Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 14 Topic 2 Discussion
AAISM Exam Topic 2 Question 14 Discussion:
Question #: 14
Topic #: 2
An AI system that supports critical processes has deviated from expected performance and is producing biased outcomes. Which of the following is the BEST course of action?
A.
Retrain the model with a new and expanded dataset
B.
Perform a root cause analysis to identify mitigation steps
AAISM directs that when harmful or biased behavior is observed in a production AI system, the organization should enter a formal incident/variance handling workflow that begins with root cause analysis (RCA) to identify the source of deviation (data drift, concept drift, feature leakage, pipeline changes, control failures) and determine proportionate risk treatments. Immediate retraining (Option A) without RCA risks reinforcing the same bias; audits (Option C) are key activities within RCA rather than the action that frames the response; a kill switch (Option D) is reserved for conditions where risk exceeds the defined tolerances and immediate harm prevention is required.
[References: AI Security Management™ (AAISM) Body of Knowledge — Incident Response & Post-Incident Improvement; Model Risk Treatment & Drift Management; Bias Detection and Remediation Governance., ===========]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit