{"id":3206,"date":"2025-05-16T10:30:00","date_gmt":"2025-05-16T10:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3206"},"modified":"2025-05-16T10:30:00","modified_gmt":"2025-05-16T10:30:00","slug":"how-to-establish-an-effective-ai-grc-framework","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3206","title":{"rendered":"How to establish an effective AI GRC framework"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Enterprise use of artificial intelligence comes with a wide range of risks in areas such as cybersecurity, data privacy, bias and discrimination, ethics, and regulatory compliance. As such, organizations that create a <a href=\"https:\/\/www.cio.com\/article\/230326\/what-is-grc-and-why-do-you-need-it.html\">governance, risk, and compliance (GRC)<\/a> framework specifically for AI are best positioned to get the most value out of the technology while minimizing its risks and ensuring responsible and ethical use.\u00a0\u00a0\u00a0<\/p>\n<p>Most companies have work to do in this area. A recent survey of 2,920 worldwide IT and business decision-makers <a href=\"https:\/\/investor.lenovo.com\/en\/global\/download.php?f=8YBG5Kejtt+X74Wo6USURl3F9kYG5CWeZpku2ZqhLDZNxp7oaZbTTtrXPc6jvw3Y96YTPyhU4wRkMl1w0tO3P+TdWcux74JTEsj8R2fQZ6v8qrdiu3Ijd56sQmiEKfB1BOu7ezNjBjG0Q61f2FToGlVUDsYwh\/E5KKly4BArpMY=\">conducted by Lenovo and research firm IDC<\/a> found that only 24% of organizations have fully enforced enterprise AI GRC policies.<\/p>\n<p>\u201cIf organizations don\u2019t already have a GRC plan in place for AI, they should prioritize it,\u201d says <a href=\"https:\/\/www.kalderos.com\/resource\/meet-kalderos-chief-information-security-officer\">Jim Hundemer<\/a>, CISO at enterprise software provider Kalderos.<\/p>\n<p>Generative AI \u201cis a ubiquitous resource available to employees across organizations today,\u201d Hundemer says. \u201cOrganizations need to provide employees with guidance and training to help protect the organization against risks such as data leakage, exposing confidential or sensitive information to public AI learning models, and hallucinations, [when] a model\u2019s prompt response is inaccurate or incorrect.\u201d<\/p>\n<p>Recent reports have shown that <a href=\"https:\/\/www.csoonline.com\/article\/3819170\/nearly-10-of-employee-gen-ai-prompts-include-sensitive-data.html\">one in 12 employee generative AI prompts<\/a> include sensitive company data and that organizations are <a href=\"https:\/\/www.csoonline.com\/article\/3964282\/cisos-no-closer-to-containing-shadow-ais-skyrocketing-data-risks.html\">no closer to containing shadow AI\u2019s data risks<\/a> despite providing employees with sanctioned AI options.<\/p>\n<p>Organizations need to incorporate AI into their GRC framework \u2014 and <a href=\"https:\/\/www.csoonline.com\/article\/556309\/critical-it-policies-you-should-have-in-place.html\">associated policies and standards<\/a> \u2014 and data is at the heart of it all, says Kristina Podnar, senior policy director at the Data and Trust Alliance, a consortium of business and IT executives at major companies aiming to promote the responsible use of data and AI.<\/p>\n<p>\u201cAs AI systems become more pervasive and powerful, it becomes imperative for organizations to identify and respond to those risks,\u201d Podnar says.<\/p>\n<p>Because AI introduces risks that traditional GRC frameworks may not fully address, such as algorithmic bias and lack of transparency and accountability for AI-driven decisions, an AI GRC framework helps organizations proactively identify, assess, and mitigate these risks, says <a href=\"https:\/\/www.cm.law\/people\/heather-haughian\/\">Heather Clauson Haughian<\/a>, co-founding partner at CM Law, who focuses on AI technology, data privacy, and cybersecurity.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Enterprise use of artificial intelligence comes with a wide range of risks in areas such as cybersecurity, data privacy, bias and discrimination, ethics, and regulatory compliance. As such, organizations that create a governance, risk, and compliance (GRC) framework specifically for AI are best positioned to get the most value out of the technology while minimizing [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":3207,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3206","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3206"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3206"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3206\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3207"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}