This thesis develops a comprehensive security framework for enterprise generative AI (GenAI) systems, addressing the critical gap between rapid AI adoption and adequate security measures in organizational environments. Traditional cybersecurity approaches prove inadequate against AI-specific threats such as prompt injection, model extraction, and training data poisoning. This research establishes the unique security challenges posed by AI systems, which function simultaneously as offensive tools, defensive tools, and vulnerable targets requiring specialized protection approaches. The core contribution is a quantitative risk mitigation framework that provides a list of structured controls for GenAI security across 3 main dimensions (Lifecycle Stage, Control Scope and Deployment Model) introducing an innovative architectural filtering mechanism that ensures control applicability across diverse deployment scenarios, recognizing that security responsibilities vary significantly between different GenAI implementation approaches.