Information Security Recommendations for Organisational AI Usage: A qualitative study exploring the adaptation of existing information security best practices for organisations utilizing AI systems

Povlakic, Mehmed; Bylund, Carl; Bang Melbye, Oskar Aleksander

Information Security Recommendations for Organisational AI Usage: A qualitative study exploring the adaptation of existing information security best practices for organisations utilizing AI systems

Mark

Povlakic, Mehmed ^LU ; Bylund, Carl ^LU and Bang Melbye, Oskar Aleksander ^LU (2025) SYSK16 20251
Department of Informatics

Abstract: As artificial intelligence (AI) becomes increasingly embedded in organisational operations, it
introduces not only efficiency but also unique information security challenges. Traditional security practices cover common threats, however, the lack of transparency in AI output and the
possibility of novel attacks such as data poisoning and phishing attacks show that these systems are poorly equipped to ensure information security. The individual domains of AI and
information security are both well-researched while their intersection is less explored, especially in practical situations. This study aims to investigate how internal information security
practices evolve following the increased use of AI in organisations and how already... (More); As artificial intelligence (AI) becomes increasingly embedded in organisational operations, it
introduces not only efficiency but also unique information security challenges. Traditional security practices cover common threats, however, the lack of transparency in AI output and the
possibility of novel attacks such as data poisoning and phishing attacks show that these systems are poorly equipped to ensure information security. The individual domains of AI and
information security are both well-researched while their intersection is less explored, especially in practical situations. This study aims to investigate how internal information security
practices evolve following the increased use of AI in organisations and how already established best practices overlap with the increased need of information security to address this.
Recommendations which organisations can follow to protect their information with regards to
AI usage are presented. Research was conducted through interviews of individuals operating
in IT landscapes and through literature review of well-established standards and best practices
in information security. Through the focus on technical aspects rather than regulatory developments, the study contributes to the limited knowledge on securing AI usage in organisations. The findings showcase the expanded need for employee training connected to AI usage and the benefits of using localized AI systems rather than relying on them externally. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9200715

author

Povlakic, Mehmed ^LU ; Bylund, Carl ^LU and Bang Melbye, Oskar Aleksander ^LU

supervisor

Markus Lahtinen ^LU

organization

Department of Informatics

course

SYSK16 20251

year

2025

type

M2 - Bachelor Degree

subject

Business and Economics

keywords

Information security, AI, Best Practices, Policies, Recommendations

language

English

id

9200715

date added to LUP

2025-06-17 08:33:46

date last changed

2025-06-17 08:33:46

@misc{9200715,
  abstract     = {{As artificial intelligence (AI) becomes increasingly embedded in organisational operations, it
introduces not only efficiency but also unique information security challenges. Traditional security practices cover common threats, however, the lack of transparency in AI output and the
possibility of novel attacks such as data poisoning and phishing attacks show that these systems are poorly equipped to ensure information security. The individual domains of AI and
information security are both well-researched while their intersection is less explored, especially in practical situations. This study aims to investigate how internal information security
practices evolve following the increased use of AI in organisations and how already established best practices overlap with the increased need of information security to address this.
Recommendations which organisations can follow to protect their information with regards to
AI usage are presented. Research was conducted through interviews of individuals operating
in IT landscapes and through literature review of well-established standards and best practices
in information security. Through the focus on technical aspects rather than regulatory developments, the study contributes to the limited knowledge on securing AI usage in organisations. The findings showcase the expanded need for employee training connected to AI usage and the benefits of using localized AI systems rather than relying on them externally.}},
  author       = {{Povlakic, Mehmed and Bylund, Carl and Bang Melbye, Oskar Aleksander}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Information Security Recommendations for Organisational AI Usage: A qualitative study exploring the adaptation of existing information security best practices for organisations utilizing AI systems}},
  year         = {{2025}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Information Security Recommendations for Organisational AI Usage: A qualitative study exploring the adaptation of existing information security best practices for organisations utilizing AI systems