|
A Systematic Review of Cybersecurity Governance in the Age of Artificial Intelligence: From Transparency to Resilience
|
Peyman Hajizadeh *1   , Hamed Naderi1 |
| 1- Department of Management, Faculty of Management, Islamic Azad University, South Tehran Branch, Tehran, Iran |
|
|
Abstract: (96 Views) |
primary hindrance to managerial trust. Additionally, the risk of adversarial attacks—where AI models are fooled by perturbed inputs—was identified in 67% of the papers, underscoring the vulnerability of AI models and the need for "robustness" to be treated as a key governance metric.
Building on these insights, this study proposes the "Transparency–Resilience Dual Framework," an integrated conceptual model designed to reconcile AI’s technical potential with governance imperatives. The framework posits that sustainable success in AI cybersecurity requires a positive feedback loop between two complementary dimensions. The first pillar, "Transparency in Governance," directly addresses the trust gap by integrating Explainable AI (XAI) into the 'Govern' and 'Identify' functions of the NIST framework. XAI serves as a governance enabler by providing interpretable rationales for AI decisions, which is essential for auditability, regulatory compliance, and establishing "Managerial Trust." When managers understand why an AI model flags a threat or recommends an action, they can accurately calculate the Return on Security Investment (ROSI) and justify the allocation of resources to advanced defense systems. The second pillar, "Resilience in Operations," addresses the resilience gap by leveraging advanced, autonomous AI techniques—specifically Generative AI and Reinforcement Learning—to optimize the 'Respond' and 'Recover' functions. The framework advocates for using Generative AI to automate time-consuming documentation tasks, such as incident reporting and the dynamic updating of recovery plans, and employing Reinforcement Learning to optimize decision-making during containment. The operational goal is to minimize the Mean Time to Recover (MTTR) and ensure the rapid restoration of services following an incident.
The proposed framework operates as a dynamic cycle: transparent governance secures the necessary budget and trust to invest in resilient operations, while effective operational resilience generates valuable post-incident data that feeds back into the models, continuously improving the system's accuracy and transparency. Theoretically, this study implies that future cybersecurity maturity models must include "Algorithmic Trustworthiness" as a core variable independent of technical performance accuracy. Practically, the study provides a roadmap for Chief Information Security Officers (CISOs) and organizational leaders. It recommends moving beyond fragmented tool adoption to a strategic approach that prioritizes AI solutions offering explainability features. Furthermore, it urges organizations to investigate the use of Generative AI for automating the neglected recovery function. By linking the transparency required for strategic governance with the agility required for tactical operations, organizations can evolve their cybersecurity posture from a reactive stance to a resilient, AI-empowered state, capable of withstanding the complexities of the modern threat landscape. |
|
| Keywords: Cybersecurity, Artificial Intelligence (AI), Explainable AI (XAI), Cybersecurity governance, NIST Cybersecurity Framework (CSF) 2.0 |
|
|
Full-Text [PDF 1449 kb]
(114 Downloads)
|
Type of Study: Review Article |
Subject:
Cryptology and Information Security
Received: 2025/12/22 | Accepted: 2026/01/21 | Published: 2026/03/19
|
|
|
|
|
|
|
| Send email to the article author |
|
|
|
| Add your comments about this article |
|
|
|
