risk management – CIO.works

How CISOs Can Manage Sovereign-Cloud Security Risks

By CIO / Blog / cloud, cybersecurity, risk management

As geopolitical tensions increase, CISOs managing sovereign-cloud security risks must carefully assess both the security of cloud providers and the security controls implemented within the cloud. Alternative regional cloud providers often lack the robust governance, resilience, and security features of major hyperscale providers, requiring CISOs to enforce clear workload placement strategies, rigorous control assessments, and legal compliance to balance sovereignty requirements without compromising long-term security and resilience.

https://www.cybersecuritydive.com/news/how-cisos-can-manage-sovereign-cloud-security-risks/821323/

Cybersecurity Without Clarity: Why Most Organizations Stay Reactive

By CIO / Blog / cybersecurity, risk management, strategy

Despite increased investments in cybersecurity tools, many organizations remain reactive due to a lack of clarity in ownership, governance, and operational discipline. Cybersecurity requires clear accountability, business alignment, and leadership involvement to move from constant problem response to proactive risk management and long-term security maturity.

https://nationalcioreview.com/articles-insights/cybersecurity-without-clarity-why-most-organizations-stay-reactive/

NSA Launches Zero Trust Implementation Guidelines Resource Webpage

By CIO / Blog / risk management, cybersecurity, compliance, security controls

The National Security Agency (NSA) has launched a new resource webpage providing guidelines for implementing Zero Trust architecture. This initiative aims to assist organizations in enhancing their cybersecurity posture by adopting Zero Trust principles more effectively.

https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4496862/nsa-launches-zero-trust-implementation-guidelines-resource-webpage/

CIOs Need Control Before AI Gains Accountability

By CIO / Blog / risk management, strategy, AI

CIOs are increasingly held accountable by boards for AI outcomes despite lacking authority over AI model selection, deployment, and monitoring within their organizations. To establish true governance, CIOs need control over pre-deployment evidence gates—comprising documented specifications, evaluation records, signed deployment decisions, and monitoring plans—that ensure accountability and oversight before AI systems reach production. Without such controls and veto rights, CIOs face responsibility without the necessary authority to manage AI risks effectively.

https://www.informationweek.com/machine-learning-ai/cios-need-control-before-ai-gains-accountability

Nobody Pushed Back: Why Engineers Stay Silent Until It’s Too Late

By CIO / Blog / risk management, communication, software development, culture

The article explains that major engineering failures often occur not because of a lack of knowledge but because engineers stay silent when they foresee problems, as speaking up is socially or professionally costly. Cases from Nokia, TSB, Boeing, and Microsoft illustrate how technical risks were known internally but suppressed due to company culture, fear of backlash, and a prioritization of “alignment” over genuine dissent, leading to disastrous outcomes. The piece emphasizes the need for organizational environments that encourage safe and constructive pushback to prevent such failures.

https://howtocenterdiv.com/beyond-the-div/nobody-pushed-back

Linux Foundation Report Finds Greatest Obstacle for AI Adoption and Innovation Is a Security Readiness Crisis

By CIO / Blog / AI, report, risk management

The Linux Foundation's 2026 State of Tech Talent Report identifies a security readiness crisis as the greatest obstacle to AI adoption and innovation, with security and privacy concerns rising sharply from 17% in 2024 to 48% in 2026. Despite these challenges and a significant capacity gap in AI security and risk management reported by 57% of organizations, AI is driving technical job growth and organizations are prioritizing upskilling existing employees to bridge talent gaps, yielding substantial business benefits over hiring new staff.

https://www.linuxfoundation.org/press/linux-foundation-report-finds-greatest-obstacle-for-ai-adoption-and-innovation-is-a-security-readiness-crisis

From Capabilities to Responsibilities

By CIO / Blog / risk management, AI, AI agent

The article “From Capabilities to Responsibilities” by Artur Huk argues that in high-stakes AI agent systems—those that can affect finance, healthcare, or critical infrastructure—designing agents around explicit responsibilities rather than just capabilities is essential for governance and safety. It proposes a Responsibility-Oriented Agent (ROA) architecture where strict, code-enforced contracts define what an AI agent is authorized to do, separating intent generation from execution and enabling scalable, deterministic validation that escalates only true exceptions to humans, thus avoiding operational bottlenecks inherent in human-in-the-loop models.

https://www.oreilly.com/radar/from-capabilities-to-responsibilities/

Software Bill of Materials for AI – Minimum Elements

By CIO / Blog / risk management, AI, cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) outlines the minimum elements for a Software Bill of Materials (SBOM) specific to AI systems to enhance transparency and security. These elements include detailed information about the components, versions, and relationships within AI software to help identify vulnerabilities and manage risks effectively. This approach aims to improve trust and security in AI technologies by providing comprehensive visibility into their software components.

https://www.cisa.gov/resources-tools/resources/software-bill-materials-ai-minimum-elements

Risk Management Is Key in This Unpredictable Environment

By CIO / Blog / strategy, risk management

Marco Saalfrank, head of merchant trading at Axpo, emphasizes the critical importance of risk management amid the current volatile energy markets shaped by geopolitical crises and global events. Axpo leverages its diversified presence across commodities and geographies to provide tailored risk management solutions, helping clients navigate uncertainty through customized hedging and flexible energy sourcing, while actively engaging in the energy transition through investments in renewables, low-carbon fuels, and innovative technologies.

https://www.risk.net/awards/7963498/risk-management-is-key-in-this-unpredictable-environment

Shadow AI Now Needs a Bill of Materials

By CIO / Blog / risk management, AI, cybersecurity, security controls

Enterprises are adopting AI Bills of Materials (AI-BOMs) to manage the complexity of Shadow AI, including tracking AI models, datasets, prompts, agents, identities, and cloud infrastructure, beyond traditional software components. Companies like Cisco, Wiz, and Palo Alto Networks are developing tools to create detailed, machine-readable inventories of AI assets to improve security, governance, model provenance, and compliance with emerging regulations such as the EU AI Act.

https://techinformed.com/shadow-ai-now-needs-a-bill-of-materials/