Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 20 Topic 3 Discussion
AAISM Exam Topic 3 Question 20 Discussion:
Question #: 20
Topic #: 3
An organization has discovered that employees have started regularly utilizing open-source generative AI without formal guidance. Which of the following should be the CISO’s GREATEST concern?
The greatest immediate risk from unsanctioned use of public or open-source generative AI tools is data leakage—employees may paste confidential or regulated information into third-party systems, resulting in loss of confidentiality, regulatory exposure, and loss of intellectual property. AAISM emphasizes that when AI use occurs outside approved channels, the top control priority is preventing exfiltration of sensitive data via prompts, attachments, and context sharing. Monitoring and policy are necessary enablers, but leakage is the highest-impact failure mode in the short term; hallucinations primarily affect accuracy, not confidentiality.
[References:• AI Security Management™ (AAISM) Body of Knowledge: Generative AI governance; human-in-the-loop risks; data loss and exfiltration vectors in prompts; sanctioned vs. unsanctioned AI usage.• AI Security Management™ Study Guide: Immediate risk triage for shadow AI; DLP and input-control safeguards; confidentiality-first posture for generative AI adoption., ===========]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit