imadethisup.org Retain →
RESEARCH · 2026-06-15

AI governance from the security chair: what the CISO owns

When an organization adopts AI, governance does not arrive on its own. It lands on someone's desk — and increasingly that desk belongs to the security leader. Here is the remit, drawn from the frameworks now in force.

~ 8 min read · RESEARCH BUSINESS

AI stopped being an experiment some time ago. It now sits inside identity workflows, alert triage, fraud scoring, and automated response — the exact systems a security organization runs every day. Once a model can shape a consequential decision, the question is no longer whether it is clever but whether it is governed: who authorized it, what it is allowed to do, how its behavior is measured, and who answers for it when it goes wrong. That question rarely has a clean owner. In practice it gravitates to the Chief Information Security Officer, because the CISO already owns the muscle memory — risk registers, control frameworks, incident response, and a standing reporting line to the board.

The good news is that the security chair does not have to invent the discipline. Three reference points now define the field, and they are mutually reinforcing: a voluntary U.S. framework, an international management-system standard, and a binding European statute. Read together, they say the same thing in three dialects — AI governance is an operational program, not a one-time compliance attestation.

The three texts that define the remit

The most useful place to start is the NIST AI Risk Management Framework (AI RMF 1.0), published in January 2023. It is voluntary, sector-neutral, and organized around four functions a CISO will find familiar: Govern, Map, Measure, and Manage.[1] Govern establishes accountability and policy; Map sets context and identifies risk for a specific system; Measure analyzes and monitors that risk with quantitative and qualitative methods; Manage allocates resources to treat it. The framework also names the properties of a trustworthy system — accountable and transparent, explainable and interpretable, privacy-enhanced, secure and resilient, and fair with harmful bias managed.[1] In July 2024 NIST extended the framework with a Generative AI Profile (NIST-AI-600-1), which enumerates twelve risk categories unique to or amplified by generative models — among them confabulation, data privacy, information security, and, squarely relevant here, information integrity.[2]

The second text is ISO/IEC 42001:2023, the world's first AI management-system standard, published in December 2023. Where NIST gives you a vocabulary and a set of functions, ISO 42001 gives you a certifiable management system — requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System, including AI risk assessment and AI impact assessment across the lifecycle.[3] For a CISO who has already lived through ISO/IEC 27001, the architecture is immediately legible: policy, objectives, controls, audit, improvement.

The third is the only one with teeth. The EU AI Act (Regulation (EU) 2024/1689) takes a risk-based approach and imposes hard technical obligations on high-risk systems. Article 12 requires that high-risk AI systems be built to automatically record events — logs — over their lifetime, so that situations presenting risk can be identified and operation can be monitored after deployment.[4] Article 26 then obliges deployers to retain those automatically generated logs for at least six months.[4] Traceability, in other words, is no longer a nice-to-have; for in-scope systems it is the law, and full enforcement of the high-risk regime arrives in August 2026.

THE GOVERNANCE STACK — security chair Board reporting risk posture · material incidents · oversight cadence Accountability layer named owners across vendor · builder · deployer · operator Control layer logging & retention · access · TEVV evaluation · provenance Risk-framework base NIST AI RMF · ISO/IEC 42001 · EU AI Act 2024/1689 GOVERN MAP MEASURE MANAGE AI RMF risk → control → accountability → report
FIG. 1 — The governance stack the security chair owns. Each layer rests on the one below; the NIST AI RMF functions run the full height.

Controls: logging, evaluation, and provenance

The control layer is where governance stops being a memo and becomes engineering. Three control families matter most for a security leader.

The first is traceability. Explainability and event logging are not academic luxuries; they are the prerequisite for forensic readiness when an AI system has touched an access decision, an investigation, or an incident-response action. NIST treats interpretability as part of risk management, and the EU AI Act makes lifetime logging a technical requirement for high-risk systems.[1][4] If your model influenced who got in and who got locked out, you will eventually need to reconstruct why — and you cannot reconstruct what you never recorded.

The second is test, evaluation, verification, and validation (TEVV). Governance depends on the ability to measure system behavior against stated objectives and constraints, and to keep measuring. NIST's companion Playbook frames this as continuous: monitoring for drift, emergent behavior, and shifts in deployment context, rather than a single pre-launch checkbox.[5] A model that was fair and accurate at deployment can decay quietly; the control is the cadence, not the launch gate.

The third is secure-by-design hygiene applied to the model itself. The joint guidance from CISA and the UK's NCSC, released in November 2023 and co-sealed by agencies across more than a dozen countries, organizes security around four lifecycle phases — secure design, secure development, secure deployment, and secure operation and maintenance — and treats AI systems as carrying novel vulnerabilities that sit alongside conventional cyber threats.[6] For the CISO, the practical translation is that the remit expands from protecting data to protecting the integrity of automated logic.

Accountability: refuse the diffusion

The hardest governance problem is not technical. It is that responsibility dissolves. An AI capability is rarely built in one place — a vendor trains the model, an integrator wires it in, a business unit deploys it, an operator runs it. When something goes wrong, each party can point at the next. Automation does not erase responsibility; it concentrates it inside organizational process, which means someone has to be named.[1] The security chair's job is to make the accountability map explicit before an incident, not after: who approved the use case, who owns the controls, who signs the risk acceptance, and who is accountable to the board. ISO/IEC 42001 gives this a home as a documented management responsibility; NIST's Govern function gives it a name.[1][3]

The synthetic-media line item

Deepfakes belong on the AI risk register, and the security chair owns them twice over. As a threat, synthetic voice and video now drive business-email-compromise and executive-impersonation fraud — a fabricated CFO on a video call authorizing a wire is a security incident, not a curiosity. As a governance matter, generative systems the organization itself deploys can produce convincing but false content; NIST's Generative AI Profile lists information integrity as a named risk category for exactly this reason.[2] The defenses are the ones the security program already understands: out-of-band verification for high-value transactions, provenance and content-authenticity signals on media the organization produces, and detection tuned for impersonation. See /war-room for the incident-side playbook.

Board reporting: the part that is now mandatory

For public companies, board-level reporting on this risk is no longer discretionary. The SEC's cybersecurity disclosure rules, adopted in July 2023, require disclosure of material cybersecurity incidents on Form 8-K (Item 1.05) within four business days of a materiality determination, and — through Item 106 of Regulation S-K — annual disclosure of how the company assesses, identifies, and manages material cyber risk, including the board's oversight role.[7] An AI failure that compromises security, or a deepfake-driven fraud, can be a material cybersecurity incident. The reporting line a CISO already maintains to the board is therefore the same channel through which AI risk now flows, and the disclosure clock is short.

The throughline across all of this is unglamorous and durable. Build governance now — frameworks at the base, controls in the middle, named accountability above them, board visibility at the top — and you reduce reactive remediation later. The security chair did not ask for AI governance, but it fits the chair better than any other in the building. The job is to treat it the way security has always treated risk: documented, measured, owned, and reported.

Sources

  1. [1]
    National Institute of Standards and Technology. “Artificial Intelligence Risk Management Framework (AI RMF 1.0).” NIST AI 100-1, Jan. 2023 (Govern/Map/Measure/Manage; trustworthiness characteristics).nist.gov
  2. [2]
    National Institute of Standards and Technology. “AI RMF: Generative Artificial Intelligence Profile.” NIST-AI-600-1, July 2024 (twelve GAI risk categories, incl. information integrity).nist.gov
  3. [3]
    ISO/IEC 42001:2023, “Information technology — Artificial intelligence — Management system” (world's first AI management-system standard; AIMS requirements).iso.org
  4. [4]
    Regulation (EU) 2024/1689 (Artificial Intelligence Act), Art. 12 (record-keeping / lifetime logging) and Art. 26(6) (six-month log retention by deployers).eur-lex.europa.eu
  5. [5]
    National Institute of Standards and Technology. “NIST AI RMF Playbook” (voluntary suggested actions; continuous measurement and monitoring for drift).nist.gov
  6. [6]
    Cybersecurity and Infrastructure Security Agency & UK National Cyber Security Centre. “Guidelines for Secure AI System Development.” 26 Nov. 2023 (secure design / development / deployment / operation).cisa.gov
  7. [7]
    U.S. Securities and Exchange Commission. “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” (final rules adopted 26 July 2023; Form 8-K Item 1.05, Reg. S-K Item 106).sec.gov
More

Govern the risk before it governs you.