow you to first identify all shadow AI apps and models used across the organization (without your prior knowledge or approval), including public GenAI apps, third-party large language models (LLMs) and software-as-a-service (SaaS), and internally developed models. This inventory will also give you insight into usage patterns to understand what sort of <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyber-risk\/do-you-know-where-your-ai-models-are-tonight\" rel=\"noopener\">AI use<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> is organically popular for the employees, so you focus your future security efforts where they are needed most. By the way, note that these kinds of insights are invaluable for business stakeholders as well, so use them wisely. As the CISO, remember that you hold the most valuable information on the committee \u2014 GenAI usage data from across the organization, aka ROI. Armed with data, take the lead in setting up smart, secure, and realistic GenAI policies across the org.&nbsp;<\/span><\/p>\n<h3 class=\"ContentText ContentText_variant_h3 ContentText_align_left\" data-testid=\"content-text\" id=\"2. Implement a phased adoption approach.\">2. Implement a phased adoption approach.<\/h3>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">CISOs always struggle with balancing productivity and security. So, how can CISOs who want to enable positive business benefits keep their foot on the gas and the brake at the same time? Implementing a phased adoption approach allows for security to escort adoption and assess real-time security implications of adoption. With gradual adoption, CISOs can&nbsp;embrace&nbsp;parallel security controls and measure their success. For example, start with an Enterprise chat option without connecting your organization\u2019s data, or trial LLMs that don&#8217;t learn on your data. Assuming a successful phased rollout, CISOs can keep one foot on the gas and their hands on the steering wheel, rather than reaching for the hand brake.&nbsp;<\/span><\/p>\n<h3 class=\"ContentText ContentText_variant_h3 ContentText_align_left\" data-testid=\"content-text\" id=\"3. Be the YES!&nbsp;guy \u2014 but with guardrails.&nbsp;\">3. Be the YES!&nbsp;guy \u2014 but with guardrails.&nbsp;<\/h3>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Guardrails are a common security practice that enables security to engage&nbsp;controls for secure development, without slowing things down. How can CISOs adapt these same principles to the new GenAI frontier? The most common use case we see today is through contextual or prompt guardrails. LLMs have the capacity to generate text that may be harmful or&nbsp;illegal, or that violates internal company policies (or all three). To protect against such harmful threats, CISOs should set up content-based guardrails to define and then alert on prompts that are risky or malicious, or that violate compliance standards. Cutting-edge, AI-focused security solutions may also allow customers to set up and define their own unique parameters of safe prompts, and alert to and prevent prompts that fall outside of these guardrails.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Remember that while the legal department is usually responsible for crafting the organization&#8217;s safety and security policies, at the end of the day, the responsibility of enforcement falls on the CISO&#8217;s shoulders. Make sure legal is creating policy that can actually be monitored, or expect failure. Apply this principle across the board \u2014 do not approve policies that you don&#8217;t have a realistic way to enforce and measure.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The days of putting up fences to keep attackers out are long gone. CISOs and security practitioners&nbsp;are&nbsp;now considered part of the organizational executive leadership, and have both the responsibility and the opportunity to drive business success \u2014 not just security. Leveraging the AI committee to lead, not follow, is just another way CISOs can effectively change security reality for the better, ensuring their positive impact on the business. Armed with data, CISOs have a unique opportunity to lead employees, including IT, developers, and executives, on the best strategy to gain the benefits of GenAI, securely.&nbsp;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/3-tips-for-becoming-champion-of-your-organization-ai-committee\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>COMMENTARY We are now deep in the age of&nbsp;artificial intelligence<\/p>\n","protected":false},"author":12,"featured_media":3570,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=1814%2C1047&ssl=1",1814,1047,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=300%2C173&ssl=1",300,173,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=640%2C369&ssl=1",640,369,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=640%2C369&ssl=1",640,369,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=1536%2C887&ssl=1",1536,887,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=1814%2C1047&ssl=1",1814,1047,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=1024%2C591&ssl=1",1024,591,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/3-tips-for-becoming-the-champion-of-your-organizations-ai-committee.jpg?fit=1814%2C1047&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3569"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3569\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3570"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}