CIO.works – Page 3

How CIOs Can Course-correct Data Strategies With AI Goals in Mind

CIOs must assess current data practices to improve data strategies aligned with AI goals. Despite a heightened focus, many organizations still lack adequate data management for AI. Experts recommend identifying gaps and engaging leadership to create a strategic path forward. Key issues include ensuring data quality, diversity, and lineage to avoid bias and support effective AI outcomes. Implementing good practices and considering AI's role in data management can help organizations build a robust data foundation essential for AI success.

https://www.ciodive.com/news/AI-ready-data-strategy-CIO-approach-tips/744513/

PCI DSS 4.0.1: a Cybersecurity Blueprint by the Industry, for the Industry

By CIO / Blog / PCI DSS

PCI DSS 4.0.1 enhances cybersecurity through industry collaboration, focusing on “what” to secure rather than “how.” It emphasizes self-regulation within the payment industry, avoiding government-overcomplications. Key updates include expanded MFA requirements, stronger encryption standards, and a cautious approach to integrating AI. While the standard improves security for regulated entities handling card data, it does not enforce user behavior nor guarantee compliance with laws like GDPR. Overall, it offers a valuable framework for organizations to enhance security while maintaining flexibility in implementation methods.

https://www.securityweek.com/pci-dss-4-0-1-a-cybersecurity-blueprint-by-the-industry-for-the-industry/

EU AI Office Publishes Third Draft of EU AI Act-Related General-Purpose AI Code of Practice: Key Copyright Issues

By CIO / Blog / regulation, EU, AI

EU AI Office's third draft of the General-Purpose AI Code of Practice outlines commitments for GPAI model providers regarding copyright compliance under the AI Act, effective August 2025. Key obligations include adhering to training data copyright laws, respecting opt-out requests from content creators, and limiting web crawling practices. The streamlined draft emphasizes transparency and governance measures, with a focus on mitigating copyright infringement risks. Differences in US and EU copyright practices, such as the lack of a “fair use” doctrine, are noted, highlighting the complexities of navigating AI copyright law in Europe. Finalization expected May 2025.

https://www.morganlewis.com/pubs/2025/04/eu-ai-office-publishes-third-draft-of-eu-ai-act-related-general-purpose-ai-code-of-practice-key-copyright-issues

EU’s Community of Practice Publishes Updated AI Model Contractual Clauses

By CIO / Blog / regulation, EU, AI

EU's Community of Practice on AI has released updated non-binding Model Contractual Clauses (MCC-AI) for public procurement of AI systems. Two templates address “high-risk” and “non-high-risk” AI systems, aligned with the EU AI Act. This guidance aims to assist public organizations but may also benefit private companies. Stakeholders are encouraged to report their use of MCC-AI, enhancing AI procurement practices in the public sector.

https://www.insideprivacy.com/artificial-intelligence/eus-community-of-practice-publishes-updated-ai-model-contractual-clauses/

Artificial Intelligence Liability Directive (AILD)

By CIO / A / AI, regulation

AILD: EU legislation on AI accountability; establishes liability rules for AI-related damages; aims to ensure safety and trust in AI technologies while fostering innovation.

Data Privacy Framework (DPF)

By CIO / D / GDPR, data protection

DPF: structure for protecting personal data, ensuring compliance, industry standards, fostering trust, mitigating risks, enhancing data security, and enabling safe data transfers.

Strengthening Email Ecosystem: Outlook’s New Requirements for High‐Volume Senders

By CIO / Blog / DNS, email, Microsoft

Outlook introduces stricter email authentication standards for domains sending over 5,000 emails daily, requiring SPF, DKIM, and DMARC compliance to enhance inbox security and reduce spoofing and spam. Non-compliance will lead to messages being routed to Junk and eventually rejected. Organizations are advised to audit their DNS records and implement transparent mailing practices. Enforcement begins in May 2025. These measures aim to protect users and improve deliverability for legitimate senders, encouraging industry-wide best practices.

https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/strengthening-email-ecosystem-outlook’s-new-requirements-for-high‐volume-senders/4399730

Urgent Need for Resilient Industrial Cybersecurity Professionals to Defend ICS/OT Systems From Rising Cyber Attacks

By CIO / Blog / operational technology, cybersecurity

Demand for resilient industrial cybersecurity experts is rising due to increased cyber threats against ICS/OT systems. Specialized knowledge is crucial, encompassing technical skills in network security, risk assessment, and incident response. Essential certifications include GICSP and CISSP. Career paths vary, requiring awareness of legacy systems and operational protocols. Professionals must engage in continuous learning and mentorship to stay updated on evolving threats. Networking and participation in industry conferences enhance career growth in this critical sector, supporting the defense of vital infrastructure against cyber attacks.

https://industrialcyber.co/features/urgent-need-for-resilient-industrial-cybersecurity-professionals-to-defend-ics-ot-systems-from-rising-cyber-attacks/

Key Cybersecurity Challenges In 2025—Trends And Observations

By CIO / Blog / trends, cybersecurity

In 2025, cybersecurity faces significant challenges amid rising threats like AI-driven attacks, ransomware, healthcare breaches, and DDoS attacks. Despite advanced technologies, organizations remain vulnerable, with a notable rise in cyber incidents. AI agents present both advantages and risks; while they can enhance threat detection, they also facilitate advanced cyberattacks. Additionally, quantum computing poses a potential risk to existing encryption methods. Escalating data breaches particularly challenge the healthcare sector. A comprehensive cybersecurity strategy is essential to protect sensitive data across industries.

https://www.forbes.com/sites/chuckbrooks/2025/04/05/key-cybersecurity-challenges-in-2025-trends-and-observations/

Data in the Balance: Political Influence on EU-U.S. Data Transfers

By CIO / Blog / business objectives, GDPR, data protection

EU-U.S. Data Privacy Framework (DPF) faces uncertainties due to political changes and actions like Trump’s Executive Order affecting oversight agencies. Over 2,800 U.S. firms rely on DPF for GDPR compliance; any invalidation would halt data transfers, forcing reliance on alternative mechanisms. Organizations must monitor regulatory shifts to avoid penalties and ensure compliance.

https://ogletree.com/insights-resources/blog-posts/data-in-the-balance-political-influence-on-eu-u-s-data-transfers/