Blog – Page 9 – CIO.works

Stop Blaming Your People: the Case for Human-Centred Cyber Security

By CIO / Blog / awareness, training, cybersecurity

The article argues against blaming employees as the weakest link in cyber security and advocates for a human-centred approach that focuses on educating people as a key defense. Cyber security expert Caitriona Forde emphasizes shifting training from corporate obligation to teaching essential life skills that protect individuals and their families, thereby fostering a culture of empowerment rather than shame. With evolving AI threats, businesses must adopt practical measures like explaining risks, encouraging cautious behavior, sharing experiences openly, verifying requests, and governing AI use to build resilience and reduce incidents.

https://www.businessnews.com.au/article/Stop-blaming-your-people-the-case-for-human-centred-cyber-security

The Shadow AI Jungle: Why Approving a Platform Is Not the Same as Securing What’s Built on It

By CIO / Blog / security controls, AI

The article highlights a critical security concern in enterprise AI adoption dubbed “Shadow AI,” where non-technical employees build AI tools and automations on approved platforms without security oversight, creating significant blind spots for security teams who can track less than half of these AI agents. Despite platform approvals, enterprises remain responsible for securing what is built on them, yet many AI tools operate invisibly, often accessing sensitive data without triggering alerts, underscoring the urgent need for runtime governance and visibility into these business-built AI applications to manage risks effectively.

https://www.unite.ai/the-shadow-ai-governance-challenge/

The Death of Identity as We Know It

By CIO / Blog / authentication, AI

In “The death of identity as we know it,” Steve Tout discusses the evolving challenges of AI governance, emphasizing that identity must shift from traditional authentication toward authorship and lineage of AI entities like agents, swarms, and digital twins. He highlights the necessity of new governance models that track who creates, trains, authorizes, and controls AI-powered digital representations to ensure accountability, protect institutional knowledge, and prevent misuse as AI becomes integral to enterprise decision-making.

https://www.cio.com/article/4170235/the-death-of-identity-as-we-know-it.html

Culture Is Critical for AI Project Success

By CIO / Blog / AI, strategy

A Microsoft report finds that organizational readiness, including a supportive culture, clear policies, and managerial backing, is the leading factor for successful AI pilot projects, yet only about 20% of employees currently operate with both high individual AI skills and effective organizational infrastructure. Experts emphasize that companies must redesign workflows, foster AI experimentation, and build robust infrastructure and governance to enable widespread AI adoption and sustainable results.

https://www.ciodive.com/news/culture-critical-for-ai-success/819902/

The 360° CIO Is Here. Most Operating Models Have Not Caught Up

By CIO / Blog / leadership, CIO

The role of the CIO has evolved into a “360° CIO,” where chiefs are accountable for broad enterprise outcomes across AI, cybersecurity, digital platforms, and more, yet often possess only partial authority over these areas. This mismatch between expanded expectations and outdated operating models—characterized by fragmented governance and distributed decision rights—creates challenges in integrating and scaling technology initiatives. To address this, organizations must realign structures to support the CIO as an enterprise integrator, fostering earlier involvement in decisions, cross-functional alignment, and clear trade-offs to ensure successful digital transformation.

https://www.cio.com/article/4168923/the-360-degree-cio-is-here-most-operating-models-have-not-caught-up.html

20 Leaders Who Built the CISO Era: 2 Decades of Change

By CIO / Blog / CISO, leadership

Dark Reading's 20th anniversary special coverage highlights 20 influential figures who shaped the CISO era over the past two decades, showing how cybersecurity evolved from a technical function to a critical business and national security role. The retrospective features pioneers like Steve Katz, the first CISO, and notable figures such as Dan Kaminsky, who uncovered the Great DNS Vulnerability, Marcus Hutchins, the hero who stopped WannaCry ransomware, and Troy Hunt, creator of the Have I Been Pwned? breach database, illustrating their diverse impacts in law, policy, threat intelligence, cybercrime, and device security.

https://www.darkreading.com/cybersecurity-operations/20-leaders-ciso-era-2-decades-change

Software Bill of Materials for AI – Minimum Elements

By CIO / Blog / AI, risk management, cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) outlines the minimum elements for a Software Bill of Materials (SBOM) specific to AI systems to enhance transparency and security. These elements include detailed information about the components, versions, and relationships within AI software to help identify vulnerabilities and manage risks effectively. This approach aims to improve trust and security in AI technologies by providing comprehensive visibility into their software components.

https://www.cisa.gov/resources-tools/resources/software-bill-materials-ai-minimum-elements

Risk Management Is Key in This Unpredictable Environment

By CIO / Blog / risk management, strategy

Marco Saalfrank, head of merchant trading at Axpo, emphasizes the critical importance of risk management amid the current volatile energy markets shaped by geopolitical crises and global events. Axpo leverages its diversified presence across commodities and geographies to provide tailored risk management solutions, helping clients navigate uncertainty through customized hedging and flexible energy sourcing, while actively engaging in the energy transition through investments in renewables, low-carbon fuels, and innovative technologies.

https://www.risk.net/awards/7963498/risk-management-is-key-in-this-unpredictable-environment

Shadow AI Now Needs a Bill of Materials

By CIO / Blog / risk management, security controls, cybersecurity, AI

Enterprises are adopting AI Bills of Materials (AI-BOMs) to manage the complexity of Shadow AI, including tracking AI models, datasets, prompts, agents, identities, and cloud infrastructure, beyond traditional software components. Companies like Cisco, Wiz, and Palo Alto Networks are developing tools to create detailed, machine-readable inventories of AI assets to improve security, governance, model provenance, and compliance with emerging regulations such as the EU AI Act.

https://techinformed.com/shadow-ai-now-needs-a-bill-of-materials/

Your Operating Model Is the Real Legacy System

By CIO / Blog / technology, leadership

The article argues that in many organizations, operational inefficiencies stem not from outdated technology but from legacy operating models that hinder decision-making and coordination. Even with modernized tech stacks, fragmented authority, risk assessments, and funding structures slow down progress, causing modernization efforts to underdeliver because the organizational decision systems remain misaligned with current business needs.

https://www.cio.com/article/4168935/your-operating-model-is-the-real-legacy-system.html