Guidance on GenAI intelligence risk: ISACA


Thursday, 21 September, 2023
Guidance on GenAI intelligence risk: ISACA

A new white paper from ­­­ISACA examines the benefits and risks associated with generative AI use, including recommended protocols and practices for AI security.

The Promise and Peril of the AI Revolution: Managing Risk explores the rapidly evolving risk landscape and the steps that risk professionals should take to keep up.

While excitement around generative artificial intelligence applications like OpenAI’s ChatGPT and Google’s Bard has grown, so have the notes of caution from many in the industry, who point to a range of potential problems.

The paper examines several different types of potential risk that enterprises could face with generative AI, including invalid ownership, weak internal permission structures, data integrity and cybersecurity and resiliency impact, not to mention larger societal risk.

As AI will likely affect businesses in every industry, organisations must take four important steps to maximise AI value while installing appropriate and effective guardrails, as part of a continuous risk management approach:

  • Identify AI benefits.
  • Identify AI risk.
  • Adopt a continuous risk management approach.
  • Implement appropriate AI security protocols.
     

Following these steps will allow leaders to strike a good balance of risk versus reward as AI-enabled tools and processes are leveraged in their enterprises. In addition to breaking down the above four steps, the ISACA paper includes eight protocols and practices for building AI security programs in the fourth step, including:

  • Trust but verify.
  • Design acceptable use policies.
  • Designate an AI lead.
  • Perform a cost analysis.
     

“While some leaders may prefer to wait to adopt AI tools, it can be a risk to your organisation to delay the implementation of proper security and risk management plans; AI risk isn’t just a precaution — it’s a necessity,” said Jason Lau, Chief Information Security Officer of Crypto.com and ISACA Board Director.

“It is imperative that leaders prioritise establishing the correct infrastructure and governance processes for AI in their organisations, ensuring they align with core ethics, sooner rather than later.”

The paper is available for download here.

Image credit: iStock.com/Yuuji

Related News

More than 2m Australians now coding on GitHub

The number of Australians coding software on GitHub has grown at the fastest annual growth rate...

ACS to lead consortium upskilling cyber workers

The Australian Computer Society is leading a consortium of industry groups to develop career,...

Kyndryl launches agentic AI services for enterprises

Kyndryl’s agentic AI services aim to help enterprise customers transform their workforces...

Content from other channels on our network

SA's Davenport BESS changes hands

Partnership to streamline smart lighting infrastructure

Electrification is key to net zero, but faces roadblocks: report

Tackling energy insecurity in remote communities

Is grid connection holding up the energy transition?

UOMO legislation introduced to Parliament

A guide to aquatic survival this summer

Australian telcos increasing their coverage footprint: report

2025–26 Thought Leaders: Tim Karamitos

ACMA releases latest five-year spectrum outlook

Soft robot uses magnetic fields to power itself autonomously

Fingertip bandage brings texture to touchscreens

Tweaked synthetic polymers boost conductivity

Single-photon switch advances photonic computing

The engineer's guide to specifying plastic enclosures for IIoT sensors

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd