CISOs are discovering themselves extra concerned in AI groups, typically main the cross-functional effort and AI technique. However there aren’t many assets to information them on what their function ought to appear like or what they need to convey to those conferences.
We have pulled collectively a framework for security leaders to assist push AI groups and committees additional of their AI adoption—offering them with the required visibility and guardrails to succeed. Meet the CLEAR framework.
If security groups wish to play a pivotal function of their group’s AI journey, they need to undertake the 5 steps of CLEAR to point out rapid worth to AI committees and management:
- C – Create an AI asset stock
- L – Be taught what customers are doing
- E – Implement your AI coverage
- A – Apply AI use instances
- R – Reuse current frameworks
If you happen to’re in search of an answer to assist make the most of GenAI securely, try Harmonic Safety.
Alright, let’s break down the CLEAR framework.
Create an AI Asset Stock
A foundational requirement throughout regulatory and best-practice frameworks—together with the EU AI Act, ISO 42001, and NIST AI RMF—is sustaining an AI asset stock.
Regardless of its significance, organizations battle with guide, unsustainable strategies of monitoring AI instruments.
Safety groups can take six key approaches to enhance AI asset visibility:
- Procurement-Primarily based Monitoring – Efficient for monitoring new AI acquisitions however fails to detect AI options added to current instruments.
- Guide Log Gathering – Analyzing community site visitors and logs may help determine AI-related exercise, although it falls quick for SaaS-based AI.
- Cloud Safety and DLP – Options like CASB and Netskope supply some visibility, however implementing insurance policies stays a problem.
- Identification and OAuth – Reviewing entry logs from suppliers like Okta or Entra may help monitor AI software utilization.
- Extending Present Inventories – Classifying AI instruments primarily based on danger ensures alignment with enterprise governance, however adoption strikes rapidly.
- Specialised Tooling – Steady monitoring instruments detect AI utilization, together with private and free accounts, guaranteeing complete oversight. Consists of the likes of Harmonic Safety.
Be taught: Shift to Proactive Identification of AI Use Instances
Safety groups ought to proactively determine AI purposes that staff are utilizing as an alternative of blocking them outright—customers will discover workarounds in any other case.
By monitoring why staff flip to AI instruments, security leaders can suggest safer, compliant alternate options that align with organizational insurance policies. This perception is invaluable in AI workforce discussions.
Second, as soon as you know the way staff are utilizing AI, you can provide higher coaching. These coaching applications are going to grow to be more and more vital amid the rollout of the EU AI Act, which mandates that organizations present AI literacy applications:
“Suppliers and deployers of AI methods shall take measures to make sure, to their greatest extent, a adequate stage of AI literacy of their employees and different individuals coping with the operation and use of AI methods…”
Implement an AI Coverage
Most organizations have applied AI insurance policies, but enforcement stays a problem. Many organizations choose to easily concern AI insurance policies and hope staff comply with the steering. Whereas this method avoids friction, it offers little enforcement or visibility, leaving organizations uncovered to potential security and compliance dangers.
Sometimes, security groups take one among two approaches:
- Safe Browser Controls – Some organizations route AI site visitors via a safe browser to watch and handle utilization. This method covers most generative AI site visitors however has drawbacks—it typically restricts copy-paste performance, driving customers to different gadgets or browsers to bypass controls.
- DLP or CASB Options – Others leverage current Data Loss Prevention (DLP) or Cloud Entry Safety Dealer (CASB) investments to implement AI insurance policies. These options may help monitor and regulate AI software utilization, however conventional regex-based strategies typically generate extreme noise. Moreover, website categorization databases used for blocking are steadily outdated, resulting in inconsistent enforcement.
Putting the best steadiness between management and value is vital to profitable AI coverage enforcement.
And for those who need assistance constructing a GenAI coverage, try our free generator: GenAI Utilization Coverage Generator.
Apply AI Use Instances for Safety
Most of this dialogue is about securing AI, however let’s not neglect that the AI workforce additionally desires to listen to about cool, impactful AI use instances throughout the enterprise. What higher option to present you care in regards to the AI journey than to really implement them your self?
AI use instances for security are nonetheless of their infancy, however security groups are already seeing some advantages for detection and response, DLP, and e mail security. Documenting these and bringing these use instances to AI workforce conferences might be highly effective – particularly referencing KPIs for productiveness and effectivity beneficial properties.
Reuse Present Frameworks
As a substitute of reinventing governance constructions, security groups can combine AI oversight into current frameworks like NIST AI RMF and ISO 42001.
A sensible instance is NIST CSF 2.0, which now contains the “Govern” operate, overlaying: Organizational AI danger administration methods Cybersecurity provide chain concerns AI-related roles, duties, and insurance policies Given this expanded scope, NIST CSF 2.0 presents a strong basis for AI security governance.
Take a Main Position in AI Governance for Your Firm
Safety groups have a singular alternative to take a number one function in AI governance by remembering CLEAR:
- Creating AI asset inventories
- Lincomes person behaviors
- Enforcing insurance policies via coaching
- Applying AI use instances for security
- Reusing current frameworks
By following these steps, CISOs can reveal worth to AI groups and play an important function of their group’s AI technique.
To study extra about overcoming GenAI adoption boundaries, try Harmonic Safety.
