Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 12 Topic 2 Discussion
AAIA Exam Topic 2 Question 12 Discussion:
Question #: 12
Topic #: 2
An IS auditor is evaluating an organization's incident management program to ensure it is sufficiently prepared to manage AI-related incidents. Which of the following is MOST important for the auditor to validate?
A.
The program mandates retraining AI systems after incidents are investigated.
B.
The program uses past AI-related incidents and resolutions to categorize current incidents.
C.
The program includes processes to respond to AI model drift and data integrity attacks.
D.
The program prioritizes incidents based on alignment with industry leading practices.
AI-related incidents often differ significantly from traditional IT incidents due to their dependence on data, model behavior, and algorithm performance. According to the AAIA™ Study Guide, incident management programs must include capabilities specifically tailored to AI, such as detecting and mitigating model drift and safeguarding against data poisoning or integrity attacks.
“AI incident response frameworks must account for issues unique to machine learning, including model drift, adversarial inputs, and data integrity breaches. An effective program incorporates detection, response, and recovery mechanisms for these AI-specific threats.”
While options A and B contribute to improving incident response over time, and option D suggests best-practice alignment, only option C directly addresses active response capabilities for high-risk, real-time AI vulnerabilities.
[Reference: ISACA Advanced in AI Audit™ (AAIA™) Study Guide, Section: “AI Governance and Risk Management,” Subsection: “Incident and Risk Management in AI Contexts”, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit