The lecture examines specific steps for integrating AI into existing Security Governance in a corporate environment, during growing popularity of generative AI. In the first step, we will explore the approach from the perspective of the average corporate user: setting internal rules and defining responsibilities, performing awareness campaigns, analyzing existing AI tools and defining recommended ones (including usage rules) and deploying control mechanisms. In the second part, we will cover the approach from the viewpoint of the internal initiative owner aiming to implement AI elements in new or existing systems or processes. We will present the risk assessment process according to the EU AI Act/NIST, including the methodology for applying specific risk factors, defining system implementation requirements and related subsequent processes, while briefly touching on specific technical requirements. The outcome will be ready to use practical advice to help participants effectively manage the increasing demands for AI implementation in their own environment.

Martin Markovič (CISSP) graduated from the Faculty of Electrical Engineering at the University of Žilina (field of Telecommunications). During his studies and a subsequent one-year internship in the USA, he worked in IT support for end users, where he also handled security incidents and mitigated their impact, which motivated him to specialize in this area. He then joined LYNX, where he performed risk analyses, proposed measures and implemented solutions for the encryption of sensitive data. Since 2009, he has been working at Slovak Telekom, where he built a security monitoring system for access to sensitive data across company systems, coordinated GDPR compliance including related IT system changes, and managed the implementation of security requirements within an international Deutsche Telekom Group project. In recent years, he has been leading the agile transformation of corporate security and specializes in AI governance in line with EU AI Act/ISO/NIST.