Blog – Page 17 – CIO.works

The CISO’s Guide to Responding to Shadow AI

The article provides a guide for Chief Information Security Officers (CISOs) on responding to shadow AI, emphasizing four key steps: assessing the associated risks, understanding the motivations behind unapproved AI use, deciding whether to shut down or integrate shadow AI tools, and reviewing AI governance policies. It highlights that shadow AI usage often arises from the rapid adoption of AI tools without proper oversight, posing risks such as data breaches and operational disruptions, and stresses the importance of balanced governance to manage these risks while fostering responsible AI use within organizations.

https://www.csoonline.com/article/4143302/the-cisos-guide-to-responding-to-shadow-ai.html

AI Sovereignty Risk: a Five-Step Agenda for CIOs

By CIO / Blog / AI, risk management

The article discusses the growing importance of AI sovereignty, where nations control AI ecosystems within their borders, posing challenges for global CIOs. It outlines a five-step agenda for CIOs to manage AI sovereignty risks, including educating executives, consulting legal experts, balancing AI providers, securing data, and anticipating architectural shifts toward hybrid AI models. This approach helps organizations navigate complex regulatory environments and align AI strategies with jurisdictional compliance and enterprise goals.

https://www.idc.com/resource-center/blog/ai-sovereignty-risk-a-five-step-agenda-for-cios/

Transforming Diverse Experiences Into a Storied CIO Career

By CIO / Blog / career, CIO, leadership

Denise Russell Fleming, CIO and EVP of technology and global services at BD, shares insights from her diverse career spanning business, marketing, customer support, and IT that uniquely positioned her to lead large-scale transformations. Highlighting the importance of trust, collaboration, and a growth mindset, Fleming discusses her journey to the CIO role, experiences with complex initiatives, and advice for CIOs aspiring to board service, emphasizing that effective leadership in technology is deeply rooted in understanding both people and business.

https://www.cio.com/article/4148293/transforming-diverse-experiences-into-a-storied-cio-career.html

From Cyber Risk to Business Risk: How CISOs Should Engage the Board in 2026

By CIO / Blog / cybersecurity, leadership

IDC's 2026 insights highlight that cyber risk has evolved into a critical business concern at the board level, requiring CISOs to translate technical cyber threats into measurable business impacts and align security strategies with regulatory and operational priorities. Amid rising regulatory pressures like NIS2 and the EU AI Act, CISOs are advised to adopt financial risk metrics, implement robust risk management frameworks, and engage regularly with boards through clear, business-focused communication to enhance organizational resilience and informed decision-making.

https://www.idc.com/resource-center/blog/from-cyber-risk-to-business-risk-how-cisos-should-engage-the-board-in-2026/

Before You Scale: a Risk Management Framework for AI Systems

By CIO / Blog / AI, risk management

As AI systems transition from pilot phases to full-scale production, organizations often face hidden risks in governance, data management, operations, and change management that can hinder sustainable growth. EisnerAmper outlines a six-pillar risk management framework—covering governance, business strategy, cybersecurity and data privacy, technology and cloud infrastructure, people and change, and data practices—that helps organizations identify and address potential friction points early, ensuring responsible and scalable AI adoption aligned with established standards like NIST and ISO. Early assessment under this framework is critical for sustaining effective AI systems as usage expands.

https://www.eisneramper.com/insights/artificial-intelligence-insights/ai-risk-management-framework-for-scaling-0326/

14 Risk Oversight Principles You Haven’t Heard Before

By CIO / Blog / compliance, risk management, security controls

Protiviti’s Jim DeLoach presents 14 lesser-known principles of risk oversight aimed at enhancing enterprise risk management (ERM) effectiveness, emphasizing continuous improvement in risk reporting, integration of risk processes into business operations, and adapting to digital transformation. He stresses the importance of balancing risk and opportunity, fostering collaboration across organizational levels, making timely decisions with imperfect information, and cultivating a culture of open risk discussions, all to better prepare organizations for uncertainty and align risk management with strategic goals.

https://www.corporatecomplianceinsights.com/14-risk-oversight-principles-you-have-not-heard-before/

Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)

By CIO / Blog / compliance, risk management, security controls

Jim DeLoach outlines 14 fundamental risk oversight principles that remain crucial despite advances in digital tools, emphasizing that risk management must be aligned with strategy and adapt continuously to a rapidly changing environment. He highlights the importance of understanding calculated risks, vigilance against cognitive biases, preparation for contingencies, and maintaining strong culture and communication to effectively manage critical enterprise risks and ensure organizational resilience.

https://www.corporatecomplianceinsights.com/risk-oversight-rules-you-know/

The Dark Side of DDoS: Why DDoS Downtime Is Harder to Prevent

By CIO / Blog / ddos, security controls

Cloudflare's 2026 data reveals that DDoS attacks are increasingly sophisticated, AI-driven, and strategically timed to cause maximum disruption, often targeting critical services with low-volume Layer 7 attacks. Organizations face challenges maintaining resilience due to evolving network environments and configuration drift, highlighting the necessity for continuous, automated DDoS validation and proactive defense strategies to ensure service availability amid rapid changes and growing threats.

https://securityboulevard.com/2026/03/the-dark-side-of-ddos-why-ddos-downtime-is-harder-to-prevent/

Microsoft Backtracks on Copilot Chat Access in M365 Apps

By CIO / Blog / AI, Microsoft

Microsoft will remove free access to its AI assistant, Copilot Chat, from Office apps like Word, Excel, and PowerPoint for large Microsoft 365 enterprise customers (those with over 2,000 users) starting April 15, 2026, requiring a paid Microsoft 365 Copilot license instead. For smaller customers, Microsoft will impose usage restrictions and reduced performance on Copilot Chat, reflecting a shift to prioritize paid subscriptions despite limited adoption of the full-featured paid version.

https://www.computerworld.com/article/4150022/microsoft-backtracks-on-copilot-chat-access-in-m365-apps.html

The Inside Track on How Boards Evaluate Their CIOs

By CIO / Blog / CIO, leadership, strategy, technology

Corporate boards increasingly expect CIOs to translate complex technology initiatives into clear strategic opportunities by demonstrating strong business acumen, especially around investment, growth, and risk. Effective CIOs communicate technology’s impact on business outcomes concisely and align their presentations to board members’ perspectives, balancing operational improvements with innovation to support both running and transforming the business.

https://www.cio.com/article/4149185/the-inside-track-on-how-boards-evaluate-their-cios.html