With the widespread adoption of AI/large language models across sectors & geographies, there has been a recent shift in the regulatory environment due to the perceived threats to personal data/privacy; exacerbated by the current geopolitical climate.
Other changes within the cyber domain manifested themselves prior to the, as well as the Crowdstrike global outage that has changed mindsets across different cyber domains & within organisations.
Organisational aspects now have a greater level of importance attached, with the ISO27001:2022 & NIST CSF V2 being prime examples. These now have training, data governance/stewardship as a key focus within cyber risk controls.
With 2 fundamental approaches to cyber security/risk management; top-down & bottom-up, the introduction of emergent technologies has created the need to encompass the new regulatory & standards requisites for all organisations.
By co-incidence, I was invited to write a chapter on the organisational & data flow changes that these 2 facets entail, within the newly released book entitled “Volume V Cybersecurity Risk Management” published by de Gruyter.
My contribution is entitled “Hierarchical considerations in cyber risk assessments: Strategic versus operational prioritization in managing current and emergent threats”.
Working with IT personnel from some national brand entities at the end of last year & into this created a realisation that traditional organisational structures & lines of communication, data provision for strategic cyber threat controls were no longer appropriate.
Some large-scale organisations have reformulated their hierarchies & governance in light of the step-change impact of AI/LLM’s, which I have included in this current work.
https://www.degruyter.com/document/doi/10.1515/9783111289069-002/html
